blocking hotmail and in ASA 5510

Posted on 2009-05-05
Last Modified: 2013-11-16
Question by:alimohammed72
  • 2
LVL 33

Expert Comment

Comment Utility
In an ASA Firewall you can block any outbound request using an Access list.   THE ACL is read in sequential order, top to bottom, so as soon as there is a match the processing stops.  

Your list would need to look something like this:

Access-list inside_to_outside extended deny ip any <ip address subnet of hotmail>  <subnet mask of hotmail>
Access-list inside_to_outside extended deny ip any <ip address subnet of yahoo>  <subnet mask of yahoo>
Access-list inside_to_outside extended permit tcp any any eq 80
Access-list inside_to_outside extended permit tcp any any eq 443

access-group inside_to_outside in interface inside

This will block any ip request to the ip subnet of hotmail or yahoo yet allow any other port 80/443 request outbound.   There is an implicit deny at the end of any access list, so all other communication would be blocked.  


Author Comment

Comment Utility
how am I going to know the subnets for Hotmail and Yahoo
LVL 33

Accepted Solution

MikeKane earned 500 total points
Comment Utility
Here are the hotmail ips

Here are the yahoo ips

You know that anyone can still hit a public proxy then get to these sites....     Or setup a personal proxy at home and bypass this ip range.      The best way to block this would be setup a web filter like websense and block the webmail category along with the proxy/anonymizer category.  


Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (, affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now