How to ONLY allow one URL with ASA 5505??

[Rickpo12]

All, thank you in advance.

I have an ASA 5505 that I would like to setup so that it will ONLY allow communications out from one server to one url:

http://www.google.com/recaptcha/api/verify

(All other outbound requests from this server would be blocked)
SERVERNAME: SLEEPY

I have been playing with regular expressions and http inspect maps, but have not yet run into the magic steps that will allow for this. I thought that I would ask this group to see if others have already figured this out. NOTE: I would like to do this WITHOUT having a URL Filtering Server, just the basics of the ASA.

If you know the steps to accomplish this task, I sure would appreciate the help and the steps.

Thank you

Rick

 

[jasonmerchants]

Are you doing any NAT on the ASA? If not, you could define an ACL for the server <-> website, and deny all others - this would basically 'time out' any other requests.

If you're running NAT, this process is a little more difficult, but can be accomplished similarly, with additional inspection maps (if I recall correctly).

Jason
Network Engineer, Cisco & Nortel