block rang of ip address in ASA5005

Forum,
I am trying to block youtube and a few other sites. I do a nslookup and place the ip address in the ASA, and block the IP, but youtube is not being blocked. I went onto ARIN.NET, and arin returned an range of addresses.

What am i missing, i am not that strong with ASA CLI commands, so i am using the ASDM 5.2 managment utilitiy. just not sure what to do at this point.

thank you,
Dat

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

Ahriakin

Large sites like that will have a load of IPs, often in different ranges so ACLs won't really do it for you. Getting a webfilter (there are free Linux versions out there, or appliances like The Barracuda filters or Websense (integrates well with Cisco products)/Bluecoat for server installs) is the best option, alternately and MUCH more awkward is to use an IPS (Snort INline would be your free option) and use Content/ReGex to block urls.
Trust me and get the webfilter.

tiersten

I'd say use BGP to blackhole AS36561 and then send it to your upstream provider *cough*

Ahriakin

If only ASA's supported BGP

tiersten

Ahriakin wrote:

If only ASA's supported BGP

Oh no. I wasn't being serious. I was just saying you should do what Pakistan Telecom did when they knocked YouTube off the internet a while back

shednik

tiersten wrote:

Ahriakin wrote:

If only ASA's supported BGP

Oh no. I wasn't being serious. I was just saying you should do what Pakistan Telecom did when they knocked YouTube off the internet a while back

I forgot all about that....hilarious