Content filtering with a Cisco PIX 501??

Looking through the ASA configuration, the only thing I can see which will do this is filtering using a Websense or Secure Computing SmartFilter server. If the ASAs don't have the ability to do this internally, I doubt the 501 will be able to do this. Not even sure if the 501 can leverage an external URL filtering server.

One alternative for you is to do an nslookup on the domain to resolve the IP of the offending website. Then create an access rule tied to that IP and just set a generic deny on protocol IP. This will just do a sweeping block of the site on that IP. You have to set the rule to be applied from the inside going out with the source IP being any because you just want a generic block across your internal network to a destination of the offending IP.

Lastly, if it's not already in the company's policy, there should be a code of conduct and appropriate use policy in an employee handbook. If there isn't one already in place, I would strongly suggest your clients put one in place. They should also have a general briefing of the policies and have every employee acknowledge the receipt of the policies and the thorough understanding of the policies along with consequences if they violate the rules. If they continue to violate policies which have been put in place and they are well aware of, then the company should just fire them.

 

If they are not enforcing their own policies, trying to solve this problem via an IT solution is just chasing your tail....in my opinion. There's really on so much you can do before someone figures out another way around your countermeasures.

 

This is assuming the users don't have local administrator rights to their respective PCs.