Block certain websites usins Cisco PIX

Hi,

How can i block certain websites usins Cisco PIX? I know it can be integrated to Websense and all. Iam in the process of getting one, but in the mean time i need an option to block certain websites using the ip address. For eg. if www.yahoo.com ip address is 100.20.30.40, i should be able to block any connection to 100.20.30.40 using my pix.

Please can some one tell me how to do it?

My version is Cisco PIX Firewall Version 6.3(5)

Regards

Qman
qman2007Asked:
Who is Participating?
 
calvinetterCommented:
 Easy:
access-list outbound deny ip any host 100.20.30.40
access-list outbound permit ip any any
access-group outbound in interface inside

cheers
0
 
Cyclops3590Commented:
this is what I do for banned-servers, which is a small twist on calvinetter's acls

object-group network banned-servers
 network-object host 100.20.30.40
access-list outbound deny ip any object-group banned-servers
access-list outbound permit ip any any
access-group outbound in interface inside

has the exact same effect as calvinetter's acl, but if you need to add one or take an IP away you don't have to mess with the acls.  It honestly doesn't matter which way you go, just wanted to let you know about object-groups and how they can help keep your acl section nice and tidy :)
0
 
lrmooreCommented:
I'd go with the object groups, too. Makes it so easy to add/remove any particular host from the banned list.

If you're really serious about access control, you might want to look at something like the iPrism appliance:
 http://iprism.stbernard.com
0
Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

 
calvinetterCommented:
Yep object-groups are nice, just wanted to keep it simple since the asker didn't seem to know how to do basic ACL filtering.

qman2007 - if you only need to block that 1 site, you can use my example.  Otherwise if you're probably going to end up blocking many sites, you could either just add another line to my ACL example, or do as Cyclops suggests.

cheers
0
 
qman2007Author Commented:
Hi All,

Thanks for the replies. Will try out few things and let you know.

Regards

Qman
0
 
Pete LongTechnical ConsultantCommented:
Or if you are thinking of an upgrade the Cisco 5510 now can be fitted with an optional Content Security Module - which has built in Trend Micro Web filtering - the annual Licence fee for that may be considerably less than Websense - and its relatively easy to set up and configure :)
http://www.cisco.com/en/US/products/ps6823/index.html
Regards

Pete
0
 
Computer101Commented:
Forced accept.

Computer101
EE Admin
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.