Cisco Firewall :: ASA 5510 - Webfilter Using Regular Expression?

Oct 2, 2012

I have a ASA 5510, it does webfilter using regular expression. [URL]
 
I block ".facebook.com" and it was successfull. But somehow other users is using https to access to FB. how do i filter HTTPS?

View 5 Replies


ADVERTISEMENT

Cisco Firewall :: ASA 5510 - NAT Regular Translation Creation

Dec 4, 2012

I am having an issue with a specific server that is not reachable from other sub nets. Every other device on the same sub net as the server is reachable via the other sub nets. This server is special because it's NAT'd to an external IP address and has several site-to-site VPN's set up. The firewall is a Cisco ASA 5510.
 
This is the error I see on the ASA syslog when I try to ping the server from another sub net: 3 Dec 05 2012 10:58:49  10.0.15.101 regular translation creation failed for icmp src inside:10.0.20.8 dst inside:10.0.15.101 (type 0, code 0)          
 
The problem server is on sub net 10.0.20.0/24 and the server IP address is 10.0.20.8. Every device on the 10.0.20.0/24 sub net can hit the server, but devices on other sub nets cannot. For instance, a device on 10.0.15.0/24 cannot reach 10.0.20.8, but can reach other devices on 10.0.20.0/24.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 / URL Paths And Regular Expressions In ASDM?

Apr 2, 2012

I've recently switched to an ASA 5510 on 8.4(3) coming from a Checkpoint NGX platform (let's say fairly quickly and without much warning ). I have a couple questions and they're kind of similar so I'll post them up. I've read docs about regex and creating them both via command line and ASDM, but the examples always seem to include info I don't need or honestly something I don't understand yet (mainly related to defining classinspect maps). If someone could provide a simple example of how to do these in ASDM that would be useful in understanding how regular expressions are properly configured. So here we go.

I know this is basic but I need to make sure I understand this properly - I have a single web server (so this won't be a global policy) where I need to allow access to a specific URL pathfile and that's it. So we'll call it est estfile.doc. Any other access to any other path should be dropped. What's the best way to do this in ASDM (6.4)? I think if I saw a basic example for this I could figure out next few questions but I'll post them as well just in case.

I have another single public web server (again this won't be a global policy) where I'd like to specify blocking file types, like .php, .exe., etc... again a basic example would be great.

Lastly, and this is kind of related, but we have a single office/domain and sometimes we get spam from forged addresses appearing to be from our domain. On Checkpoint I used to use its built-in SMTP security server and could define if it received mail from *@mydomain.com to drop it because we would never receive mail externally from our own domain name. I saw something similar with ESMTP in ASDM and it looks kind of like how you set up the URL access mentioned above. Can I configure this in ASDM as well, and if so how?

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Block Certain Websites (URLs) Using Regular Expressions

Jan 31, 2011

i have cisco asa 5510 as firewall, i was trying to block some site using the link provided below
 
[URL]
 
and its working fine, but the problem i am having, when i go to download attachment from hotmail its not downloading, from gmail and other mails its

View 13 Replies View Related

Cisco Firewall :: 5510 Block URLs Using Regular Expressions For Some Clients

Oct 20, 2012

i use ASA 5510 and i want to block some urls :

-192.168.2.70 to 79 allow every thing
-192.168.2.80  to 89 : block facebook , myspace, twiter,
-192.168.2.90  to 99 : block facebook , myspace, twiter,  youtube , dailymotion
-192.168.2.100 to 199 deny everting

View 1 Replies View Related

Cisco Firewall :: Regular Dynamic PAT Statements In ASA 8.3?

Feb 19, 2012

have 2 inside networks:
 
object network INSIDE_10.6
subnet 10.6.0.0 255.255.0.0 
object network INSIDE_192.168
subnet 192.168.0.0 255.255.255.0
 
I grouped these 2 into 1 object-group:
 
object-group network INSIDE
network-object object INSIDE_10.6
network-object object INSIDE_192.168
  
Public IP address used for PAT:
 
object network PAT
host 152.x.x.x
 
I used the following statement to create Dynamic PAT to public IP address:
 
object network INSIDE_10.6
nat (any,any) dynamic PAT
object network INSIDE_192.168
nat (any,any) dynamic PAT   
 
Is that correct? Also I'm using one public address to PAT both inside networks. Is there any dvantage of using 2 different ones, so each inside network would be PAT to its own address?

View 1 Replies View Related

Cisco Firewall :: Pix 525 Configuration - Regular Or Redundant Interface

Feb 14, 2012

I am configuring a pix 525,i just found out how to activate the subinterface on it so that's good,the box has a primary unit and secondary unit, both are connected from G0 to redundant switches,if i do a show failover, it says it's using the serial based lan failover, which is fine by me,however, do i need to create a single, regular interface.. or a redundant interface?,i.e. if i create a regular subinterface, will failover still apply to this interface?,or for failover to work, do i need to create a redundant interface (with a redundant id)? i do not seem to have the option to create a subinterface when adding a redundant interface.

View 7 Replies View Related

Cisco Firewall :: ASA5520 Use Management Interface As Regular

Oct 16, 2011

i have a Cisco ASA 5520 8.4(1) with a ASA 5520 VPN Plus license
 
i want to use the management interface as a regular interface (using the no management-only command)is this interface a Gig interface as well ?

View 1 Replies View Related

Cisco Firewall :: ASA 5505 - Regular Translation Creation Failed For Protocol 47 SRC

Oct 10, 2011

We have a PIX with 3 interfaces. Inside, Outside,DMZ.
 
On my DMZ we have some clients that come in and remotely connect back to there office via MSPPTP. I setup the ASA with this to get rid of the error message: regular translation creation failed for protocol 47 src
   
policy-map global-policy
inspection_default
inspect pptp
 
Now when the dmz client tries to connect back to there PPTP server I get the following error.
 
172.31.10.204 0 24.172.85.162 37624 Teardown dynamic GRE translation from dmz:172.31.10.204/0 to outside:24.172.85.162/37624 duration 0:01:30
172.31.10.204 1069 173.188.74.155 1723 Deny TCP (no connection) from 172.31.10.204/1069 to 173.188.74.155/1723 flags PSH ACK  on interface dmz
172.31.10.204  173.188.74.155 63767 Teardown GRE connection 8393958 from dmz:172.31.10.204 to outside:173.188.74.155/63767 duration 0:01:08 bytes [ code]...

View 7 Replies View Related

Cisco Wireless :: Aironet 1142 And Webfilter Configuration

Jul 17, 2012

I have an Aironet 1142 access point.
 
Is it possible to direct it to a webfilter hardware firewall for internet access. For example the IP of the firewall with webfiltering capabilties would be 192.168.0.1
 
We are hoping to provide customer wifi web access but need to filter what they can access.

View 2 Replies View Related

D-Link DIR-655 :: Webfilter Fails After Updating To 1.35NA?

Jan 19, 2011

I've been using the web filter with no problem with my A3/1.33NA router until I upgraded to 1.35 last week. After the upgrade, i did a hard reset and re-entered the websites manually from scratch to the DENY list. I didn't even reuse the saved config file. And now the router no longer blocks any of the websites in the webfilter page even when i selected the ALLOW option.

View 14 Replies View Related

Cisco Firewall :: ASA 5505 / Block Website With Regular Expressions Affecting All Internet?

Dec 27, 2011

We have an ASA 5505 and I want to block www.facebook.com for all users on the inside network.  I followed the instructions laid out in Cisco support document ID 100513 using regular expressions with MPF but am running into some problems.
 
[URL]
 
Once the configuration has been changed based on these instruction www.facebook.com is blocked.  However I can't access any other websites except my Google News home page comes up just fine for some reason. 

ASA Version 7.2(3)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password 4nJloDG8uYd8w4D3 encrypted
names
!
interface Vlan1

[code]....

View 18 Replies View Related

Cisco Firewall :: ASA5520 / How To Use Network Object NAT To Perform Regular Dynamic PAT And Identity NAT

Jun 19, 2011

this is ASA5520 associate with 8.4(1). very simple scenario , three ports: inside . outside . DMZ my problem is how to use network object NAT to perform Regular Dynamic PAT and Identity NAT.

for example, this is my configuration

**** first i configured Regular Dynamic PAT****
 
object network myinside
subnet 10.200.11.0 255.255.255.0
nat (inside,outside) dynamic interface 
**** then , i met problem when i want to make identity NAT between inside and DMZ****
**** if i add below CLI , the first nat line will be replaced ****
**** SO IF I ADD THIS****

[code]......

View 4 Replies View Related

Cisco :: Difference Between DWDM / CWDM And Regular SFP

Sep 9, 2011

What is the difference between DWDM/CWDM and "regular" SFP's? By "regular" I mean Rx and Tx are fixed to specific wavelength. As I have understood, at least Rx of WDM SFP's accepts a range of wavelengths

View 2 Replies View Related

Cisco WAN :: G703 - Signaling To Regular RJ45

Aug 29, 2011

We have a customer in a country where the local telecom hands out the data E1 link in a G703 interface with two coaxial cables (Tx & Rx) out of a Watson/Schmidt Telecom SHDSL modem.
 
We need a way to convert the G703 cables and signaling to a regular RJ45 so that we can connect it to the customer firewall which has regular gigabit Ethernet connections. Some have suggested a 1941 with a serial and gigabit cards. We just need a affordable solution for this and the configuration.

View 3 Replies View Related

Cannot Connect To A Regular Wireless Router

Jul 28, 2011

I use my laptop in Italy most of the time on a wireless router that uses a PPPoE connection. Once I'd got my head around setting that up it works fine.However since I've come back to the UK today I now cannot connect to a regular wireless router, its just not 'seeing it'. I have used this connection in the UK before without problems and the setting are all still saved from my last trip back but it doesnt show up when I try to connect.Is this something to do with the laptop being set up on the PPPoE connection in Italy? Ive deleted the PPPoE connection but that hasnt made a difference

View 3 Replies View Related

Cisco :: Regular Translation Creation Failed For ICMP Only

Apr 23, 2012

I'm connected to my remote access vpn and am getting the below error, wierd thing i only get this error for ICMP, i can browse data on our network retrieve files etc, but pings fail for some reason

NAT-T is enabled

NAT rules are in place

ICMP is not blocked as can ping elsewhere

Where to being looking as to why only ICMP fails?

View 2 Replies View Related

Regular Packet Loss On Wireless Network?

Apr 6, 2012

I am connecting to a Wireless network, through a ZyXel ZyAIR G-4100v2 router. My problem is that I am experiencing very regular packet loss every minute or so. This lasts for around 5-10 seconds on average. I am running XP with the latest service pack. So far, I have checked out;Wireless Zero Config scanning of new stations (disabled that feature).Xirrus network scan (signal is fine and consistent). I am not suffering from any degredation in signal, the problem seems to be that the router is simply not allowing anything through at regular intervals.

View 1 Replies View Related

AAA/Identity/Nac :: ACS5.3 Command Set Regular Expressions

Jul 9, 2012

I am trying to secure changes to switches using ACS 5.3 and allowing our technicians to only change the vlan for user ports on the switches.  How can I use regular expressions to filter out the 1/1/# ports so that those ports cannot be accessed in config mode?  If I allow the following, it allows access to all interfaces with 'gi' in them.

View 1 Replies View Related

Cisco Wireless :: 4400 Client Keeps Disconnecting On Regular Intervals

May 29, 2012

We are running  WLAN using WPA2-enterprise with AES & IAS server.Mostly we are using AP's 1131 and Cisco WLC 4400.I added on a new location 2 AP 1142G and since the installation I got 3-4 clients having regular disconnections.Basically they are connected immediately to the infrastructure but after a certain amount of time the Win7 icon is having this yellow exclamation sign, and we can see that the connectivity is gone (however the IP settings seems to be still in place, but ping or network browsing is not possible).Stopping the WLAN and starting it again solve immediately the issue (via software or via the notebook switch). Normally the problem doesn't resolve by itself.
 
I was working beside the laptop having the problem with (my own laptop) during the person got 3 disconnections, mine was running like a charm.We have 85% of the people there working errors free.Checked the 1142 AP for any logs or errors, interfaces status etc...Checked the switches behind, interfaces seems running smoothlyChecked IAS / WLC / WCS for any logs that can indicate an issueCompared WLAN adapter settings of the faulty laptop with mine, discovered some differences and adapted it.Compare the WLAN SSID config in Win7 with mine and adapted the slighty differences found.Used WCS troubleshooting client tool.What I will do again :Verify if the persons having the issue have the same laptop modelVerify settings in the BIOS Verify WLAN adapter driver versionVerify BIOS versionUse WCS troubleshooting client tool on my own laptop at this place.

View 1 Replies View Related

Cisco VPN :: ASA 5505 / Regular Translation Creation Failed For Icmp

Mar 15, 2011

I have site-to-site VPN and IPsec VPN installed on ASA 5505. VPNs work OK except few stranges:I can't ping 192.168.17.104 from remote ip 192.168.17.138 - 305006 192.168.17.138 regular translation creation failed for icmp src OLD-Private:192.168.17.104 dst OLD-Private:192.168.17.138 (type 0, code 0) in the same time I able to ping 192.168.17.104 from my network 192.168.10.0 and can ping from ASA No firewall at 192.168.17.104?How to fix it?
 
There is my config:
 
ASA Version 8.2(2)
!hostname ASA5505domain-name domainenable password password  encryptedpasswd password  encryptednames!interface Vlan1 description INTERNET mac-address 0000.0000.0001 nameif WAN security-level 0 ip address a.a.a.a 255.255.255.248 standby a1.a1.a1.a1 ospf cost 10!interface Vlan2 description OLD-PRIVATE mac-address 0000.0000.0102 nameif OLD-Private security-level 100 ip address 192.168.17.2 255.255.255.0 standby 192.168.17.3 ospf cost 10!interface Vlan6 description MANAGEMENT mac-address 0000.0000.0106 nameif Management security-level 100 ip address 192.168.1.2 255.255.255.0 standby 192.168.1.3 ospf cost 10!interface Vlan100 description LAN Failover Interface!interface Ethernet0/0!interface Ethernet0/1 shutdown!interface Ethernet0/2 shutdown!interface Ethernet0/3 shutdown!interface Ethernet0/4 shutdown!interface

[code]....

View 10 Replies View Related

Cisco :: 2504 Wireless Controller / Regular Packets Drops

Feb 17, 2013

I have deployed a cisco 2504 wireless controller along with four (04) lightweight access points (1041N) in four floors respectivly. The clients connect to the AP which is deployed in the lowest floor have regular timeouts/packet drops. Further this particular ap operates at channel 11 and it has around 11-13 rough access points in the same area and operates in channels such as 1,3,6,9,11. The DCA (dynamic channel allocation) is set to auto in the WLC. Further each ap has maximum of 07 -10 clients at any given time and I have changed this particular ap and checked still the result is same hence there is nothing wrong with the ap.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Users Unable To Access Internet Through Firewall

Feb 26, 2013

I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
 
HQ-ASA-01# show  running-config
: Saved
:

[Code]......

View 9 Replies View Related

Cisco Firewall :: ASA 5510 / Multiple VLANs Behind Single Firewall Segment?

Feb 5, 2012

I need to create a firewalled segment that not only separates hosts from general population, but also from each other.  The solitary confinement of firewalled segments.I know that I could create a bunch of sub-interfaces, one for each host or group that needs to be isolated, but I'd really rather not have to do that if possible.  1) It could become a management nightmare between ACLs and sub-interfaces and 2) it's a waste of IP addresses.s there any way that I can create a bunch of separate VLANs behind the firewall and have them all terminate at the firewall, using a single firewall IP address for the gateway?
 
VLAN 1 - hosts 1.1.1.5 and 1.1.1.6VLAN 2 - hosts 1.1.1.7
Firewall DMZ Interface - 1.1.1.1VLAN 3 - hosts 1.1.1.8 and 1.1.1.9 

This way, the hosts are isolated and can't talk to each other unless they're on the same VLAN.I'm working with an ASA 5510 running 8.2.4(4).

View 1 Replies View Related

Cisco Firewall :: ASA 5510 / Enabling Firewall To Send Logging Information?

Jun 22, 2011

I have a ASA 5510 firewall with CSC module and Security Plus license for CSC module.Will you tell me how to configure my firewall to send emails to particular mail ID when someone login into the firewall or any virus attacks from outside.

View 6 Replies View Related

Cisco Firewall :: IOS Firewall Versus ASA (5505 / 5510) For Smaller Clients (less Than 50)?

Apr 24, 2012

We were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510.  One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover.  I have configured a number of isr's for this and i know it works good. 

View 1 Replies View Related

Routers / Switches :: DSL Light Is Blinking At Regular Interval?

Sep 18, 2011

my DSL light is blinking at evening around 6:30 evening every day.

View 1 Replies View Related

D-Link DIR-655 :: Horrible Connection Quality And Regular Disconnects

May 18, 2012

I tried multiple times to register a username here and no matter what I chose I would only get "An Error Has Occurred" when I submit the info. I've tried this over several days and keep getting the same dead end. So, I went to bugmenot.com and I'm using a generic username that was given there in order to post this. So...there's that...   

Starter info... I'm running Hardware Rev A4 of the DIR-655 on the 1.33NA firmware. I never upgraded past that firmware because of all the horror stories I'd read about new firmware here. Up until lately it's been fairly stable. The issues I refer to SEEM to coincide with my recent installation of Apple TV hardware on my wireless network, though I can't confirm. It's never been great with this router, so that could be coincidental. On my network I have a hardwired Mac Mini, wireless Macbook Pro, a hardwired D-Link DNS-321 NAS box, Apple TV, Logitech Revue, iPad, iPod Touch, iPhone and occasionally one each of a Samsung and LG Bluray player (only when they're powered up, which is rarely). I'm also using a wireless repeater in the middle of my house because the DIR-655 doesn't yield a very usable signal in my master bedroom, which is on the opposite side of the house as the router.

With all that being said... I have had terrible issues being able to keep a steady connection wirelessly with this router as of late. Streaming Youtube videos will stop after a few seconds, loading websites will just stop responding all together, and I can't even keep a connection to stream music from my Mac Mini to my phone or AppleTV using Home Sharing in iTunes. I'll get a few seconds of a song and it will just drop out completely. It's been extremely annoying and I'm ready to take a hammer to this router, to be honest.

I've checked my logs and there were all kinds of FIN:ACK, PSH:ACK and SYN:ACK TCP packets that are being blocked. I noticed many of them were coming from Apple IP addresses, so I assume that the AppleTV had a lot to do with those. I actually used the Inbound Filter settings to allow requests from a whole block of Apple IP's, which seems to have settled log items from them down a lot. There are still quite a few that seem to be coming from Google IP addresses (I presume the Logitech Revue since it uses the Google TV interface?), but the Google IP's are too random to go allowing a large block. [code]

I have Advanced DNS disabled. All Traffic Shaping and QoS boxes are checked to enable. Comcast is my cable internet provider. I've noticed that my WAN Connection Up Time is often a fairly low number like the connection to the cable modem drops out frequently.

View 8 Replies View Related

Cisco Firewall :: Open A Port In ASA 5510 Firewall Using ASDM?

Oct 20, 2012

I would just like to to open UDP port 123 in the ASA 5510 Firewall so that our Primary Domain Controller could use this port to sync time with an external time source. We have already added an access rule for this port under the firewall configuration in ASDM 6.4 and this port was also allowed in the inbound and outbound rule of the PDC's Firewall but it seems that it was still blocked.

View 23 Replies View Related

Cisco Firewall :: Is ASA 5510 Firewall Required Any Subscription Or License

Nov 15, 2012

I am quite new to firewall, in my company one asa 5510 firewall is there.I configured inside, outside, dns, dhcp and nating.I need to config bandwidth limit (1Mbps) for inside port and I restruct like facebook, youtube and pornsites..And I heard that some subscription is required, really is it required?

View 1 Replies View Related

Cisco Firewall :: 5510 - Cannot Connect To ASA With ASDM Or SSH - Firewall Running Ok

May 21, 2013

I have an ASA 5510 in a live environment. Up til a short while ago I could access this via the ASDM and ssh. However I can no longer connect to it via eithier. When I access It via SSH I get a disclaimer saying the following
 
*** You have entered a restricted zone! Authorized access only!!! Disconnect immediately if you are not authorized user! ***
 
It then cuts me off.
  
When I try to access the ASDM I get the following
 
The firewall is running all its services without a problem and I can ping the device without any issues. Also none of the config (to my knpowledge has been changed). I set up a console session and http server enable is still there with
 
http 192.168.200.0 255.255.255.0 inside

View 4 Replies View Related

Cisco Firewall :: 5510 Major Flaw In Identity Firewall?

Nov 21, 2011

I have just configured identity firewall on our ASA 5510.I have 3 nodes that authenticates against Active Directory, using the Windows Server 2008 R2 builtin Network Policy Server: A laptop, a stationary PC, and a Android Phone. All 3 nodes are authenticated using the same user/password.
 
Now, in ASDM -> Monitoring -> Properties -> Identity -> Users, I can see two of the nodes with my user name attached to it, namely the laptop and the stationary PC.But not the Android phone.
 
Then it dawned on me. To set up the ADAgent properly, you have to apply 2 group policy entries. Unfortunately, those 2 entries are applied to the Computer Configuraton part of the Group Policy.This means that your COMPUTER has to be a member of your domain for USER IDENTITY to work.So my Android phone and other nodes not a member of the AD Machine Store will never be detected by identity rules, and can roam the network free.

View 2 Replies View Related

Cisco Firewall :: 5510 - Transparent Firewall Installation Using ASA Version 8.4(3)9

May 14, 2012

I'm trying to install an ASA 5510 transparent firewall using ASA version 8.4(3)9 but I don't understand how traffic will ever pass through my firewall if both interfaces are on the same sub net(V lan) as the host and it's default gateway? The reason I'm doing this is were installing UAG (or Direct Access) and the UAG appliance need to have public IP's but still be behind a firewall (see attached diagram).
 
Looking at the documentation (which all seems to be for 5505's running 8.2) it almost seems like i need to have the transparent firewall 'in-line' to the ISP router?, but this router services another IP address range on another v lan for other (routed) firewalls (not shown on diagram) so putting it 'in-line' is not possible. Surely this can't be the case can it? If not how is it supposed to be cabled up and configured so packets go through the firewall?

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved