Avatar of SamK04
SamK04

asked on 

Block 58.60.237.66 ip with Cisco 515e PDM

My network - WinNT network, Cisco 3600 router, Cisco PIX 515e with PDM v.2.1
File/Exchange server (NT4), Webserver (W2k), Antivirus server (W2k) in about 30 user network.

     Sirs, I have been getting hits on my webserver from this address (58.60.237.66) steadily over the past day or so and I want to block it with my 515 Pix Device Manager. I see an Add Rules tab with fields for the source ip (them) and dest ip (me), would they be a class A address with subnet mask of 255.0.0.0? Also, will I want a separate rule for all protocol options listed (tcp, udp, ip, icmp) or can I leave it at any?
     Any and all advice is appreciated, I would rather use this than trying to tear into the config manually. I know it's an easy question but worth the points if I can fix it quick. Thanks,
Sam
Software FirewallsCisco

Avatar of undefined
Last Comment
rsivanandan
ASKER CERTIFIED SOLUTION
Avatar of rsivanandan
rsivanandan
Flag of India image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of SamK04
SamK04

ASKER

    Ok, got the new command in the list. So if I see anyone else in my web server logs slamming my web page, I will add them also.
      Will double check logs tomorrow and close question with points to you. Thanks.
Avatar of rsivanandan
rsivanandan
Flag of India image

cool.

Cheers,
Rajesh

Avatar of SamK04
SamK04

ASKER

Logs look ok, thanks again. Should I consider any additions to my router ACL's about this ip? Or could (should) I have done it their in the first place?
Avatar of Les Moore
Les Moore
Flag of United States of America image

You can also create a network object-group that you can add/subtract individual hosts and networks into, then just have a single access-list entry. When you make changes, just add/delete from the group.
Configuration | Hosts/Networks
 Outside Interface
Add host 58.60.237.66 / 255.255.255.255
Add Group Name: BADBAD
Select the host in the Members not in group and Add> to group
 OK
Apply
Access Rules
Add a rule
 Action Deny
 Source Host/network *Group
  Interface: outside
  Group: BADBAD
 OK  
 Apply
Done. Now just add/remove hosts to the group in the Hosts/Network tab when you want to block them.







Avatar of Les Moore
Les Moore
Flag of United States of America image

>with PDM v.2.1
Highly suggest upgrading that to PIX 6.3(5) and PDM 3.04
PDM just keeps getting better. World of difference between 2.x and 3.x
Since it is a 515, you could upgrade all the way to latest 7.2x with new ASDM GUI. It really is slick with lots of new features, like a simple checkmark to toggle access-list rules enabled/disabled without having to completely delete any acl entry.
Avatar of Les Moore
Les Moore
Flag of United States of America image

This is what the object-group config looks like:

object-group network BADBAD
  network-object 58.60.237.66 255.255.255.255
access-list outside_access_in deny ip object-group BADBAD any
access-list outside_access_in permit icmp any any echo-reply
access-list outside_access_in permit icmp any any traceroute
access-list outside_access_in permit icmp any any unreachable
access-list outside_access_in permit icmp any any time-exceeded
access-group outside_access_in in interface outside

Just make sure this block acl entry is at the top of the inbound acl list.
Avatar of rsivanandan
rsivanandan
Flag of India image

thnx.

Cheers,
Rajesh
Cisco
Cisco

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

27K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo