I wish to block some url that users have access through my LAN
Thats i wish to block icmp,access towards such sites, i wish to block icmp because dns will resolve the domain and they can access through ip address.
what i have in place is a cisco 2800 series routers
We have had our router and remote computers set up with Quick VPN for over a year. We've had our share of problems but have worked around them.
Now, out of the blue, no one can connect to the VPN. I went in to try to do some 'troubleshooting' and the ONLY thing that allows our VPN connection to go through is to completely disable the RV016 firewall. We have too many remote users to actually start and stop the firewall everytime someone needs the VPN connection.
I am working on wi-fi networks (ISP), So I need to block the peer to peer on my network.My network involves cisco switch 2950/2960, cisco 2800 routers and Access Points, config for peer to peer blocking, for this where I need to config either switches or router.My network basic setup is, The internet will pass from router to switch and then Access Points.
View 1 Replies View Related My company has a peer to peer network of 10 personal computers without a server. Operating systems from Windows XP to Vista. I've recently installed a Cisco RV120W Wireless-N VPN Firewall. It's configured in DHCP Server Mode with printers/copiers that have static IPs below the DHCP range.
I'm having a problem with certain stations being used for personal networking, shopping, etc. during business hours. Consequently I would like to limit internet access on these stations. However, some internet access is required because of online database software that's an integral part of our business. I've been reading in the Administration Guide about URL Blocking. Would it be possible to give static IPs to certain stations and then limit their internet access to 1 or 2 specific websites?
FYI, I've read about the Trusted Domains and Blocked Keywords but cannot quite understand how to parley this into the solution I need.
I'm getting this in my log buffer off my Cisco 2800 ISR. Seems like a firewall alert and I've looked it up but, having a hard time really understanding what this really means.Should I be worried about this? Aug 2 18:27:56.380: %FW-4-ALERT_ON: getting aggressive, count (3/500) current 1-min rate: 501,Aug 2 18:28:29.792: %FW-4-ALERT_OFF: calming down, count (0/400) current 1-min rate: 84.
View 1 Replies View RelatedI'm trying to troubleshoot an ASA5505.
The original goal was to block "Mumble/Murmur" (a voip app) traffic, which runs on TCP/UDP 64738, both inbound and outbound, except to a certain host (63.223.117.170).
However, when nothing I tried seemed to make a difference, just to troubleshoot, I decided to try blocking all inbound traffic. I first disconnected ethernet port 0/0 to ensure that it was cabled correctly and the outside interface went down when I did. That worked as expected, so I confirmed I had the right interface and it was cabled correctly.
I then applied a "any any deny ip" rule as the first element in the outside interface access_list, as you can see below. However, it appears to have had no real effect and the hit count is very low (it should be astronomical).
show ver
Cisco Adaptive Security Appliance Software Version 9.0(2)
Device Manager Version 7.1(2)
Compiled on Thu 21-Feb-13 13:10 by builders
System image file is "disk0:/asa902-k8.bin"
[Code].....
One of our customers had 2 x 2800 series routers that they needed to reconfigure to support new services, The existing public subnet has 2 free ip addresses to use for the routers, unfortunetely even though the ISP can reconfigure this to create more addresses the customer cannot have any downtime (there are other routers in this subnet that are live) and therefore i had my hand forced into using VRRP as opposed to HSRP (3 addresses).
I used VRRP to share the master address as the VIP, so one address on the master, one on the backup, using the master address as the VIP.
This all works fine, outbound and inbound traffic failover as expected and preemption works just fine.
My problem is, he asked me to configure a remote access VPN. So i have configured the VPN to connect to the VRRP VIP. When the master is active, the VPN connects, traffic passes, all fine. When the master is switched off the VPN traffic hits the backup, as its now assumed the VIP, and completes phase 1, xauth works, but phase 2 will not come up and the client displayed "not connected".
So doing some debugs, the phase 2 policies are accepted, but i get the message
*Mar 1 01:36:21.451: IPSEC(validate_transform_proposal): invalid local address x.x.x.164
where x.x.x.164 is the VRRP VIP address, the physical address which has the crypto map applied is .165
So here lies the problem, the client is connecting to .164, the crypto map is applied to the interface the is configured with .165. Hence the "invalid local address"
I have found some documentation online that suggests that VPN redundancy is possible with HSRP, but not on the 2800 series router. I cant use HSRP as i have only 2 addresses, and i cant use that feature as my routers dont support it.
I have Cisco router 2800 IOS and Version is (c2800nm-spservicek9-mz.124-6T5.bin) (IOS Version 12.4(6)T5).I wnt to install firewall.
View 1 Replies View RelatedI need to implement the backup between two sites I have router 2800 which is having a point to point connectivity with the far end.At the far end there is no router ,only one firewall is there on that firewall one access-list is there to allow the traffic .To implement the back up link i have created a site to site vpn .But the problem is as soon as the tunnel is establised .For the time being i have removed by site to site config from both firewall.
View 7 Replies View RelatedI have been tasked to connect a 2800 router to our ASA 5510 firewall. The router will be used as a VPN router. It will terminate two different VPN connections to two different networks. I can setup the 2800 VPN config but what would I need to do to setup the firewall. I am using an extra Ethernet port(it has 4) to directly connect the router. The FW has our outside internet connection, the DMZ, and our inside LAN connection. I do not have a lot of experience with Firewalls and I do not want to create a security breach while trying to set this up!!
View 5 Replies View RelatedI have 2800 series router which is directly connected to ISP. How can secure the router from outside access; I am totally new to the security concepts.
View 2 Replies View RelatedI wish to block some url that users have access through my LAN .That's i wish to block icmp,access towards such sites, i wish to block icmp because dns will resolve the domain and they can access through ip address.what i have in place is a cisco 2800 series routers,
View 7 Replies View RelatedI am trying to get layer 7 application protocol to work in a simple test setup, I need to get this working to filter roommate traffric . Simple configuration with two interface(inside and outside). With layer application configured, everything works fine, but when applied layer 7 it does not block the web site i want... URL filter and parameter map don't work either...
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(24)T1, RELEASE SOFTWARE (fc3)
parameter-map type urlfilter URL-FILTERaudit-trail onparameter-map type regex humoronpattern [Hh][Uu][Mm][Oo][Rr][Oo][Nn][.][Cc][Oo][Mm]
parameter-map type regex LAPOSTE1pattern LAPOSTE.NET(code)
I have cisco ASA 5510 with ios version 7.07 & all users are browsing the internet via PAT through ASA. i want to block some sites/URLs like facebook, yahoo etc.
View 2 Replies View RelatedI recently added a business cable modem to relieve some of the congestion I was getting on my T1 for our MPLS network. There was an ASA 5510 collecting dust in a closet here and I thought it would be the perfect device for firewalling the traffic coming in from the Cable modem, and handling the routing of our internal MPLS traffic as well. Internet setup was cake. The test laptop I have using the ASA as it's gateway has great internet service but it cannot ping across either of our MPLS networks. I have one MPLS with AT&T and one MPLS with EarthLink. My hope was to use the cable modem as the Default route for all unspecified internet traffic and route our internal MPLS traffic to the cisco 2800 routers that are currently in place for the MPLS. I can ping across the MPLS when I telnet to the ASA, but I cannot ping across the MPLS from the client that is connected to the ASA.
Here's the topology I'm working with
Internet
|
Cable Modem
|
ASA 5510 10.52.120.23
[Code].....
Every time I turn on my PC I find I have lost internet access. I can fix this by going to Network Connections, disabling the connection, re-enabling the connection.But why does this happen? I notice the the following:1. When I look at the Network Connection it shows "Local Area Connection, Network 3, Unidentified network, Realtek PCIe....."2. When I re-enable the network AVG tells me the Firewall settings have changed - Directly Connected to Network has been set to Unidentified..... etc
View 2 Replies View RelatedI set up a cisco 2811 to replace a netgear router at the office. I have nat set up and with ccp I added a firewall on the router using the basic firewall wizard. Just about everything works internet, receiving and sending emails on exchange from the pc. Issue I'm having noone can access the company email on their phone.Also theres a camera system that would be accessible to view from the live feed from outside the office and my boss can't access the camera. I port mapped all the custom applications and added new traffic rule from self -> outzone. It didn't work tried to add one from outzone -> self or inzone but i get a prompt stating it only accepts protocols tcp,udp, sip, h323, icmp and a few other I can't think of. I'm pulling out my hair trying to get this to work everything worked seamlessly on the netgear router and nothing was really defined just the inbound ip address of the applications and protocols that are allowed.
Lets say for reference purposes my ip addresses for internet is
internet
55.34.23.43 /24
email server
192.168.10.252 /24
web cam application
192.168.10.10 /24
8000 in
8001 out
I have ASA 5505 running 7.2.4, I want to prevent users accessing some web sites such as facebook , youtube and hotmail etc.
Which ASA 5505 IOS version should I use to block web access?
I don't want to isntall a dedicated filtering server ( websense etc) , I just want to block web sites statically on ASA 5505 via ASDM as I only have few sites to block.
know if ASA 5505 can do URL filtering, and what IOS is required ?
I have a Cisco ASA 5510. I have detected an infected workstation on my internal LAN which has caused my IP to be blacklisted by Barracuda Networks and other RBL. I have scanned and cleaned the workstation removing the spambot. I want to prevent all my internal workstations from sending SMTP traffic on Port 25 through my ASA 5510 device. I only need to allow my Exchange Server access to send out traffic on port 25. configure this setup using ASDM 5.0? I know it may be easier using CLI, but using the ASDM would really be preferred.
View 4 Replies View RelatedI am working on an ASA5505 and am trying to open the ftp port. I have a server (192.168.10.202) on the local LAN which is attempting to download antivirus updates from the net via ftp.
Saved
:
ASA Version 8.3(2)
!
hostname SITE
enable password XXXXXX
passwd XXXXXX
names
[code]....
I purchased a SA520W for my company, and i have some probles for configuring firewall. I want to deny access to facebook, youtube and twitter but not for 4 hosts which needs this websites for work. I tried to configure content filtering > blocking URLs but with this solution, I deny acces for all users, So, I tried to make IP v4 rules :
The 4 hosts who may access to these websites are 192.168.50.124 to 127
Example :
FROM Zone : LAN
TO : WAN
Service : Any
Action: block always
Source hosts : 192.168.50.32 to 192.168.50.123
destination hosts : 66.220.158.11 (one of the facebook's ip)
but it does not work. So, I am looking for an other solution, or maybe my rule is not correctly configured ?
networking but can understand with a bit of explanation.. I own a restaurant and provide free WiFi for my customers with a Cisco E2500, I am gettign bills that are through the roof, I contacted my ISP and was told users were accessing P2P downloads(uTorrent, etc.). How can I block these applications?
View 1 Replies View RelatedHow to block a single website, but I want to do the opposite. I would like to block all website except for a handful of them. Any example configs?
View 3 Replies View RelatedI am required to block the IP neworks used by approx 10 coutries. The issue is if using an ACL this works out to be about 18,000 lines, I have done all the summarization possible.. are there any other options? as the ASA 5505 crashes when implementing this many lines.
View 3 Replies View RelatedI've configured a Cisco ASA5520, i can access to internet and other applications in my office but when i sent an email from inside to outside and vis-versa, i can't receive emails in both side
View 3 Replies View RelatedI have a 1921 k9 router that has several DHCP pools configured. Before implementing the firewall they were all working. After implementing it they stopped working. I messed around and got the routed port GE0/1 handing out IP addresses and left it alone. Somehow it quit handing out IP addresses yesterday.I dont know if its a quick fix or not (getting DHCP working on the interfaces) but if any article that will walk me through getting DHCP working on all of the interfaces. [code]
View 10 Replies View RelatedI have an ASA 5505 running 8.4.I am only letting ICMP traffic in from the outside.As a test, I opened a couple of ports I need on the ASA.I cannot access these ports and I do not get a denied error in the log.
I contacted the ISP and they are not blocking these ports.I ran an online port scanner to check ports 1-100 as a test. They all came up as blocked on the port scanner. The only deny error I got on the ASA was for port 80.Is this normal behavior? If so, how do I get it to show all of the deny errors so I know the traffic is at least hitting the firewall?
I am new at ASA 5520 and CSC module (version 6.3). I would like to know what configurations are possible for my network users if i use the CSC trend micro blocking using IP address or AD users, I know that i could select users/groups from the windows AD or select the IP addresses that i want to use for blocking or permit HTTP traffic (URL, etc).
My question is on the client side, how the CSC knows what AD users is the one that is requesting certain HTTP pages, or if i user a proxy server, i lose the IP/users options on the CSC??..or i could use authentication options on the proxy for example?.
I have been looking information about this but the manuals only explain the configuration options that i could configure on the CSC Trend Micro page, but it doesn't say which network environment i could use or need.
I am setting up a network for a friend with children. He has a BT homehub and wants to block their access between certain hours. However by using access control on BT it tells you that you have been blocked which is no good as he cannot feign ignorance and pretend he doesn't know what to do (as his kids will pester him to fix it). He therefore wants to block their access more discreetly (as if the internet was generally timing out or messing up instead of actually displaying they have access control).Is there a way to block an individual's access on the router without blocking everybody either on a timer or manually done each time (thus if there isn't a way of automating it he can at least do this manually each time).
View 3 Replies View RelatedFor the last week, I haven't been able to access my banking web site (Royal Bank in Canada). It doesn't matter which browser (FireFox, IE, Chrome) or computer (desktop, laptop) or even my cell (on WiFi).It must be the router (DIR-825, HW-B1, FW-2.07NA) since I can connect to the web site fine if I connect straight to the modem. (Also, if I turn off WiFi on my cell, I can connect to their web site but once I turn WiFi back on, it wont connect).I tried restoring to factory settings but that didn't work.I tried some of the suggestions here: http:[url].....
- Turn off ALL QoS or Disable Traffic Shaping. Advanced/QoS.
- Turn off Advanced DNS Services if you have this option under Setup/Internet/Manual.
- Setup DHCP reserved IP addresses for all devices ON the router. Setup/Networking
- Ensure devices are set to auto obtain an IP address.
- Set Firewall settings to Endpoint Independent for TCP and UDP under Advanced/Firewall.
- Enable uPnP and Multi-cast Streaming under Advanced/Networking.
After adding the below Extended Access-List Entry into my 1841 Router, access-list 102 permit ip host 192.168.1.1 any. I can access the Internet from this client but cannot connect to this client from another branch through vpn tunnels. I can access all other clients that do not have this access-list entry.
View 5 Replies View RelatedHow to successfully block access to Instagram with the ISA550W? Also, have you experienced any significant latency with URL filtering and AV protection enabled?
View 3 Replies View RelatedHow to block LogMeIn and GoToMyPC? We are using an ASA 5520. We mainly want to prevent people coming into our network using those applications. Also, our helpdesk uses LogMeIn Rescue and would need to allow that for them.
View 6 Replies View Related