I have a layer 3 switch, 3550.I have several vlans on there just for playing around with. One of the vlans, has a vonage linksys box attached to it with a UK number attached. From time to time telemarketers call at 03:00 in the morning, this as I'm sure you can imagine is not much fun. The linksys box gets 192.168.3.3 as it's ip.The switch is connected to a non cisco router at 192.168.0.1
interface FastEthernet0/24 no switchport ip address 192.168.0.2 255.255.255.0
I was thinking a time based access list would work best I have tried several variations but the phone still rings. I have tried access-list 1 deny host 192.168.3.3 permit ..... and more extensive lists but the phone still rings. I have not applied the time-range yet, so that's not the problem.I have applied the list to the vlan interface and to fa0/24 but it's not working.
I have a Belkin N750 router which I purchased because the box said it had filtering options. I didn't realize that the filtering was only sites that Norton kept track of. There are certain adware sites I know about that I would like to filter. Possible with this router?
I use a router RV082 with load balancing. My problem is when I try to access a specific site, I get the error message that my IP address changes and I can not use 2 ip address. I want to specify an ip range to always use the same WAN port.
I have a WAG160Nv2 and I want to block specific external ip addresses from trying to get at our server that uses the WAG160Nv2 as an internet gateway. It's not immediately obvious if this can be done from looking through the config pages.
I'm using an ASA5505 (8.4(1)) and would like to block port 80 on a specific host in the LAN so machines in other remote LANs connected via VPN can't access this port on the host. Devices in the local LAN should have access to this port on the host. Here are the commands I'm using:
-access-list block_port extended deny tcp any host 10.20.10.20 eq 80 -access-list block_port extended permit ip any any -access-group block_port out interface inside
These commands are not working as I would expect them to. When I browse to http://10.20.10.20 from a remote machine over the VPN tunnel I am able to access the host web server.
I've setup my VPN on the cisco ASA 5505 which works perfectly, users from outside can access my internal LAN. Now what i want, Is to create another VPN Tunnel group with another set of IP in which i want to allow them access to one server inside our LAN. See below details of network. [code]
I have the Qwest/Actiontec Q1000 modem/router. I go to the ip address using my web-browser and open up advanced configurations -> access scheduler. I select a computer (and it automatically adds the MAC address) and then the days/times I want the internet to be accessible. However, when I click "add" (to add my internet allowance to the scheduler list) it just says 12:00 to 0:00, which is essentially permanently blocking the internet for that computer.
I have an 1841 between my firewall and the ISP. Three interfaces - multilink to ISP, FA to my firewall, and FA to my inside network. I use the inside interface for configs aand snmp access, etc. Only my ISP-assigned fixed address block will get routed to the multilink by the ISP but I am nervous about the inside interface sitting on my LAN. I know I can remove it, but if I keep it there, how can I set up an ACL so that all traffic from the multilink interface is denied to the inside interface? I suppose another way to think about it that the inbound iface can only accept traffic from its own outside, not from the router.I think this is fairly simple but I don't want to knock down the traffic if I get it wrong.
I have an ASA pair configured to replace a router that hosts a collection of IPSec Tunnels. Tunnels appear to work. I am lab'ing some additional controls that I would like to implement. On the Production Router that i plan to replace with the ASA's the current Tunnels are all wide open (all traffic allowed to pass). I was hoping to lock things down a little without having to reconfigure all of the Tunnels. My though was that an ACL on the Inside Interface blocking selected traffic Out (so into the LAN) should not impact the stability of the Tunnels but allow me to restrict some traffic from entering the LAN. One port that I was attempting to block is RDP 3389. When this ACL is applied to the inside interface it does not block Port 3389 at all. What am I missing? Is it that the trffic is being allowed because it is coming through one of my 'open' Tunnels?
Shouldn't IPSec Tunnel traffic be processed by the Inside Interface ACL just like all other traffic?
I am having difficulty following the logic of the port-translation. Here is the configuration on a 5505 with 8.3,So I would have thought the outside access-list should reference the 'mapped' port but even with 3398 open I cannot remote desktop to the host. If I open 3389 then I can connect successfully.
I am trying to allow telnet to port 551 but i couldn't get it to work.I am using a cisco 1720 router running on IOS 12.2.I am using the below commands to set the access list to allow access to port 551 using remote telnet to the Cisco router.hostname R1!interface ethernet0ip access-group 102 in!access-list 102 permit tcp any any eq 551.After i enter the above command the router will disconnect me and i will not be able to connect to it for awhile. Once the router is up i am still unable to telnet to port 551.
We have a three tier network with a centralized core switch and multitple distirbution swithces - all 6506 routers.EAch dist switch is its own PIM SM domain and the RP so we never send multicast between the dist switches and through the core.
We are putting in a centralized server at the core switch which has to provide specific mcast < X Groups > to all servers at the dist level on all dist switches.
So we would like to define the RP <core rp ip> just for the <X groups> on the Core switch and tell all the distribution switch that the core is the RP for just the <XGroups>
If we put these commands on all the switches including the cores will that set the rp just fo the <XGroups> to the <core rp ip > ?Do I have to define the deine an ACL for all groups if i define it for some or will groups not defined by the ACL defualt to the local RP?
do I have to put in the override command ? (We are using MSDP not autorp)
ip pim rp-address <distn rp ip> ip pim rp-address <core rp ip> 99
how to perform port security or mac access-list on LAN ports of router 861 or 881.There are commands access-list 700-799 , but I don't know how to apply that access list on configured vlan or particular port.
I'm configuring a 5505 for a remote office. Until they are assigned a static ip by the provider I will have to use the providers dhcp address. How do I construct an access list for the outside interface using the external address if I don't know it yet? is there a commnd that will insert the ip address in to the access list once one is assigned?
Is it possible to enable an absolute value rate limit using QOS on a HP ProCurve 5406 switch for a particular IP range on a specific port? Is there a way to configure our HP 5406 with an absolute rate limit on "WAN" port for that server's IP range? I would like to limit it to only being capable of sending 1Mbps worth of traffic over the head end at once.Everything in the documentation points towards priority queues, which as far as I can tell, isn't really what I want.Baring accomplishing this goal using rate limiting is there a better way to prevent our services from accidentally saturating this connection?i thimkong about somthing like that:
class ipv4 rate-limit-port-A1 match ip 10.136.0.0/16 any exit policy qos port-a1-ratelimit class servers-to-be-slowed action rate-limit kbps 1000 exit interface A1 service-policy port-a1-ratelimit inI'm not sure about this.
I want to do what I thought would have been a simple enough task - block my kids phone/computer after certain hours. Instead of blocking the specified MAC address(es), all my computers does not have internet access. As soon as I disable the policy, internet access is on again. Here's what I did:
Setup firewall rules that will block all inbound Internet access to the web server except port 443, Setup firewall rules that will block all communication between the two internal networks, except ports 7000 and 1702
I have been looking into this router, I would like to know if I can enable Parental controls or access restrictions to block a MAC or IP address; from 03:00 AM - 06:00 AM ?Instead of Midnight to 6:00 am.My E4200 works just fine, Just would like to know if the EA6500 Can do that ?
How do I block specific domains (pandora.com, etc.) in the Sonicwall? It seems like this would happen in the CFS but do I need a subscription for this? I don't want to subscribe to Sonicwall's filtering list, I just want to block a couple specific domains.
How to configure the 825 to block inbound traffic from a specific internet IP address ?i noticed an IP and MAC that i don't recognize that is listed as a connection to my NAS's media server ...i blocked it in the NAS configuration page, but i don't want any unsolicited traffic into my network.
I dont mean a website like facebook.com, but i want it to block an individual page,such as a profile page, yet still be able to access the rest of the site? Again i'm not after facebook settings etc, but i want to restrict access to certain webpages within Lan.
I have Cisco ASA 8.0(5) and I need to block specific url to acees my https server in dmz ?I read about websence technology, but I think it's not free right? Also I read abotu policy inspection map's but in my case is HTTPS not http ..
if the firewall rules in the RVL200 work for inter LAN routing as well as LAN<->WAN? I need 2 separate networks in a house, 1 for business 1 for family, and I want to only allow my IP on network 1 (family net,10.0.0.0/24) access to network 2 (business net 10.0.1.0/24). I want this as if I change rooms were a access point for business is not available I can use the home net and specific IP to access certain business net IPs. I saw you can turn inter vlan routing on or off, but it wasn't clear on firewall rules.know of a similar router in cost but with gige instead of 100Mb ports?