Solved: Re: regex and grouping questions - Page 4

Carlomd · ‎11-15-2013

Hi all, I have a 5510 in route mode, when I add a regex to block 2 sites, it somehow blocks all sites, when I remove it it's back to normal, here's the regex code along with my other nat setting that gives inside users outside access. Thanks in advanced.

(regex entry to block sites)

regex domain1 "\.yahoo\.com"

regex domain2 "\.google\.com"

!

class-map type regex match-any domain-list

match regex domain1

match regex domain2

!

class-map web

match port tcp eq www

!

policy-map type inspect http URL

parameters

match not request header host regex class domain-list

drop-connection

!

policy-map global_policy

class web

inspect http URL

(nat outside access)

object network obj-LAN

subnet 0.0.0.0 0.0.0.0

object network obj-LAN

nat (inside,outside) dynamic interface

route outside 0.0.0.0 0.0.0.0 12.54.x.x 1

Carlomd · ‎12-06-2013

Even if it says 8.2 onward

8.2 onwards:

Configuring NAT for both subnets (without nailed option):

nat (inside) 1 192.168.1.0 255.255.255.0

global (inside) 1 interface

static (inside,inside) 172.16.10.0 172.16.10.0 netmask 255.255.255.0

same-security-traffic permit intra-interface

sysopt noproxyarp inside

Marius Gunnerud · ‎12-06-2013

It is quite deceiving, it should say 8.3 and onwards if it is refering to the new way of configuring NAT. The configuration you posted is pre 8.3.

https://supportforums.cisco.com/docs/DOC-9129

--
Please remember to rate and select a correct answer

--
Please remember to select a correct answer and rate helpful posts

Carlomd · ‎12-06-2013

It's working now, I'll open a new thread for my blocking sites questions, thanks for all the help Marius