Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Blocking specified websites through Cisco IOS on ADSL router

Posted on 2007-12-05
4
Medium Priority
?
2,728 Views
Last Modified: 2008-02-01
Hi,

One of our clients has the problem of it's staff spending a lot of time on MySpace, Facebook etc.

They don't have any content filtering, pretty much an open gateway to the net through a Cisco 857 ADSL Router.

I've done a fair bit of research trying to get the router to block traffic to those particular sites.

I began trying to block the sites by name, but for whatever reason, I can't resolve external host names, even though I have DNS servers listed - it doesn't seem to query the DNS servers.

That's fine though... in the short term, I just want to block these sites any way I can.

I'm no ACL expert, but I tried the below:

=================
interface Dialer0
 ...
 ip access-group block-web out
 ...

ip access-list extended block-web
 remark Block specified websites
 remark SDM_ACL Category=1
 permit tcp any any
 deny   tcp any eq www 216.178.38.0 0.0.0.255 eq www
=================

The 216.178.38.0 network is the one the MySpace servers appear to be on.

When I apply this though, ALL web access blocked. I've tried swapping the permit & deny lines around too with no joy. There is no other ACL on outbound traffic.

Any ideas on what I'm doing wrong?

Ultimately, the DNS approach would be best, but for whatever reason, that doesn't seem to be happening...

Thanks in advance!
0
Comment
Question by:slamit
  • 3
4 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 2000 total points
ID: 20417070
Try making the access list look like the following:

ip access-list extended block-web
 remark Block specified websites
 remark SDM_ACL Category=1
 deny   tcp any 216.178.38.0 0.0.0.255 eq www
 permit ip any any

See if that helps...
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 20417074
BTW, you won't be able to use the DNS method on a router because the router cannot reference an FQDN as part of an access list statement...it's a bummer, I know, because I would love to be able to do this and have tried myself.
0
 

Author Comment

by:slamit
ID: 20417092
Awesome, thanks so much!! :)
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 20417135
You're welcome!
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question