One of our clients has the problem of it's staff spending a lot of time on MySpace, Facebook etc.
They don't have any content filtering, pretty much an open gateway to the net through a Cisco 857 ADSL Router.
I've done a fair bit of research trying to get the router to block traffic to those particular sites.
I began trying to block the sites by name, but for whatever reason, I can't resolve external host names, even though I have DNS servers listed - it doesn't seem to query the DNS servers.
That's fine though... in the short term, I just want to block these sites any way I can.
I'm no ACL expert, but I tried the below:
ip access-group block-web out
ip access-list extended block-web
remark Block specified websites
remark SDM_ACL Category=1
permit tcp any any
deny tcp any eq www 220.127.116.11 0.0.0.255 eq www
The 18.104.22.168 network is the one the MySpace servers appear to be on.
When I apply this though, ALL web access blocked. I've tried swapping the permit & deny lines around too with no joy. There is no other ACL on outbound traffic.
Any ideas on what I'm doing wrong?
Ultimately, the DNS approach would be best, but for whatever reason, that doesn't seem to be happening...
Thanks in advance!