Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2118
Views
0
Helpful
4
Replies

URL BLOCKING/ ID AGENT CISCO ASA 5520 CSC-SSM

denon1982
Level 1
Level 1

‎06-13-2012 12:55 AM - edited ‎02-21-2020 04:40 AM

Hello,

We have a Cisco ASA 5520 with the CSC-SSM-10-k9 module.

ASDM Version : 6.4(5)

ASA Version : 8.4(2)

Content security version : 6.6.1125.0 (the last)

The Base and Plus Licences are ok

The traffic is scanned by this rule (In the CSC Setup/Traffic Selection for Scanning section) :

Interface                Source                         Destination                Service

Global                    any                              any                              ftp, http, pop3, smtp

I installed the Trend Micro Id Agent in ou Domain Controler (Windows 2008 R2 64 Bits)

In the web management, the agent communicate well with the CSC-SSM, i can see AD users/Groups.

I want to create profils by groups who are in our AD to block all sites except fews

In the User Id setting section all the DC are configured and login is ok

I created a user profile with the priority 1 who block all (www.*/) except few sites like www.cisco.com/* for example

Http Scanning is enabled

Url blocking and filtering is enabled

The rules are enabled

In the global url blocking, the option "Include user group policy" is checked

The url blocking with user policies works alternately

Nothing wrongs in the log files of ID agent, and the module.

Please can i have some help to make user poilcies works

Thanks by advance

Best regards

0 Helpful
4 Replies 4

denon1982
Level 1
Level 1

‎07-03-2012 11:45 AM

Please any help ???

0 Helpful

rezende.c
Level 1
Level 1
In response to denon1982

‎07-17-2012 07:29 AM

Hi Philippe,

     It can be something on the clients.  Look this links.

    https://supportforums.cisco.com/docs/DOC-12671#IDAgent_issues

   http://www.cisco.com/en/US/docs/security/csc/csc66/administration/guide/csc8.html#wp1148631

att,

Claudio

0 Helpful

denon1982
Level 1
Level 1
In response to rezende.c

‎07-18-2012 12:28 AM

Hi Claudio,

Thanks a lot for your answer,

I checked your links but everything is ok in log messages and firewall.

I still have problems :

- When I block trafic for a Group of users, in the log of CONTENT SECURITY CISCO ASA ASDM i can see the trafic blocking for user1 but it blocks the trafic for user5 why ? the module make mistakes in the LDAP GROUP

- I try only for my user, the blocking url filtering works only a few minutes ... why?

Thanks by advance,

Best regards

0 Helpful

denon1982
Level 1
Level 1
In response to rezende.c

‎07-25-2012 07:27 AM

Hi,

I have another question.

All users log into a rds server under 2008 R2. The users have the same IP adresse (RDS server ip adress)

I read :

User classification cannot separate users that share an IP address. When users have the same IP address, user classification is not supported.

Is it the problem ?

Thanks by advance for an answer

Philippe HYVERNAT

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card