block rang of ip address in ASA5005

Forum,
I am trying to block youtube and a few other sites. I do a nslookup and place the ip address in the ASA, and block the IP, but youtube is not being blocked. I went onto ARIN.NET, and arin returned an range of addresses.

What am i missing, i am not that strong with ASA CLI commands, so i am using the ASDM 5.2 managment utilitiy. just not sure what to do at this point.

thank you,
Dat

Find more posts tagged with

Comments

Ahriakin

Large sites like that will have a load of IPs, often in different ranges so ACLs won't really do it for you. Getting a webfilter (there are free Linux versions out there, or appliances like The Barracuda filters or Websense (integrates well with Cisco products)/Bluecoat for server installs) is the best option, alternately and MUCH more awkward is to use an IPS (Snort INline would be your free option) and use Content/ReGex to block urls.
Trust me and get the webfilter.

tiersten

I'd say use BGP to blackhole AS36561 and then send it to your upstream provider *cough*

Ahriakin

If only ASA's supported BGP

tiersten

Ahriakin wrote:

If only ASA's supported BGP

Oh no. I wasn't being serious. I was just saying you should do what Pakistan Telecom did when they knocked YouTube off the internet a while back

shednik

tiersten wrote:

Ahriakin wrote:

If only ASA's supported BGP

Oh no. I wasn't being serious. I was just saying you should do what Pakistan Telecom did when they knocked YouTube off the internet a while back

I forgot all about that....hilarious