Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
522
Views
0
Helpful
2
Replies

ASA Content Security

larsdominic
Level 1
Level 1

‎11-08-2006 11:38 PM - edited ‎02-21-2020 01:17 AM

Hay there,

I setup a ASA FW with Trend Micro Content Security. When I add an URL to the block list I can still open it from the PCs which use the ASA as the gateway?! What did I forget?

Lars

0 Helpful
2 Replies 2

s.jankowski
Level 4
Level 4

‎11-14-2006 02:08 PM

The access list configured for URL coookies is not working.

The URL filtering features presented in this chapter allow the Content Engine to control client access to websites in any of the following ways:

Deny access to URLs specified in a list.

Permit access only to URLs specified in a list.

Direct traffic to a N2H2 server for filtering.

Direct traffic to a Websense enterprise server for filtering

http://www.cisco.com/en/US/products/sw/conntsw/ps491/products_configuration_guide_chapter09186a008008123b.html#98891

0 Helpful

gbudd12345
Level 1
Level 1
In response to s.jankowski

‎11-14-2006 03:24 PM

CSC-SSM modules use service policies to redirect traffic to the module for processing.

Here is an example of what I do...

The inside_mpc is matching only inside traffic destined for web, ftp, pop3 and smtp.

The outside_mpc is matching traffic going to the internal servers (using the outside public addresses) matching pop3 and smtp.

Then, I build inside and outside classes matching traffic off of the ACL and sending it to the CSC module with the csc fail-open or csc fail-close command.

I hope this helps.

--Gavin Budd

access-list inside_mpc extended permit tcp 10.0.0.0 255.0.0.0 any eq pop3

access-list inside_mpc extended permit tcp 10.0.0.0 255.0.0.0 any eq www

access-list inside_mpc extended permit tcp 10.0.0.0 255.0.0.0 any eq ftp

access-list inside_mpc extended permit tcp 10.0.0.0 255.0.0.0 any eq https

access-list inside_mpc extended permit tcp 10.0.0.0 255.0.0.0 any eq smtp

access-list outside_mpc extended permit tcp any x.x.25.0 255.255.255.0 eq pop3

access-list outside_mpc extended permit tcp any x.x.25.0 255.255.255.0 eq smtp

!

!

class-map inside-class

match access-list inside_mpc

class-map outside-class

match access-list outside_mpc

!

!

policy-map outside-policy

class outside-class

csc fail-open

policy-map inside-policy

class inside-class

csc fail-open

!

service-policy outside-policy interface outside

service-policy inside-policy interface inside

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card