Link to home
Start Free TrialLog in
Avatar of a77
a77

asked on

cisco ASA http inspection small problem

good morning/evening our fellow experts around the world,

i'm having a tiny problem with HTTP inspection on cisco ASA5505, i'm trying to block video extensions, and it worked, but the problem is that once i apply this http inspection policy, when users try to open hotmail and yahoo messages, they can't, (inbox opens, but when they click on any email it does not open, hotmail shows "We can't connect to Hotmail right now. Please try again later"), when i disable this http inspection policy, everything works fine, i'm lost because i don't know where to look (also i'm an ASA noob)

below is a show run highlighting the important things:

regex video_extensions1 ".*\.flv|.*\.mpg|.*\.asf|.*\.asr|.*\.asx|.*\.avi|.*\.iv
|.*\.lsf|.*\.lsx|.*\.mlv|.*\.mp4|audio/.*"
regex video_extensions2 ".*\.mov|.*\.movie|.*\.mp2|.*\.mpa|.*\.mpe|.*\.mpeg|.*\
mpv2|.*\.qt|.*\.mkv|video/*"
regex applicationheader "application/.*"
regex contenttype "Content-Type"
ftp mode passive
object-group service DM_INLINE_SERVICE_1
 service-object ip
 service-object tcp-udp eq www
 service-object tcp eq www
 service-object icmp
object-group service DM_INLINE_SERVICE_2
 service-object ip
 service-object tcp eq www
 service-object icmp
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_1 a
y interface outside
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2
ny interface outside
access-list outside_access_in_1 extended permit ip any any inactive
access-list inside_access_in_1 extended permit ip any any
access-list inside_mpc extended permit object-group TCPUDP any any eq www
access-list inside_mpc extended permit tcp any any eq 8080
!
dynamic-access-policy-record DfltAccessPolicy
!
priority-queue inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
class-map type regex match-any extensionsBlockList
 match regex video_extensions2
 match regex video_extensions1
class-map type inspect http match-all blockExtensions
 match request uri regex class extensionsBlockList
class-map type inspect http match-all appheaderclass
 match request header regex contenttype regex applicationheader
class-map type inspect http match-all asdm_medium_security_methods
 match not request method head
 match not request method post
 match not request method get
class-map type inspect http match-all asdm_high_security_methods
 match not request method head
 match not request method get
class-map httptraffic
 match access-list inside_mpc
!
policy-map type inspect http http_inspection_policy
 parameters
  protocol-violation action drop-connection
 match request method connect
  drop-connection log
 class appheaderclass
  drop-connection log
 class blockExtensions
  reset log
policy-map inside-policy
 class httptraffic
  inspect http http_inspection_policy
!
service-policy inside-policy interface inside

Open in new window


Appreciate any help :)
thanks in advance.
ASKER CERTIFIED SOLUTION
Avatar of TimotiSt
TimotiSt
Flag of Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of InteraX
InteraX
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of thebyte
thebyte
Flag of Canada image
It sounds like it could be one of those defined file extensions causing issues.  You could start by using only one or a couple and using a process of elimination to try and figure out which one is causing it.
Avatar of a77
a77

ASKER

i ended up blocking only the video extensions , so even though youtube opens, but the videos does not play.

Thanks everyone !