Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
444
Views
5
Helpful
2
Replies

ASA 5525 APPLICATIONS STILL ON THE INTERNET WHICH HAS CREATED POLICY SELECTED

NguyenNgocBa
Level 1
Level 1

‎11-28-2018 08:23 PM - edited ‎03-08-2019 04:42 PM

I have a problem that I am a network layer to the internet but in the network layer there are computers that are banned to the internet completely, i have created nat so that the whole network can go out to the internet, i specify network the banned machines, i Create a rule that specifies that the machine only goes to a web address of my company and I create a rule below to block all paths other than to visit the site, it runs but some holes are the applicaton like viber can still use umbrellas though i create additional rule insertion block in the middle.

1.PNG2.PNG

Labels:
0 Helpful
2 Replies 2

Dennis Mink
VIP Alumni
VIP Alumni

‎11-28-2018 09:13 PM

more info please in your screen shots exactly what needs to be blocked from going to the internet ( that vlan90?).  if so just dont source nat (keep original) and destination nat all destinations to the one website.

Please remember to rate useful posts, by clicking on the stars below.

NguyenNgocBa
Level 1
Level 1
In response to Dennis Mink

‎11-29-2018 12:55 AM - edited ‎11-29-2018 01:21 AM

This is my policy table
My model is I configured on the FMC asa (Vmware) routing table network layer as pictured with the peplink device and at the same time configuring nat (i tried removing nat) but apparently the application like viber, outlook still works Even though there are internet policy rules

11.PNG2.PNG13.PNG14.PNG15.PNG17.PNG

It seems that the deny policy of the asa firewall still has holes in the application department when I have tried quite a few ways but the application can still go out the internet but while the website was blocked

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card