Hi Sir Kanwal,

When I typed regex there an error "Unrecognized Commannd" is it compatible with my ASA?

So I couldn't continue to the next step.

Also I tried to disable it by its port no. but its not working with Outside int. but when I which to Inside Im experiencing network Issues.

object-group service TeamView tcp

port-object eq 5938

access-list outside_access_in extended deny tcp any any object-group TeamView

thanks

Arvin R.

Hi Arvin,

Please call me just "Kanwal":) Also, i am not very sure if version 7 had regex command. I was hoping it is but on version 9 which is there in lab i see the command is there.

ASA5585-2(config)# regex ?

configure mode commands/options:
  WORD < 129 char  Specify the name of the regular expression

If it is not there in 7, i am not sure what else we can do because we need devices like iron port proxy or websense which can block these kind of apps.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Hi Kanwal,

Sad to say but there is no regex command on my firewall ASA 5510.

I would like to ask if there is an alternative to regex?

I not sure with upgrading because its too complicated one mistake could be a trouble to everyone :))hahaha

thank you

Arvin Robel

Hi Arvin,

Not any that i am aware of other than blocking the server IP's of the teamviewer by creating ACL. But if it resolves to any other IP, it will start working. So not sure of any other way on ASA.

Sorry to be of no further help.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Hi Kanwal,

Noted. 

thank you for you response 

Arvin R.

Hi Arvin,

I do see regex command in there in 7.2, however i cannot see it in 7.0 so you can try and upgrade depending upon your necessity.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa72/command/reference/cmd_ref.html

More about regular expressions:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100513-ASARegexp.html

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Hi Arvin,

The command regex was introduced on Cisco ASA version 7.0(2). Please validate your code.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/I-R/cmdref2/m3.html#pgfId-2118086

Regards,

Tushar Bangia

Note - Please rate post if you find it helpful!!

Hi Tushar,

May I ask how about ASA 7.0 (6) ?

Thanks 

Arvin R.

Hi Arvin,

Apologies, i overlooked the link which i shared with you. The support for regex was introduced on Cisco ASA version 7.2.1.

I would encourage you to migrate to new Cisco ASA release as Cisco ASA 7.0 would be end of life soon.

Please refer below link for confirmation.

EOL:

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/end_of_life_c51-588227.html

Regards,

Tushar Bangia

Note : Please rate post if you find it helpful!!

My Lab ASA also confirm this:

EYPIX-Primary(config)# regex ?

configure mode commands/options:
  WORD < 41 char  Specify the name of the regular expression
EYPIX-Primary(config)# sh ver

Cisco Adaptive Security Appliance Software Version 7.2(4)30
Detected an old ASDM version.
You will need to upgrade it before using ASDM.

Compiled on Wed 18-Mar-09 16:25 by builders
System image file is "disk0:/asa724-30-k8.bin"
Config file at boot was "startup-config"

EYPIX-Primary up 9 mins 45 secs
failover cluster up 9 mins 45 secs

Hardware:   ASA5540, 2048 MB RAM, CPU Pentium 4 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CNlite-MC-Boot-Cisco-1.2
                             SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05
 0: Ext: GigabitEthernet0/0  : address is 5475.d0e3.b3a8, irq 9
 1: Ext: GigabitEthernet0/1  : address is 5475.d0e3.b3a9, irq 9
 2: Ext: GigabitEthernet0/2  : address is 5475.d0e3.b3aa, irq 9
 3: Ext: GigabitEthernet0/3  : address is 5475.d0e3.b3ab, irq 9
 4: Ext: Management0/0       : address is 5475.d0e3.b3a7, irq 11
 5: Int: Not used            : irq 11
 6: Int: Not used            : irq 5

Regards,

Tushar Bangia

Note : Please do rate post in case you find the post helpful!!

Hi Tushar,

I'm using cisco asa 5510, For now its too complicated to update my version.

thanks

Arvin R. 

Hi Arvin,

The alternate in this scenario is to have any external URL filtering service such as Webesense/Iront port or you can avail some cloud based services too such as Z-Scaler etc. 

Regards,

Tushar Bangia

Note: Please do rate post in case you find it helpful!!