Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
699
Views
0
Helpful
2
Replies

CSC "tunning"

raga.fusionet
Level 4
Level 4

‎09-22-2011 02:24 PM - edited ‎03-11-2019 02:28 PM

Hi guys,

Is there a way to tune a host from inspected by the ASA CSC URL filtering rules?

For example we are inspecting the 172.16.0.0/16 network, however there is one host that needs to be excluded from the inspection/blocking.

I tried adding "denies" on the csc_out and csc_in ACLs but that didnt seem to do the trick ... it actually looked like it disabled the inspection for the whole network.

Any comments or suggestions are welcome

Thanks!

Raga

Labels:
0 Helpful
2 Replies 2

varrao
Level 10
Level 10

‎09-22-2011 07:13 PM

Hi Luis,

Lets say you are exempting the host 172.16.1.1 from being filtered, then you would need the access-list should be in the same order:

access-list csc_out line1 extended deny ip host 172.16.1.1 any

access-list csc_out line2 extended permit ip  172.16.0.0 255.255.0.0 any

access-list csc_in line1 extended deny ip any host 172.16.1.1

access-list csc_in line2 extended permit  ip any 172.16.0.0 255.255.0.0

and then match these ACL in the class map and apply the class-map in the policy map that you ace created

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

raga.fusionet
Level 4
Level 4
In response to varrao

‎09-28-2011 03:45 PM

Hi Varun, I tried that and from ASDM all I saw was the "172.16.1.1" host. nothing about the /24 network.

Anyways it works, I was just a little concerned about the other traffic not being inspected since it is not reflected on the ASDM.

Thanks!

Raga

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card