block rang of ip address in ASA5005
datchcha
Member Posts: 265
Forum,
I am trying to block youtube and a few other sites. I do a nslookup and place the ip address in the ASA, and block the IP, but youtube is not being blocked. I went onto ARIN.NET, and arin returned an range of addresses.
What am i missing, i am not that strong with ASA CLI commands, so i am using the ASDM 5.2 managment utilitiy. just not sure what to do at this point.
thank you,
Dat
I am trying to block youtube and a few other sites. I do a nslookup and place the ip address in the ASA, and block the IP, but youtube is not being blocked. I went onto ARIN.NET, and arin returned an range of addresses.
What am i missing, i am not that strong with ASA CLI commands, so i am using the ASDM 5.2 managment utilitiy. just not sure what to do at this point.
thank you,
Dat
Arrakis
Comments
-
Ahriakin
Member Posts: 1,799 ■■■■■■■■□□
Large sites like that will have a load of IPs, often in different ranges so ACLs won't really do it for you. Getting a webfilter (there are free Linux versions out there, or appliances like The Barracuda filters or Websense (integrates well with Cisco products)/Bluecoat for server installs) is the best option, alternately and MUCH more awkward is to use an IPS (Snort INline would be your free option) and use Content/ReGex to block urls.
Trust me and get the webfilter.We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place? -
tiersten
Member Posts: 4,505
I'd say use BGP to blackhole AS36561 and then send it to your upstream provider *cough*
-
Ahriakin
Member Posts: 1,799 ■■■■■■■■□□
If only ASA's supported BGP
We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
