Cisco ASA - Answered Questions & Fixed Issues
I want to block social
1. Load your Internet explorer
2. Click Tools
3. Click Internet Options
4. Click the Privacy tab
5. Under the Privacy window, Click Sites
6. Type in the site address that you want to Block and Click OK. Remember this technique only blocks on one site at a time. Parental control software will allow you to block multiple sites and categories.
And in the case of Mozila Firefox you have to download a addon(plugin) called 'Foxfilter' to block certain websites
No power to cisco 5505 ASA
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
From the US, you can call: 1.800.553.2447
From there, Cisco will be able to tell you what your warranty status is by the device's serial number, and can also provide you with a quote if your warranty has expired.
1. I have a ASA
HI,
You shall do the same with MPF. Create a regex filter to identify the types of files you would like to block,
e.g.
1
2
3
4
5
regex archive-type1 ".*\.([Zz][Ii][Pp]'[Tt][Aa][Rr]'[Tt][Gg][Zz]) HTTP/1.[01]"
regex archive-type2 ".*\.([Tt][Aa][Rr].([Gg][Zz]'[Bb][Zz]2)'7[Zz]) HTTP/1.[01]"
regex doc-type1 ".*\.([Dd][Oo][Cc]'[Xx][Ll][Ss]'([Pp]){2}[Tt]) HTTP/1.[01]"
regex doc-type2 ".*\.([Pp][Dd][Ff]'[Oo][Dd][Tt]) HTTP/1.[01]"
regex exe-type1 ".*\.([Ee][Xx][Ee]'[Vv][Bb][Ss]'[Vv][Bb][Aa]) HTTP/1.[01]"
Create regex for Content-Type Application/*
1
2
regex application-header "application/*"
regex content-type "Content-Type"
Classify regex that matches the extension types
class-map type regex match-any ext-types
match regex doc-type1
match regex doc-type2
match regex archive-type2
match regex archive-type1
match regex exe-type1
Capture the http response that contains content-type and application/* header
2
class-map type inspect http match-all http-header-response
match response header regex content-type regex application-header
Capture http request packet that matches the class ext-types
1
2
class-map type inspect http match-all http-request
match request uri regex class ext-types
HTTP is the interesting traffic
1
2
3
4
access-list http-traffic extended permit tcp any any eq www
access-list http-traffic extended permit tcp any any eq 8080
class-map http-traffic-class
match access-list http-traffi
Create policy to prevent download attempt via http request
1
2
3
4
5
6
7
policy-map type inspect http block-http-download
parameters
protocol-violation action drop-connection log
class http-header-response
drop-connection log
class http-request
reset log
Apply policy on the interesting traffic
1
2
3
policy-map inside-http
class http-traffic-class
inspect http block-http-download
Apply the policy onto interface to take effect
1
service-policy inside-http interface inside
Hope this would help.
Activation key
Normal
0
false
false
false
MicrosoftInternetExplorer4
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
Step 1
Obtain the serial number for your security appliance by
entering the following command:
hostname# show activation-key
Step 2
Access one of the following URLs.
•
Use the following website if you are a registered user of
Cisco.com:
http://www.cisco.com/go/license
•
Use the following website if you are not a registered user
of Cisco.com:
http://www.cisco.com/go/license/public
Step 3
Enter the following information, when prompted:
•
Product Authorization Key (if you have multiple keys, enter
one of the keys first. You have to enter
each key as a separate process.)
•
The serial number of your security appliance
•
Your email address
An activation key is automatically generated and sent to the
email address that you provide. This key
includes all features you have registered so far for
permanent licenses. For VPN Flex licenses, each
license has a separate activation key.
Step 4
If you have additional Product Authorization Keys, repeat
Step 3 for each Product Authorization Key.
After you enter all of the Product Authorization Keys, the
final activation key provided includes all of
the permanent features you registered
ASA VPN setup
this has been nicely explained here:http://www.computerfreetips.com/Cisco_router_tips/ASA-VPN-tunnel.html
3/12/2012 12:25:11 PM •
Cisco ASA...
•
Answered
on Mar 12, 2012
•
433 views
I desire to block video
You can not do content filtering with ASA firewalls with IOS. You will need to buy a content filtering solution, or sign up for a inexpensive content filtering with OpenDNS.org. This is a good content filtering basic system with white and black listing capability.
Good luck!
I have configured Cisco ASA Firewall and I have
HI,
·
Please check
the whether the security level for DMZ and outside interface, If DMZ is high
security level. Please do the NAT configuration
· If it's having the same security level. Please issue the command "same-security-traffic permit inter-interface "in the global config mode.
I have some problems with
What version of software are you running? I have noticed issue with ssh on version 8.2(3) and below.
You can try to remove all ssh access and then add it back.
Also you can try zeroizing and regenerating the crypto key.
Not finding what you are looking for?
