Capturing https traffic cisco ios router 2911 for URL filtering

Hi there
Running Cisco 2911 ios version 'ROM: System Bootstrap, Version 15.0(1r)M9, RELEASE SOFTWARE (fc1)' I have websense url filtering server.  I have offered these commands on the cisco router (as under).  My websense is capturing only HTTP traffic and not the HTTPS traffic, I have seen the traffic on wireshark on the websense server, no sign of https traffic only http.
Which command am I missing so that I can send the https traffic to websense server for url filtering?
ip inspect name TRAFFIC_INSPECTI https
ip inspect name TRAFFIC_INSPECTI telnet
ip inspect name TRAFFIC_INSPECTI sip
ip inspect name TRAFFIC_INSPECTI skinny
ip inspect name TRAFFIC_INSPECTI smtp
ip inspect name TRAFFIC_INSPECTI rtsp
ip inspect name TRAFFIC_INSPECTI tcp
ip inspect name TRAFFIC_INSPECTI udp
ip inspect name TRAFFIC_INSPECTI icmp
ip inspect name TRAFFIC_INSPECTI http java-list 21 urlfilter
ip urlfilter allow-mode on
ip urlfilter urlf-server-log
ip urlfilter server vendor websense 10.10.10.133 retrans 6 timeout 8
ip ips notify SDEE
I have followed this article but it only states for http and not https:
http://www.websense.com/content/support/library/web/v75/wws_cisco_supp/cisco_ios_router_startup_config.aspx#1047473
LVL 5
amanzoorNetwork infrastructure AdminAsked:
Who is Participating?
 
surbabu140977Connect With a Mentor Commented:
In cisco, I think only the http traffic can be inspected, not the https.

The protocols supported in cisco are -- cuseeme/ftp/h323/http/rcmd/realaudio/rpc/smtp/sqlnet/streamworks/tcp/tftp/udp/vdolive/imap/pop3 and a few others but definitely not https.

If something drastically changed in 15.1 (doesn't look like), my apology then.

In the following cisco link ( Table 3 Protocol Keywords--Application-Layer Protocols table) you can check/verify.

http://www.cisco.com/en/US/docs/ios-xml/ios/security/d1/sec-cr-i2.html#wp2665953023

Best,
0
 
kevinhsiehConnect With a Mentor Commented:
Https traffic is encrypted, which includes the URL. You can't inspect it unless you have a device which can proxy the SSL connection and act as a man in the middle.
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
Hi Guys,
This is my new websense Triton server (VM).  On my old websense physical box I had port monitoring enabled on my switch and I was able to see all traffic (http+https) on the websense server.  So I could say the https traffic is there but the websense triton (VM) is unable to see it unless I physically map its card to the port monitoring switch?
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

 
surbabu140977Commented:
If you are doing that then may be "yes", But you cannot divert/inspect https from cisco devices using ios commands. The ios will not be able to understand https.

If you are spanning/mirroring a switch port, using websense you can sniff https.

Best,
0
 
lrmooreConnect With a Mentor Commented:
Did you apply the filter to the internal lan interface? And did you create an inspect rule that points to the url filter rule

ip inspect name URLFILTER http urlfilter

At the interface:
 ip inspect URLFILTER in
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
irmoore:
I have tried applying the filter to the lan interface, it makes no change:
int_gig 0/0> ip inspect name TRAFFIC_INSPECTI out/in   (no change on the websense server it only sees the http traffic.  
with this my global command is:
ip inspect name TRAFFIC_INSPECTI http java-list 21 urlfilter
Websense server only sees http traffic.
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
Thanks guys, Good to know that my router 2911 cannot divert the https traffic only ASA and above can do it.  Now I have to run a long cable from my datacenter to the physical websense to work.  Also if I had the license for VDS feature in VMware I could have used it to map the port span on my brocade switch to sniff http/https traffic.
Regards
0
All Courses

From novice to tech pro — start learning today.