cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

445
Views
0
Helpful
3
Replies
Highlighted
Beginner

How to block website Cisco ASA using MPF?

Hi everyone,

 

our firewall is currently on code 8.2. i want to know how to block a specific website using MPF and dropping dns query. 

 

i am able to block it for whole inside network but not for a specific ip address or group of ips. 

 

here is the code i am using. 

 

name 192.168.66.25 dummy-user
access-list dummy-user-rl extended permit ip any host dummy-user
access-list dummy-user-rl extended permit ip host dummy-user any
global (outisde) 17 201.xxx.yyy.zzz
nat (inside) 17 dummy-user 255.255.255.255
!
regex domain_netflix.com "\.netflix\.com"
!
class-map dummy-user-rl
match access-list dummy-user-rl
!
class-map type inspect dns match-all cm-dbl
description Blocked Domains
match domain-name regex domain_netflix.com
!
policy-map type inspect dns dns-inspect-pm
parameters
message-length maximum 512
match domain-name regex domain_netflix.com
class cm-dbl
drop log
!
policy-map global_policy
class dummy-user-rl
police input 4000000 12375
police output 4000000 12375
inspect dns dns-inspect-pm
!
service-policy global_policy global

Everyone's tags (7)
3 REPLIES 3
Highlighted
VIP Mentor

Re: How to block website Cisco ASA using MPF?

So you looking only specific IP to block this URL is this correct, 

 

If so please refer below document, should be help for you to resolve.

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100513-ASARegexp.html#req

 

BB
*** Rate All Helpful Responses ***
Highlighted
Beginner

Re: How to block website Cisco ASA using MPF?

The link you shared is about OS version >=8.3. i am using version 8.2. 

Highlighted
VIP Advisor

Re: How to block website Cisco ASA using MPF?

Try the following:

 

regex block-netflix.com "netflix\.com"

 

class-map type regex match-any DOMAIN-BLOCK

 match regex block-netflix.com

 

policy-map type inspect dns dns-inspect-pm

 match domain-name regex class DOMAIN-BLOCK

   drop-connection log

 

policy-map global_policy 
class dummy-user-rl
police input 4000000 12375
police output 4000000 12375
inspect dns dns-inspect-pm

service-policy global_policy global

 

--
Please remember to select a correct answer and rate helpful posts