I have an configuration of ASA 5510:

ASA5510# show run

: Saved

:

ASA Version 8.3(1)

!

hostname ASA5510

domain-name lohoi.local

enable password *************l encrypted

passwd ****************** encrypted

names

!

interface Ethernet0/0

description Connect_to_Modem

nameif outside

security-level 0

ip address 10.10.10.2 255.255.255.0

!

interface Ethernet0/1

description Connect_to_Router2911

nameif inside

security-level 100

ip address 172.16.10.2 255.255.255.240

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ether

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

description Management

nameif management

security-level 100

ip address 192.168.10.1 255.255.255.0

!

regex urlngoisao ".*\.([Ee][Xx][Ee]|[Cc][Oo][Mm]|[Bb][Aa][Tt]) HTTP/1.[01]"

regex urlzing ".*\.([Ee][Xx][Ee]|[Cc][Oo][Mm]|[Bb][Aa][Tt]) HTTP/1.[01]"

regex urlfacebook ".*\.([Ee][Xx][Ee]|[Cc][Oo][Mm]|[Bb][Aa][Tt]) HTTP/1.[01]"

regex youtube "\.youtube\.com"

regex faceboo ".*facebook\.com"

regex urlyoutube ".*\.([Pp][Ii][Ff]|[Vv][Bb][Ss

regex ngoisao "\.ngoisao\.net"

regex zing "\.zing\.vn"

regex contenttype "Content-Type"

regex applicationheader "application/.*"

ftp mode passive

clock timezone ICT 7

dns server-group DefaultDNS

domain-name lohoi.local

object network obj-any

subnet 0.0.0.0 0.0.0.0

object network GroupDenyweb

range 192.168.10.26 192.168.10.254

description han che try

object network facebook

host 173.252.110.27

object-group service 8080 tcp

port-object eq 8080

access-list 101 extended permit icmp any any

access-list 101 extended permit icmp any any echo-reply

access-list 101 extended permit tcp any any

access-list inside_mpc extended permit tcp object GroupDenyweb any eq www

access-list inside_mpc extended permit tcp object GroupDenyweb any object-group

8080

pager lines 24

logging enable

logging asdm informational

mtu outside 1500

mtu inside 1500

mtu management 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-631.bin

asdm history enable

arp timeout 14400

!

object network obj-any

nat (inside,outside) dynamic interface

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 10.10.10.1 1

route inside 192.168.18.1 255.255.255.224 172.16.10.1 1

route inside 192.168.10.0 255.255.255.0 172.16.10.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

http server enable

http 192.168.10.0 255.255.255.0 management

http authentication-certificate inside

http authentication-certificate management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldst

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto ca server

shutdown

telnet timeout 5

ssh 192.168.10.0 255.255.255.0 inside

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics host

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

username admin password ********** encrypted privilege 1

!

class-map type regex match-any Domainblocklist

match regex faceboo

match regex youtube

match regex zing

match regex ngoisao

class-map type inspect http match-all BlockDomainsClass

match request header host regex class Domainblocklist

class-map type regex match-any Urlblocklist

match regex urlfacebook

match regex urlyoutube

match regex urlzing

class-map type inspect http match-all asdm_medium_security_methods

match not request method head

match not request method post

match not request method get

class-map inspection_default

match default-inspection-traffic

class-map type inspect http match-all AppHeaderClass

match response header regex contenttype regex applicationheader

class-map httptraffic

match access-list inside_mpc

class-map type inspect http match-all BlockURLsClass

match request uri regex class Urlblocklist

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum client auto

message-length maximum 512

policy-map type inspect http http_inspection_policy

parameters

protocol-violation action drop-connection

match request method connect

drop-connection log

class AppHeaderClass

drop-connection log

class BlockURLsClass

reset log

class BlockDomainsClass

reset log

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect ip-options

inspect ip-options

policy-map inside-policy

class httptraffic

inspect http http_inspection_policy

!

service-policy global_policy global

service-policy inside-policy interface inside

prompt hostname context

call-home

profile CiscoTAC-1

no active

destination address http

CEService

destination address email

destination transport-method http

subscribe-to-alert-group diagnostic

subscribe-to-alert-group environment

subscribe-to-alert-group inventory periodic monthly

subscribe-to-alert-group configuration periodic monthly

subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:4b78471cda2bbc5949a3cd80d4ede082

: end

ASA5510#

When i configure to block websites it's ok, but websites unblock to access very slowly, sometime i can't access. My company has 50 users, all most them can't access unblock sites. How can i configure it better?