My main goal i want to filter certain sites including facebook not to be accessible within the network and block all torrets including maliciuos site. I was advised to get Cisco ASA 5505 which i already got a quote. But now i want to know if is the ASA 5505 good enough for this purpose, is there anything additional required to succesfully overcome my main goal?
View 5 Replies
Region : UnitedKingdom
Model : TD-W8960N
Hardware Version : V4
Firmware Version : 1.4.0 Build 111130 Rel.55990n
ISP : DEMON
I'm using parental controls to block all devices in the house from using tumblr. I cannot do this at a device by device level as it is being used on iphones/androids, laptops and desktops.Unfortunately, the way that tumblr works is that it use many URLs for the different pages people set up so it is not just a case of blocking url... - so I'm struggling to work out if I can do this via URL blocking on the router settings. How to do this at router level.
I'm trying to set up a website filter on my DIR-601. I created a policy for 2 MAC addresses, with a schedule from 10AM-6PM, selected "Block some websites", and disabled logging. Under website filter, I added some entries, and selected "DENY computers access to ONLY these sites". When the policy is enabled, and I try to access one of the blocked websites, it gets blocked correctly ("The URL access was denied by administrator.") However, for all other websites, I get "server unexpectedly dropped the connection" errors, eg "Safari can�t open the page [URL] because the server unexpectedly dropped the connection. This sometimes occurs when the server is busy. Wait for a few minutes, and then try again." or in Chrome "No data received. Unable to load the webpage because the server sent no data." This happens with ALL non-blocked websites. I'm using hardware version A1, firmware version 1.01NA.
View 2 Replies View Relatedfor example, there are 3 sites, A, B and C. A and B are 1.5 km apart and both are separate LAN(mixture of wireless and wired). C is 35 km apart from A and B. I have to connect A, B and C so that they can communicate with each other. Security is required.
View 8 Replies View RelatedMY ISP installed one router in my lab.for internet connectivity they mail me steps :connect your Laptop directly to gi0/3 port to check internet connectivity with public ip 1.1.1.x and Gateway 1.1.1.1 with subnet mask 255.255.255.240 after connection I surprised because I am able to access only google sites like gmail,google search etc. but I am able to ping/traceroute all sites.from browser I am able to access only google sites only.In Router no firewall no such access list.
View 2 Replies View RelatedUsing ACS 5.2, under Network Resources>Network Devices and AAA Clients>, I can only filter by:
Name
NDG:Location
NDG:Device Type
Description
How can I find a device by its IP Address? or how can I enable this option?
On this link:[URL] I read the following: ''Network Device Filters—Based on the AAA client that processes the request. A network device can be identified by its IP address, by the device name that is defined in the network device repository, or by the NDG'.....
How could I do this on my ACS server?
I have hw-550-3G modem and I like to know how to setup Mac, IP filter.To allow only the Mac, address in the list using the internet.
View 3 Replies View Related[URL]
I'm at task 6
Am I wrong but the only way to filter external routes - type 5 - is with a stub area, and area 0 can't be a stub? As far as I know OSPF can't filter on the route tag, so should I be filtering with a route-map?
Most of our VPN connections are done with our Cisco 3030 and the internet goes out the ASA. We are able to filter all web traffic by doing a a span port for web traffic.
When we move VPN connections to the ASA we will loose the ability to span web traffic becuase its coming in and going out the same interface on the ASA. We will loose the ability to filter web traffic when this happens.
How we can filter web traffic on VPN connections on the ASA. We are using websense. I know there is some integration that can be done with the ASA and websense but it doesn't have all the capabilities as doing a span port for websense to monitor.
is there any way to apply hostname or object network in the syntax? The command gives the option to use hostname or A.B.C.D but doesn't accept the hostname PIX1(config)# filter url except 0.0.0.0 0.0.0.0 ?configure mode commands/options: Hostname or A.B.C.D The address of foreign/external host which is destination for connections requiring filtering Can an FQDN be used as a foreign/external host?
View 3 Replies View RelatedI've got a PIX running 7.2(4) with its outside interface on the Internet. The only thing this PIX is doing is acting as the endpoint for an IPSEC LAN-to-LAN tunnel with an Internet-connected ASA on another network.
I'd like to filter inbound Internet traffic to this PIX so that only the designated ASA can attempt to establish an IPSEC connection -- in other words, I want to prevent any other device on the Internet from even being able to attempt to establish an IPSEC connection to the PIX. As far as I know (and have seen), this can't be done with an access-list on the outside interface, since that access-list doesn't apply to traffic to the PIX itself.
I am working on a Perl script to be ran on our different subnets to see what hosts are down (and make the assumption that if the host is down the IP address is free to be used). This is not being ran on a Linux system, so I can't use grep to filter out everything except down hosts. I know there are modules for Nmap that would make this task easier, but my plan is to install Nmap to our network monitoring server, compile the script for Windows, and have it create the report for what addresses are down. I don't want each person running the script to have to have all the modules installed, etc. Or can you compile the script with the modules in it?
View 6 Replies View RelatedI work at a boarding high school at nights and as such I have a lot of free time. However the internet here is very restricted due to obvious concerns about children and unrestricted access. I have private internet at my room on campus but its too far away to connect to. I was wondering if it would be possible to setup my laptop/tablet to connect to my home computer and access the internet through them without restriction. And if so how would I go about doing that?
View 2 Replies View RelatedWe have our aggregation layer here composed of two N7K with vPC between them. Every access switch is a N5K. Security policies state that we have to filter unnecessary vlans going through the trunk between N5K and N7K. So we use the 'switchport trunk allowed vlan 10,20,30' command. My question is: Do I have to include the native vlan id on this command?
View 10 Replies View RelatedWe are currently installing RV-042 V3 Dual WAN VPN Routers for a Customer with an HQ Office & 3 Branch Offices. The Customer recently requested to use the WEB Filter feature available in the RV-042 V3 Router to do the followng : - " Block all the HTTP Traffic Except for the company Website " We tried all the Combinations between " Access Rules " & " Content Filtering " available under the " Firewall " but we always reach the result that either to Allow ALL HTTP Tarffic to All Websites or to Block ALL HTTP Traffic.
how to Block all HTTP Traffic except for certain URL ( Using the URL Name NOT the IP Address ).
We have Cisco ASA 5520 with csc ssm 10 (product ver. Trend Micro InterScan for Cisco CSC SSM 6.6.1125.0)in Web>Global settings> URL filtering > Rules > Communications and Search> Social Networking category is set to block during work time and allow during leisure time(see the attachement), but rule for this category won't work. I mean social networking sites are always remain allowed.
View 2 Replies View RelatedIs it possible to filter remote access VPN traffic on a PIX 501 (like you can on an ASA?)
View 1 Replies View RelatedWe have a corporate site with a Cisco ASA 5580 (8.1), a remote office with a Cisco ASA 5510 (8.2) with a L2L VPN to corporate. A vendor has a L2L VPN to the corporate ASA with access to the remote office across the VPNs (hairpinning). The corporate office accesses an application at the vendor on port 23. Everything is working with regards to the vendor accessing resources to the remote office and the corporate office accessing the application at the vendor. Our goal now is to restrict the vendor to port 23 from the corporate network and port 9100 to the remote office. On the corporate ASA I setup a VPN filter and applied to the vendor's L2L vpn but when I apply the filter (see below) all traffic stops to the vendor such as telnet.
View 6 Replies View RelatedI have two wireless networks configured in the AP1200, both SSIDs are configured with WPA.
SSID 01: configured whit WPA
SSID 02: configured whit WPA
I have configured the access-list number 700, and I would like to apply to a single network. Achieving the following:
SSID 01 : WPA + Mac Filter, using the ACL number 700.
SSID 02: WPA
How I can apply the list 700 to the first SSID only ??
I need some clarification on the differences between a VPN-Filter v an Interface filter.I am using an ipsec crypto tunnel between our site using ASA 5525 and a remote client who are using a Palo Alto Firewall. I have applied a vpn-filter on the tunnel for these sites but I am being told that an interface filter would have been more simplier.
View 9 Replies View RelatedI have two Cisco 1260 autonomous access point setup with WPA2-PSK. They are up and running. In that configuration it is Personal security since the security is only provided by the shared key. I'd like to add MAC filtering so in my open authentification I just scroll down to "with MAC filtering" and save. Doing that crash everything and switch to Enterprise security which need to have a Radius server (the shared key is not saved anymore and by using a device I now see 802.1x security).
View 1 Replies View RelatedI wanted to ask if there is a collection filter in the ISE similar to ACS 5.3, where I can filter out unwanted syslogs.
View 2 Replies View RelatedI have 2 ACE4710 in HA enviroment, they receive connection from Internet. What I need to configure is following:
The ACE have configured two URL, with the same port and VIP Address, for example:
URL-1: www.xxxxx.com
URL-2: www.xxxxx.com/Admin
VIP Address: 10.10.10.10
Port: 8443
All clients point to unique VIP and Port configured, I need to know if I can apply any filter or rule that allows me to distinguish when a customer goes to the URL1 or URL2.If any client try to access to URL-2, your traffic must be deny.In summary, from Internet I should be able to go only to URL-1.
I am using an ASA 5510 firewall in routed mode.How can I filter incoming traffic by mac address on the AS 5510 ? I have already setup a static access rule for rdp users on the outside to access a terminal server on the inside.Now, i would like to further limit access from specific computers only.
View 7 Replies View RelatedI have Cisco 2821 with NM-AIR-WLC6-K9 installed. And number of AIR-AP1131AG-E-K9. Now I set up trivial task to make WLC6 to work as bridge between on of WLANs and one of VLANs on a network segment. I have already attained the following: all is working fine while I use on my test notebook statically assgned IP-address. Broadcasts as ARP-requests are going through the network free. But as soon as I change IP assigning method I hear nothing on DHCP's side. Notebook is unable to acquire address through DHCP. But when I assing IP-address to vlan20 interface on WLC6 and set up correct DHCP-server all works fine again. Now with DHCP. But I don't want use IP on vlan20! [code]
View 8 Replies View RelatedI would like to create custom reports using the Report Designer (Reports -> Report Designer -> Syslog) and filter certain syslogs from being seen when I run the report like permitted ACL entries, 802.1x successful authentications. It seems like there is only the option of displaying what you want to see, not what you don't want to see.
View 6 Replies View RelatedDoes ASA 5500 has stateless filter to drop packet even when 3-way handshake is finished
For example,
1: 3-way handshake is done
2:client send data to server
3:I apply a statless filter to the incoming interface to drop the packet from the client
I have a wireless sytem with a WLC 4400 and several 1522 Access Points. They don't actually function as Access Points because I'm using radio communication only for backhaul. There are no clients connected to the Access Points. All traffic on the network comes from the devices connected on the LANs that are bridged through the APs ethernet port.
I would like to create filters to allow only certain devices to be able to transmit over the radio link. I've used this in the past on 1310 units and it was very easy to do via GUI. This filter could be either by IP or MAC Addresses. IP would be better for me.
In my building there are 2 wireless access points connected directly via switch into the router.So the problem is i dont want to set a password for the wireless but i want to be able to filter all computers that are connected wireless to my internet because many of them are mass-downloading torrents movies etc. and it slows the internet massively. What do i need to do to make it like a filter , which would be like a ISA server or something.
View 9 Replies View RelatedIm using my upstairs neighbors wifi with permission. It has no protection whatsoever but recently i havent been able to use it anymore, and they both just went on vacation yesterday. Their dad was there for a day or two before they all left, my assumption is he thought i didnt have permission and did something to prevent me from connecting without mentioning it before they left.Its full bars (its directly above me) but the router almost instantly doesn't respond when i try to connect. Did he mac filter my wireless adapters adress? I tried changing my mac address on my wireless adapter (aka, desktop, as it doesn't have a nic) but Tmac cant change it successfully. Tmac is able to change my laptops mac though, but even after doing so i still cant connect to the network.
Other issue - right now im using a crappy 2 bar connection called ddrtvap on my laptop. The laptop sitting right where my wireless adapter for the desktop would be and it connects fine, but my desktop cant connect to this network (it connects to the network, but no internet) while the laptop does just fine. Windows repair is super usefull as it tells me something is wrong with my adapters settings but gives no clue as to what.
I have used all the spots on the form to filter mac addresses. Is there some way to add more? I have a lot of friends that come over from time to time. I also have plenty of my own wireless devices.I like using the mac address filter so not using it is not an option. Hopefully there is a way to add more, instead of being limited to a predetermined amount.
View 3 Replies View RelatedI am trying to block port scans originating in the Russian Federation, thousands per day. I entered 77.88.26.0 as the Remote IP Start and 77.88.26.255 as the Remote IP End, setting the action to Deny. It shows in the inbound filter rules list but my linux server still receives thousands of scans daily from an ip address in that IP netblock. My DIR-655 is running hardware version A3 and firmware 1.34NA.
View 8 Replies View RelatedI have a problem with my ASA5505 after enabling botnet filter my ASA reboots.Also while booting it usualy takes around 30minutes of random cycles before loading the OS. It seems to be falling at the license check.To fix the boot I usualy unplug the ASA for about 15minutes and then it will boot up fine.
View 3 Replies View Related
