cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1066
Views
10
Helpful
8
Replies

Using time-based ACL + Regular Expression to block URLs

amanuelk
Level 1
Level 1

Hello Everyone

I am trying to block websites at a specific time, and for that, I thought of using time-based ACL with regular expression with MPF config. 

Can someone please tell me if I can combine both and achieve my goal? Thanks.

8 Replies 8

You have router or firewall?

Cisco Firewall ASA 5525

what ASA code running: check below the time-based ACL with some limitations:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/firewall/asa-96-firewall-config/access-acls.html#ID-2069-000000e3

I am not sure you can combine both, but if the ACL accept regex then then the same ACL can be used for time based ( never tried but just get you an idea).

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

amanuelk
Level 1
Level 1

Hello @balaji.bandi 

Thank you for your suggestion, but currently, I have ditched using the Cisco Firewall to monitor web filtering staff through ACL. Instead, I will use some other tools, but can I ask you something related to this or should I create a new topic?

I wanted to route traffic from a particular VLAN let's say on network 192.168.22.0 to the default gateway 192.168.18.2 (The tool am using to filter web), I have set 192.168.18.2 as the default-router option for dhcp-pool 22. How do I route those VLAN traffics to the default gateway from my core switch? Thanks

Screenshot from 2022-10-11 08-46-23.png

Most standard method people use WCCP redirection to redirect to Web traffic if the devices support.

if not you can PBR to redirect traffic to different next hop.

 

some example for your understanding :

https://www.cisco.com/c/en/us/support/docs/ip/ip-routed-protocols/47121-pbr-cmds-ce.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

@balaji.bandi Thank you so much for your suggestions, PBR is what I was looking for and didn't know about it. I've tried that and somehow didn't work for me in my scenario, I will share my full net structure which I am trying right now.

drawio.png

no need redirect if Host-CoreSW-GW share same broadcast domain then the Host can go to GW directly.

@MHM Cisco WorldThank you so much for your suggestion, I am trying my best to access like that but I think I am missing something. Can you take look on my network structure that I have posted, Thank you.

Review Cisco Networking for a $25 gift card