block rang of ip address in ASA5005

datchchadatchcha Posts: 265Member
Forum,
I am trying to block youtube and a few other sites. I do a nslookup and place the ip address in the ASA, and block the IP, but youtube is not being blocked. I went onto ARIN.NET, and arin returned an range of addresses.

What am i missing, i am not that strong with ASA CLI commands, so i am using the ASDM 5.2 managment utilitiy. just not sure what to do at this point.

thank you,
Dat
Arrakis

Comments

  • AhriakinAhriakin SupremeNetworkOverlord Posts: 1,800Member
    Large sites like that will have a load of IPs, often in different ranges so ACLs won't really do it for you. Getting a webfilter (there are free Linux versions out there, or appliances like The Barracuda filters or Websense (integrates well with Cisco products)/Bluecoat for server installs) is the best option, alternately and MUCH more awkward is to use an IPS (Snort INline would be your free option) and use Content/ReGex to block urls.
    Trust me and get the webfilter.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • tierstentiersten Posts: 4,505Member
    I'd say use BGP to blackhole AS36561 and then send it to your upstream provider *cough*
  • AhriakinAhriakin SupremeNetworkOverlord Posts: 1,800Member
    If only ASA's supported BGP ;)
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • tierstentiersten Posts: 4,505Member
    Ahriakin wrote:
    If only ASA's supported BGP ;)
    Oh no. I wasn't being serious. I was just saying you should do what Pakistan Telecom did when they knocked YouTube off the internet a while back :D
  • shednikshednik Posts: 2,005Member
    tiersten wrote:
    Ahriakin wrote:
    If only ASA's supported BGP ;)
    Oh no. I wasn't being serious. I was just saying you should do what Pakistan Telecom did when they knocked YouTube off the internet a while back :D

    I forgot all about that....hilarious :D
Sign In or Register to comment.