I have a ASA 5510 device. I have been asked to block Ip range for India from accessing set of servers. Total Subnets: 34,675,968.I really don't want to create a two mile long access list with all these subnets.
View 2 Replieshow to allow few url and block other in cisco asa 5510
View 6 Replies View RelatedASA 5510, version 8.4.1 with ASDM 6.4.1
How can I prevent the user to share files with p2 programs (torrent, eMule, etc) and to chat via Instant Messaging, Facebook, Twitter, etc. ? I find a lot of suggestion, but allways related to 8.3 or older
I have 1 firewall module of ASA 5510. I am trying to block some URL's in it via ASDM but not working.
So far tried by following standard cisco doc which shows hwo to enable URL blocking via ASDM n via regex. Not working in my case.
block skype 5.1 in my network. This version of skype doesn't need Administrator rights to be installed. In my network there are 2 ways to Internet, one filtered by a PIX 525 ver 6.3(3) and the other by a ASA 5510 ver 8.3(2). No IPS system present on my network.
View 6 Replies View Relatedi want to Block torrents service in my Firewall , and give access to one of my pc , is it possible to do in the IOS 8.2
View 1 Replies View RelatedNow, i want to block some websites in cisco asa 5510 and in want to block key word like "sex", "game",..how can i config it?
View 3 Replies View Relatedi have a cisco asa 5510 and would like to add a NAT rule for a range of ports like 50000-59999
View 15 Replies View Relatedi have a cisco asa 5510 and would like to add a NAT rule for a range of ports like 50000-59999
View 1 Replies View RelatedI have cisco ASA 5510 with basic configuration (default policies). The problem is that windows XP users are unable to send emails form MS outlook and unable to log on to Hotmail , Gmail or any mailing site. While windows 7 and 8 users are not facing any problem.
View 2 Replies View Relatedhow to go about setting up the ASA to block any SMTP traffic outbound except for our Exchange Server. This is in relationship to a SpamBot issue that blacklisted us. I have an ASA 5510 running version 6.2(5) / 8.2(2) with three ports. DMZ, Inside and the Outside interface. Up till today, I only needed to block outside traffic to our internal network which I used the ASDM to configure a rule on the outside interface for an incoming rule. I am assuming I need to create an outgoing rule on the outside interface; however, just to make sure I understand the terminology/traffic flow, I created the rule with my computer as the source (192.168.0.131) with ALL destination and the service as HTTP. My logic, which seems to fail here, is that any traffic from my computer going outbound would be blocked; however I am still able to browse... That said, if I were to change the source as the Exchange server and the Service Type to SMTP, it would not actually block traffic and therefore not solve our problem. I even gone as far as permitting traffic from my computer, expanding the hit counter and I see no hits. So I am no doubt doing this wrong. What I do know, is when I first created the rule, a second rule was automatically created (Implicit rule) that deny all sources and blocked all HTTP traffic until I changed it to Permit?
View 2 Replies View RelatedI have created Different extended access-list which allow/block some specific services like IP,TCP,UDP ,ICMP etc for certain source and destination . But now I have to allow/Block all/any type of services to a certain host from a extended access-list . How can I do it ?
View 4 Replies View RelatedI have purchased a Cisco ASA 5510 & want to block all social networking websites (https) either using CLI or ASDM.
View 1 Replies View Relatedi have cisco asa 5510 as firewall, i was trying to block some site using the link provided below
[URL]
and its working fine, but the problem i am having, when i go to download attachment from hotmail its not downloading, from gmail and other mails its
i use ASA 5510 and i want to block some urls :
-192.168.2.70 to 79 allow every thing
-192.168.2.80 to 89 : block facebook , myspace, twiter,
-192.168.2.90 to 99 : block facebook , myspace, twiter, youtube , dailymotion
-192.168.2.100 to 199 deny everting
I'm new to an ASA 5510 running 8.4(3) and am trying to figure out something regarding time ranges in ASDM. I simply want to allow a single port during business hours only (I'm not concerned about open sessions needing to be closed). So as an example I add a rule something like:
(RULE1 on the internal interface) SRC=INTERNAL DEST=ANY SERVICE=RDP ACTION=PERMIT with a time range set for weekdays 8:00-16:59. I did a test after 5pm on a weekday and was still allowed to do RDP to a server (from INTERNAL), and after using the packet trace tool saw it was still passing through due to a rule a couple lines down (rule 4) that allowed a port range that happened to include port 3389. So my question is if I specify an "allowed" time range and someone attempts access outside that time range, why doesn't it drop it right there? I guess I'm assuming that anything outside the "allowed" time range would be dropped but that doesn't seem to be the case. I'm also assuming the rule base is processed top to bottom.
Is there a way to block a range of IP addresses in the E2500? Like parental controls but with IP addresses instead of URL..
View 2 Replies View Relatedwhere is the best place to block unwanted traffic? By that I mean, should I block it at the router, firewall, IPS? As an example, I'm dealing with DNS flood attacks - probably DDoS and reflection. I have a pair of Cisco 2821 routers with two different ISPs doing BGP. Behind that I have an ASA 5510 with IPS module. Behind that I have 2 public DNS servers. Over the last few days I've seen an increase in bogus DNS queries - high volume, distributed. My question is where is the best place to put the ACL to block them? I've been putting them on the ASA, but when the attack is running, it jacks the CPU to 60%. If I don't put the ACL, the IPS seems to pick them up after a while and the CPU is almost as high as with the ACL. I haven't tried to put the ACL on the routers.
View 2 Replies View RelatedI have a Cisco ASA 5510 with a 5 block of IP addresses assigned from our ISP. I am having issues with connectivity and routing traffic from the outside interface to the outside interface. I have my outside interface set up with IP address of 24.182.x.146, it allows internet access and also hosts a web server. Any time I have a client using this device for internet access, I am unable to have traffic accepted for my web server. I.E 100.100.x.52 is using this device, it browses to https://24.182.x.146 and it gets an unable to connect. I am able to connect to the web server from any other ISP/Device. [code]
View 4 Replies View RelatedI have 3 ASA 5510s; two of which are in production and the 3rd one is new. I inherited the two in production and was trying to configure that 3rd one using some of the existing object-group network statements. The problem is that when I try to create a range of IPs in one of the object-groups; the range command is not available. Here is one of the statements extracted from one of the production ASAs: object network REMOTE range 62.77.130.14 62.77.130.208.Both ASAs have the same image ver (asa842-k8). Is there something that I am missing to be able to enable the range option on the new ASA?
View 2 Replies View RelatedI've configured an ASA 5510 FW with asa901-k8 ios. on it's "inside" port there is 10.90.0.0 network. there is another network (10.190.0.0) in my system that can be reached via another router which has 10.90.0.253 ip address. when a client in the 10.90 network wants to reach the 10.190 network the fw redirects the request to the router (10.90.0.253) because the fw is my gateway. there is no problem so far... but... while i can ping and traceroute a 10.190... user from 10.90... network, i can't use any non-icmp appliactions. for example i can't use rdp programs, http web interfaces of some devices on remote network (10.190.0.0). what can cause that? is there any rule in asa that blocks these protocols?
View 4 Replies View Relatedsome recommendations for product selection and overall infrastructure setup for our datacenter: We have an old, legacy setup, and are looking to replace equipment, improve performance, enhance security, and implement hardware redundancy (if cost effective).
1) We now have (2) IP blocks from our provider, and need to support both (because we have mailers on older IPs with a good reputation rating).
2) We have (2) aged Sonicwalls, one for each IP block, each connects to multiple internal subnets (some internal subnets need connectivity to eachother, some don't).
3) We have (mostly) public facing web servers (Linux/Apache), as well as database servers (with no external access).
Questions-
1) Should we implement a Cisco ASA 5520 w/ or w/o SSM modules for the new IP block (for webservers)?
1a) Should we implement a Cisco ASA 5510 or 5505 for the existing IP block (for mailers)?
1b) Or, can we have multiple public IP blocks connected to a single ASA 5520 (or 2 ASA's w/ failover)?
2) Can we connect both firewalls (5520 and 5510/5505) to a single Catalyst 3550 (or similar) using VLANs, and have 6 - 10 VLANs for webserver subnets, with ACLs controlling which subnets/servers can connect to eachother?
2a) Should we implement a second Catalyst 3550 (or similar) for redundancy (webservers have multiple network cards).
3) From our provider, we only have (1) dmark which both IP blocks connect through. Currently we have a switch connected to the dmark in order to 'splice' the connection, and have both existing firewalls connected. Is there a better approach to this?
4) We would like to implement SSL-VPN, and possibly site to site IPSec VPN, but only if there will not be significant performance degredation.
5) Other thoughts/recommendations for new features, enhanced security, or redundancy?
We have an AP located on a German site which is supposed to connect to a WLC which is in Germany as well. Our network however is spread to France as well where another WLC is located. Now, the AP can not be convinced to connect to the German WLC. Despite our efforts (e.g. manuel IP configuration, reset to factory defaults) we don't manage to bring that AP to the German network - this is by the way the only AP, all other approx. 200 work just fine.
View 6 Replies View RelatedI have a WLC 5008 running with 40 AIR-LAP1042N-E-K9 and country code BE (Belgium) configured.I also have some AIR-AP1142N-C-K9 which I converted to CAPWAP OS.Unfortunattely only 1 of the 2 radio interfaces is working because of regulatory reasons.(the AP's are -C models which stands for China - although they were bought in Belgium too).I tried to activate the country codes for BE and China, but the WLC won't accept both.Is there a way to get the 2nd radio interface working ?
View 3 Replies View RelatedI am trying to install SSL VPN on our 1941 router. When i try to send a CSR for signing the site complains about the country code not being correct. How can i change the contry code in Cisco IOS Version 15.0(1r)M9 ?
It is also complaining about the domainname, but the thing right now is the contry code.
I have a list of email addresses, people who have subscribed to a free electronic newsletter. The email address is all the information we have about each subscriber.A satellite office is going to begin handling print and electronic subscriptions for subscribers in Peru. Is there any way to determine which of these email addresses are from Peru?
View 5 Replies View Related[code]...
In the meantime my linksys supports just: 36, 40, 44, 48 which are not allowed in TW.I can't connect to my ea4300 via 5Ghz what makes me sad
I would like to know how can I block a ip address from the CLI at the Cisco PIX Firewall Version 6.3(4)
View 4 Replies View RelatedWe have cisco 2504 controller and 1200 series access point.These are in India and country code is IN.When access point joins the controller , then in wireless>advanced , i see the two country code is already configured these are Sri Lnaka(LK) and Singpore (SG).I have disabled the radios and changed the country code to IN but after doing that Access point is not joining the controller and giving the duplicate error.
Then i have again set the country code to IN,LK and SG.I am able to see the LK and SG but In is not showing in drop down list.
Operationally everything is working fine.
Currently my solution consist of two 5508 controllers and several non-mesh and few mesh AP (2600) running in flexconnect mode in one single site in europe. Everything is going fine. However there is going to be a new site in Canada. I found some documentation saying that multiple country code is not available for mesh ap. Mesh ap are not going to join controller if multiple country code configured . but all this documentation is regarding version 7.2 and older. Im running version 7.4.100.0 and on configuration guide I don't find anything related to that.
View 9 Replies View RelatedIam trying to add servers to Tor (torproject.org) to remove country restrictions on videos from different websites such as bbc.com and i don't know how to do it. I got the server but I don't know what do do next?
View 1 Replies View RelatedI bought a v1. wusb600n for win XP sp3, recently for no apparent reason, it became stuck in country region #2 (ch 36 to 64) when i use WZC or even netstumbler to view networks. I have tried uninstall/reinstall of driver, tried using ralink's driver and even another usb600n, but the problem remains.
Checking the INF files shows that all the drivers are trying to install as region #0 (36-64 + 149-165) but they are always showing as region #2
I really need to know a way to block teamviewer through asa. Knowing that teamviewer uses https port.
View 3 Replies View Related