Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
259
Views
0
Helpful
1
Replies

URL Filtering

ashish.saxena1
Level 1
Level 1

‎12-22-2015 05:22 AM - edited ‎03-12-2019 12:04 AM

Hi team

I have cisco ASA 5525, and I want to block social networking sites and youtube for some IP's. e.g. I want to block facebook.com and youtube.com for 10.0.0.1 20.0.0.1 (please consider these ip's are running in my LAN network ), can anyone suggest me how can i perform this configuration over ASA ??

 

Labels:
0 Helpful
1 Reply 1

chris noon
Level 1
Level 1

‎12-22-2015 06:20 AM

As long as you are using ASA version 8.4 or above this can be quite easy, reference the below article:

https://supportforums.cisco.com/document/66011/using-hostnames-dns-access-lists-configuration-steps-caveats-and-troubleshooting

In short:

Configure the DNS:

domain-name cisco.com
!
dns domain-lookup inside 
dns server-group DefaultDNS 
 name-server 192.168.1.200 
 domain-name cisco.com

Configure an object group referencing a FQDN (URL):

object network obj-hr88.cisco.com
  fqdn hr88.cisco.com

Configure an ACL:

access-list inside_in deny ip any object obj-hr88.cisco.com
access-list inside_in permit ip any any

Add the ACL to an interface.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card