cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
497
Views
0
Helpful
4
Replies

Prohibit traffic for particular users ASA5505

Patrick Werner
Level 1
Level 1

Hi Community.

I've read following guide how to use MPF and Regex.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

What my question is how should the ASA know which user is now surfing in the web. Does the IE or Mozilla sends the usercredentials in the webstream ? How can the ASA extract from the HTTP traffic which user is now surfing.

Is MPF and Regex really working to prohibit traffic for particular users?

I dont think so, the only solution in my opinion is to use a proxy server.

Thanks guys and kind regards

1 Accepted Solution

Accepted Solutions

Hello Patrick,

No, you will be filtering or denying traffic based on the source IP address.

So that's how the ASA will filter the traffic, based on the source IP address and the respective MPF configuration.

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

4 Replies 4

Shaoqin Li
Level 3
Level 3

is it vpn user?

Sent from Cisco Technical Support iPhone App

Patrick Werner
Level 1
Level 1

No direct connected to the inside interface.

Sent from Cisco Technical Support iPhone App

Hello Patrick,

No, you will be filtering or denying traffic based on the source IP address.

So that's how the ASA will filter the traffic, based on the source IP address and the respective MPF configuration.

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

n_schloemer
Level 1
Level 1

Hi Patrick,

I think you answered your question from the start.  ASA's can do deep HTTP inspection by inspecting MIME types and looking for REGEX strings.  However, like you pointed out, unless that string specifically has the user credentials or you can implement a REGEX to pull a consistent string your not going to be able to proxy your user traffic.

I have implemented HTTP Inspect Policy-Maps to restrict access to specific sites and I implemented the REGEX syntax to pull the URL strings.  I have only implemented on very rare occasions in the event the client didn't have a proxy and specific comprimise was communicating to a site or entity that had multiple Layer 3 destinations.

thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Review Cisco Networking products for a $25 gift card