Jimmy, I think its your regular expression. Look at what I did on the ASA:
First I tested yours: ASA1# test regex www.facebook.com "*.facebook\.com.*" INFO: Regular expression match failed. Then mine: ASA1# test regex www.facebook.com ".+\.facebook\.com*" INFO: Regular expression match succeeded. Then a few others to test the path to other apps: ASA1# test regex www.facebook.com/reader ".+\.facebook\.com*" INFO: Regular expression match succeeded. ASA1# test regex www.facebook.com/farmville_app ".+\.facebook\.com*" INFO: Regular expression match succeeded. Finally I tested agains another site: ASA1# test regex www.cisco.com/ ".+\.facebook\.com*" INFO: Regular expression match failed. and ASA1# test regex www.google.com/ ".+\.facebook\.com*" INFO: Regular expression match failed. give that a try and see where you get. Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com. On Sun, Feb 7, 2010 at 10:50 PM, Jimmy Larsson <[email protected]> wrote: > Hello > > Can anyone see why I am still able to surf to facebook from inside the ASA > with this config? > > time-range STUDY-TIME > absolute start 07:05 08 February 2010 end 07:59 08 February 2010 > ! > access-list acl-MAKE-JIMMY-WORK extended permit tcp any any eq www > time-range STUDY-TIME > > class-map class-NOSURF > match access-list acl-MAKE-JIMMY-WORK > > > regex gmail ".*mail\.google\.com.*" > regex googlereader "*.google\.com\/reader.*" > regex twitter "*.twitter\.com.*" > regex facebook "*.facebook\.com.*" > > > class-map type regex match-any class-map-JIMMYS-BANNED-SITES > match regex twitter > match regex facebook > match regex googlereader > match regex gmail > > class-map type inspect http match-all class-FIND-BANNED-URLS > match request uri regex class class-map-JIMMYS-BANNED-SITES > > policy-map type inspect http policy-INSPECT-HTTP > parameters > class class-FIND-BANNED-URLS > reset log > > policy-map policy-inside > # Other classes > class class-NOSURF > inspect http policy-INSPECT-HTTP > > Time-range is active: > Home-ASA(config-pmap)# sh time-range > > time-range entry: STUDY-TIME (active) > periodic weekdays 7:00 to 7:59 > used in: IP ACL entry > > my acl gets hitcounts: > Home-ASA(config-pmap)# sh access-list acl-MAKE-JIMMY-WORK > access-list acl-MAKE-JIMMY-WORK; 1 elements; name hash: 0x947ef6ed > access-list acl-MAKE-JIMMY-WORK line 1 extended permit tcp any any eq www > time-range STUDY-TIME (hitcnt=1) 0xbe60f654 > > My service-policy looks good: > > Home-ASA(config-pmap)# sh service-policy inspect http > > Global policy: > Service-policy: global_policy > Class-map: inspection_default > Inspect: http test_pmap, packet 6895252, drop 68, reset-drop 0 > protocol violations > log, packet 68 > > Interface inside: > Service-policy: policy-inside > Class-map: class-NOSURF > Inspect: http policy-INSPECT-HTTP, packet 1495, drop 0, reset-drop 0 > protocol violations > packet 0 > class class-FIND-BANNED-URLS > reset log, packet 0 > Home-ASA(config-pmap)# > > And the service-policy looks good: > > Home-ASA(config-pmap)# sh service-policy inspect http > > Global policy: > Service-policy: global_policy > Class-map: inspection_default > Inspect: http test_pmap, packet 6, drop 0, reset-drop 0 > protocol violations > log, packet 0 > > Interface inside: > Service-policy: policy-inside > Class-map: class-NOSURF > Inspect: http policy-INSPECT-HTTP, packet 327, drop 0, reset-drop 0 > protocol violations > packet 0 > class class-FIND-BANNED-URLS > reset log, packet 0 > Home-ASA(config-pmap)# > > Anyone? > > -- > ------- > Jimmy Larsson > Ryavagen 173 > s-26030 Vallakra > Sweden > http://blogg.kvistofta.nu > ------- > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
