Re: How to block website Cisco ASA using MPF?

Jameel Ahmed · ‎10-01-2018

Hi everyone,

our firewall is currently on code 8.2. i want to know how to block a specific website using MPF and dropping dns query.

i am able to block it for whole inside network but not for a specific ip address or group of ips.

here is the code i am using.

name 192.168.66.25 dummy-user
access-list dummy-user-rl extended permit ip any host dummy-user
access-list dummy-user-rl extended permit ip host dummy-user any
global (outisde) 17 201.xxx.yyy.zzz
nat (inside) 17 dummy-user 255.255.255.255
!
regex domain_netflix.com "\.netflix\.com"
!
class-map dummy-user-rl
match access-list dummy-user-rl
!
class-map type inspect dns match-all cm-dbl
description Blocked Domains
match domain-name regex domain_netflix.com
!
policy-map type inspect dns dns-inspect-pm
parameters
message-length maximum 512
match domain-name regex domain_netflix.com
class cm-dbl
drop log
!
policy-map global_policy
class dummy-user-rl
police input 4000000 12375
police output 4000000 12375
inspect dns dns-inspect-pm
!
service-policy global_policy global

balaji.bandi · ‎10-01-2018

So you looking only specific IP to block this URL is this correct,

If so please refer below document, should be help for you to resolve.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100513-ASARegexp.html#req

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Jameel Ahmed · ‎10-02-2018

The link you shared is about OS version >=8.3. i am using version 8.2.

Marius Gunnerud · ‎10-02-2018

Try the following:

regex block-netflix.com "netflix\.com"

class-map type regex match-any DOMAIN-BLOCK

match regex block-netflix.com

policy-map type inspect dns dns-inspect-pm

match domain-name regex class DOMAIN-BLOCK

drop-connection log

policy-map global_policy
class dummy-user-rl
police input 4000000 12375
police output 4000000 12375
inspect dns dns-inspect-pm

service-policy global_policy global

--
Please remember to select a correct answer and rate helpful posts