Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Blocking specified websites through Cisco IOS on ADSL router

Posted on 2007-12-05
4
Medium Priority
?
2,725 Views
Last Modified: 2008-02-01
Hi,

One of our clients has the problem of it's staff spending a lot of time on MySpace, Facebook etc.

They don't have any content filtering, pretty much an open gateway to the net through a Cisco 857 ADSL Router.

I've done a fair bit of research trying to get the router to block traffic to those particular sites.

I began trying to block the sites by name, but for whatever reason, I can't resolve external host names, even though I have DNS servers listed - it doesn't seem to query the DNS servers.

That's fine though... in the short term, I just want to block these sites any way I can.

I'm no ACL expert, but I tried the below:

=================
interface Dialer0
 ...
 ip access-group block-web out
 ...

ip access-list extended block-web
 remark Block specified websites
 remark SDM_ACL Category=1
 permit tcp any any
 deny   tcp any eq www 216.178.38.0 0.0.0.255 eq www
=================

The 216.178.38.0 network is the one the MySpace servers appear to be on.

When I apply this though, ALL web access blocked. I've tried swapping the permit & deny lines around too with no joy. There is no other ACL on outbound traffic.

Any ideas on what I'm doing wrong?

Ultimately, the DNS approach would be best, but for whatever reason, that doesn't seem to be happening...

Thanks in advance!
0
Comment
Question by:slamit
  • 3
4 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 2000 total points
ID: 20417070
Try making the access list look like the following:

ip access-list extended block-web
 remark Block specified websites
 remark SDM_ACL Category=1
 deny   tcp any 216.178.38.0 0.0.0.255 eq www
 permit ip any any

See if that helps...
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 20417074
BTW, you won't be able to use the DNS method on a router because the router cannot reference an FQDN as part of an access list statement...it's a bummer, I know, because I would love to be able to do this and have tried myself.
0
 

Author Comment

by:slamit
ID: 20417092
Awesome, thanks so much!! :)
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 20417135
You're welcome!
0

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question