Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
664
Views
0
Helpful
4
Replies

Prohibit traffic for particular users ASA5505

Go to solution
Patrick Werner
Level 1
Level 1

‎09-09-2013 07:58 AM - edited ‎03-11-2019 07:35 PM

Hi Community.

I've read following guide how to use MPF and Regex.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

What my question is how should the ASA know which user is now surfing in the web. Does the IE or Mozilla sends the usercredentials in the webstream ? How can the ASA extract from the HTTP traffic which user is now surfing.

Is MPF and Regex really working to prohibit traffic for particular users?

I dont think so, the only solution in my opinion is to use a proxy server.

Thanks guys and kind regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to Patrick Werner

‎09-09-2013 10:08 AM

Hello Patrick,

No, you will be filtering or denying traffic based on the source IP address.

So that's how the ASA will filter the traffic, based on the source IP address and the respective MPF configuration.

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Shaoqin Li
Level 3
Level 3

‎09-09-2013 08:24 AM

is it vpn user?

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
Patrick Werner
Level 1
Level 1

‎09-09-2013 08:38 AM

No direct connected to the inside interface.

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to Patrick Werner

‎09-09-2013 10:08 AM

Hello Patrick,

No, you will be filtering or denying traffic based on the source IP address.

So that's how the ASA will filter the traffic, based on the source IP address and the respective MPF configuration.

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
n_schloemer
Level 1
Level 1

‎09-10-2013 01:37 PM

Hi Patrick,

I think you answered your question from the start.  ASA's can do deep HTTP inspection by inspecting MIME types and looking for REGEX strings.  However, like you pointed out, unless that string specifically has the user credentials or you can implement a REGEX to pull a consistent string your not going to be able to proxy your user traffic.

I have implemented HTTP Inspect Policy-Maps to restrict access to specific sites and I implemented the REGEX syntax to pull the URL strings.  I have only implemented on very rare occasions in the event the client didn't have a proxy and specific comprimise was communicating to a site or entity that had multiple Layer 3 destinations.

thanks.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card