# Cisco & N2H2



## NoReason (Nov 15, 2004)

Ok, got a Q here that my IT consultant, who setup the network here, doesn't seem to know the answer to.

I have a Cisco Pix firewall that I'm trying to use with a N2H2 server to filter web traffic. I am only trying to filter 1 pc for the moment for testing before I put it out there to effect the entire company.
Firewall Specs:

Cisco PIX Security Appliance Software Version 7.0 (1) 
Device Manager Version 5.0(1) 
Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz

Ok...point...I have a couple lines in it
url-server (inside) vendor n2h2 host _x.x.x.x_ port 4005 _(x's being n2h2 server ip)_
filter url http 192.168._x.x_ 255.255.255.255 0.0.0.0 0.0.0.0


I then set the N2H2 server up to filter that one ip. But it doesn't matter if I block all, or set it to no filter...it always takes me to the N2H2 bad boy page when I try to access the internet on that pc.

Any ideas? Or do you need more info?


----------



## NoReason (Nov 15, 2004)

ok....let me ask this then:
Does it make a difference if the command entered is...

url-server (inside) vendor n2h2 host x.x.x.x port 4005 timeout 30 protocol tcp connections 5 | udp connections 5

or

url-server (inside) vendor n2h2 host x.x.x.x [ort 4005] [timeout 30] [protocol tcp connections 5 | udp [connections 5]]


and a second question, in the Documentation, it says you must identify _and_ enable url filtering server before adding the http filter. I identified it, how do you enable it? or does that happen when you identify it?


----------



## aprior (Jan 10, 2006)

hmm... I can't see any reason why it shouldn't be working on the PIX end.
What does it say when you do a "show url-server stats" on the PIX?

For your question in the second post, either should be fine except I don't think you can put a space between the IP address and the colon and the word port (If you choose that syntax).


----------



## NoReason (Nov 15, 2004)

sorry it took so long to reply, I was away for work.

This is the info after doing a show url-server statistics:

URL Server Statistics:
----------------------
Vendor n2h2
URLs total/allowed/denied 0/0/0
HTTPSs total/allowed/denied 0/0/0
FTPs total/allowed/denied 0/0/0

URL Server Status:
------------------
192.168.xx.xx UP (which is the n2h2 server ip)

URL Packets Sent and Received Stats:
-----------------------------------
Message Sent Received
STATUS_REQUEST 98701 98701
LOOKUP_REQUEST 0 0
LOG_REQUEST 0 NA
-----------------------------------

Thanks


----------



## NoReason (Nov 15, 2004)

as for the space between the the ip and port, I have to put it in, otherwise it'll give me "ERROR: % Invalid input detected at '^' marker."
Whether I do it _IP_ort 4005, or _ip_port 4005 or _ip_[ort 4005]


----------



## aprior (Jan 10, 2006)

Sorry about the late reply, I didn't notice that you had replied.
So, your configuration looks fine. The PIX is obviously communicating with the server, it is sending and receiving status messages, but nothing is being looked up.

I'm not sure I know why it's happening either. Unless, and this may seem like a stupid question, but is the client PC's default gateway set as the PIX (or does the traffic to the Internet eventually have to go through the PIX)?


----------

