D-Link DIR-600 :: Block Incoming Traffic From An IP?
Aug 20, 2012
I would like to block incoming traffic from a specific ip on a specific port
This is what I have
source: interface: wan ip address range: 5.xxx.xxx.226 - second one is empty (valid ip instead of x's) protocol: tcp
dest: interface: lan ip address range: both fields empty port range: 139 - empty field
ON and DENY box is ticked name field has some text in it
I click save and get this pop-up: Incorrect source ip address. Invalid format of the start IP address. Current Firmware Version : 2.11 The ip is obviously valid, what should I do?
View 1 Replies
ADVERTISEMENT
Jun 23, 2011
I need to block incoming traffic with Dlink DIR 600. I know how to create the rule source (WAN) to destination (LAN) to deny all protocols. But what IP will I put in WAN? IP address of my Internet? Or how can I enter the ALL IP range in source...format for the IP (it's not 0.0.0.0).
I want to do this because in the DIR log section I'm being PING Flooded. I already un-check "Enable WAN Ping Response" but still receiving the message.
View 4 Replies
View Related
Dec 12, 2012
I was configure 3 interface on ASA1st - managemetn (only for management)2nd - gig0/0 is connected to internet with real IP3rd - gig0/1 is connected to local networkI was configure routed NAT to internet.But I have problem with restriction incomming traffic to inside interface (ifname is inside)but I can connect to ip address of inside interface from other ip. It is wrong and i can't understand where is my mistake.
View 2 Replies
View Related
Mar 16, 2012
I start to use the CM. I received a request to block a number,I need to block the call only on the Call Manager or also on the Gateway that I have?
View 6 Replies
View Related
Oct 5, 2011
How to configure the 825 to block inbound traffic from a specific internet IP address ?i noticed an IP and MAC that i don't recognize that is listed as a connection to my NAS's media server ...i blocked it in the NAS configuration page, but i don't want any unsolicited traffic into my network.
View 3 Replies
View Related
Nov 29, 2012
I need to block 4000 nodes (Ultrasurf, TOR exit nodes) and I've written a script that will ssh and copy in these objects (prob 100 at a time) into an object group and then put a blanket deny. I don't see a flood of traffic (occassional hits every other day, etc) but I was wondering what the impact would be? Can the ASA handle an object group of that size plus an ACL with it? Any way to block incoming connections from TOR/Ultrasurf?
View 1 Replies
View Related
Apr 29, 2012
I have an ASA 5520 with the below config
Gi0/0: outside (Internet)
Gi0/1: inside (Internal users)
Gi0/2: DMZ (web servers, ftp, Mail etc..)
I have a SMTP relay deployed on the DMZ for mailing. I have also a mail servers installed in the internal lan,
I want to allow trafic from dmz to reach internal lan, and i want normally also allow stmp relay from dmz to reach Internet.
How can i block trafic from DMZ to reach Internal Lan (instead of smtp) if the to allow trafic from dmz to internet i must put ANY in the policy?
For allowing trafic from DMZ to reach Internet, the policy must be DMZ -----> ANY ----->Services., this policy means DMZ can implicity reach Internal Lan?
View 2 Replies
View Related
Feb 6, 2012
I have a licensing server. Other computers need to turn on a program, they send a message to the licensing server, and it responds that they have permission to run.Until today the licensing server was plugged into its own ethernet wall socket and configured with a static IP address. Today I put a router into that wall socket and now the server's plugged into the router.The router (WRT-54G) was set to the static IP - and now the internet on its network works. I set all ports to be forwarded to the server's internal IP address - and now my programs can detect and ping it. But now the server won't send back permissions to use licensed software, or even reply with a list of the software which it can license.
View 1 Replies
View Related
Mar 6, 2013
I'm new to ASA's and PIX units. I've setup a few VPN's now but know next to nothing about logging on these units. I read the config guide for the PIX, but cannot figure out how to get a log of incoming SMTP traffic going on the console.Do I need to use a SYSLOG server? I can probably set one up on my laptop.
View 1 Replies
View Related
Mar 15, 2012
I am trying to switch out a cisco pix 501 firewall with a cisco ASA 5505 firewall. I am not very familiar with all of the commands for the firewalls and have always relied on a standard command line script that I use when building a new one. Unfortunately, my script is not working with the 5505. What I am doing wrong with the following script? I've masked public IP info with xxx.xxx.xxx and I run it right after restoring the firewall to the factory defaults. I am able to get out to the internet if I browse directly from one of the servers, but cannot access a web page when trying to browse to it from an outside network. [code]
View 7 Replies
View Related
Jul 3, 2012
We run a Cisco ASA 5510 and i need to find out how i can find the receving end on the inside of a vlan for traffic comming from outside.
ie incomming traffic on port 3937 and are NAT to eth 0/1.10
Thers a bunch of traffic on one port 33771 udp going in on 90.191.72.227 how do i trace this to the inside computer ???
lets say incomming traffic is on 90.191.72.227 and this is on eth0/0 this ip is NAT to a Vlan on the side for 10.10.0.0 with a subnet of 255.255.255.0
View 1 Replies
View Related
Jul 10, 2011
We have the next Settings in our SW. We crate an ACL and aplied to a SVI for Incomming Traffic, I understand that is not necesasry to allow the returning traffic in ACL, but we can't access to rdp for example when we add the ACL, if we remove it, the acces is ok, buet when we add again the access is deny, even we have a log entry, and the ACL i just for Incomming traffic. There is no another ACL.
See attached file
[code]...
View 1 Replies
View Related
Apr 11, 2012
We have a switch gc2960. It has ports configured on vlan 27 and vlan 29.It is connected to switch ch3550. It has presence of vlan 27 vlan 29 and also vlan 18 and several other vlans.Our internet firewall is connected to ch3550. It is a fortinet product, so this is not indicated on the diagram.
When the two switches were connected on vlan 29 access ports, pc's on vlan 29 on gc2960 worked as expected. vlan 27 clients of course did not work.When we switched the connecting ports to trunk ports, some weird stuff happened. Clients on gc2960 on vlan 29 could ping and resolve dns, but not browse the intenet. The same was true for clients on gc2960 vlan 27. We verified that packets from the web were coming in through the firewall. What we were thinking, is that they somehow were not being tagged to vlan 29 even though we were trunking.
When we set native vlan 29 on the trunk, then clients on gc2960 vlan 29 operated as expected. However, clients on gc2960 vlan 27 are still having this problem, we can ping and resolve dns but not browse.Consider the other switch ch2960-jstreet which has presence of vlan 18 and vlan 27. It is also connected on trunk to ch3550. We are not using native vlan on this trunk, and traffic works as expected.Is the lack of presence of vlan 18 a factor as to why gc2960 is not receiving the tagged packets correctly? Should the interface vlan18 on gc2960 have an ip address on the vlan 18 network?
View 5 Replies
View Related
Oct 2, 2011
We have Cisco ASA 5505, 90.x.y.2/29 IP is assigned to outside interface. We have one internal HTTP server so that I use static (inside,outside) tcp interface [URL] to forward all incoming HTTP traffic to internal HTTP server 1. Now we need to add new physical HTTP server 2 so that I would like to forward
HTTP traffic to e.g. 90.x.y.3/29 to 172.16.0.11.
How can I do that? See scenario image (scenario.png) if needed.
View 6 Replies
View Related
Dec 5, 2012
Since the power failure two days ago, my -ASA stops forwarding traffic to internal servers, for no apparent reason. Packet trace shows all OK, packet capture buffer stays empty when I try to http into the mail server. The only way to get it working is to change the Outside Ip to the one used for mail, then to change it back. It will work OK for a few hours, then stop, with nothing obvious in the logs.
View 2 Replies
View Related
Mar 4, 2013
We have a Cisco ASA 5520 and im looking for a way to monitor largest outgoing and incoming traffic per ip in real time so to know which of my internal computers are using the most of our Internet Line. Is there a way to this through ADSM ? We use version 6.3.
View 1 Replies
View Related
Nov 3, 2012
I need to block the P2P traffic on a Cisco router. How can do it effectively? I configured NBAR on my router but still users can download using the utorrent client.
View 5 Replies
View Related
Jan 16, 2013
when I run nestat -b command. I always see a lan ip sending TCP traffic to my computer with state syn_receivedProto >> Lan Address >> Foreign Address >> state >> Process idTCP >> (my ip) >> 192.168.2.222(lan ip) >> syn_received >> 4
View 6 Replies
View Related
Apr 22, 2013
where is the best place to block unwanted traffic? By that I mean, should I block it at the router, firewall, IPS? As an example, I'm dealing with DNS flood attacks - probably DDoS and reflection. I have a pair of Cisco 2821 routers with two different ISPs doing BGP. Behind that I have an ASA 5510 with IPS module. Behind that I have 2 public DNS servers. Over the last few days I've seen an increase in bogus DNS queries - high volume, distributed. My question is where is the best place to put the ACL to block them? I've been putting them on the ASA, but when the attack is running, it jacks the CPU to 60%. If I don't put the ACL, the IPS seems to pick them up after a while and the CPU is almost as high as with the ACL. I haven't tried to put the ACL on the routers.
View 2 Replies
View Related
Feb 1, 2011
I've been fighting with getting VPN connections working properly with my Dlink router. I set up virtual servers for PPTP and L2TP and could usually get the first attempt to work. Subsequent client connections would always fail.The logs display the following-Dropped GRE packet from 192.168.0.10 to 64.232.xxx.xxx as unable handle packet header. Blocked incoming GRE packet from 64.232.xxx.xxx to 76.105.xxx.xxx.What seemed to fix it was going to Firewall Settings and setting UDP Endpoint Filtering to Endpoint Independent and TCP Endpoint Filtering to Address Restricted.
View 1 Replies
View Related
Jan 3, 2013
How to configure my DIR-615 (Hardware Version E1 - Firmware Version 5.00NA) to:
1. Assign/Reserve IP address for 2 machines.
2. Route a web browser to a server on the first machine (port 80) as a default when another computer or smart-phone or device joins my open wireless network.
I am hoping to eliminate any changes to the IP address of the first two computers so that the server's IP address and port are static. I would also like anyone who joins the network to merely open their browser and be presented with the http interface from my server.
View 2 Replies
View Related
Nov 27, 2011
Using a Samsung Galaxy S2, iPod Touch 3rd Gen, and Nook Color, they are all experiencing retry problems, even when 3 feet from the DIR-601. When I use them my log gets filled with messages like:Blocked incoming TCP Ack packet from 192.168.100.201:2926 to 209.85.145.113:80 with unexpected sequence On the devices I see the downloads/content taking a long time to appear and often I get a blank page or "Retry" messages. I purchased two DIR-601s and get the same problem with both. They are both running 1.02NA firmware. The WLAN is Time Warner cable modem. Prior to this I had a Linksys WRT-54 that gave great performance, though just at B/G speeds. I was hoping for a performance boost but right now the N speeds are slower than B with the retries.
View 5 Replies
View Related
Jan 27, 2011
I am trying to make my computer support incoming VPN connections. I am using Windows 7 Home Premium on the computer I want to make the connection on.I am also using Verizon FioS internet (comes with default router/modem combo) to which I have the DIR-655 router connected. I am able to connect to both WiFi's fine and they work correctly.I think the Verizon router is set to block incoming VPN connections and I think this is why I cannot get anyone to be able to access my computer / internet via VPN. How I can perhaps forward ports and which settings I would need to specifically change in both routers admin settings so that I can get VPN connections to forward to my computer and be accepted.
View 1 Replies
View Related
Jul 5, 2011
I have a computer on my network I would like to use for media streaming. I would like to block all incoming/outgoing internet traffic and keep all network traffic on this computer local. Is this even possible? Can I also easily restore it if necessary? The computer is running Windows 7.
View 4 Replies
View Related
Aug 16, 2012
Is it possible to block outside P2P traffic on a guest wireless network using an ACL on the controller? I know we can do it our firewall
View 6 Replies
View Related
Jan 28, 2013
I'm using ASA 5515X my concern is I was not able to block the traffic of P2P such as BitTorrent etc. I was also view some technotes on how to use webfilter without using Websense or Smartfilter tools and lucky I'm able to block certain websites. how to block the traffic of P2P?
View 2 Replies
View Related
Jan 10, 2012
Is it possible with a 3560 to block all traffic to a certain vlan except for one or two IP addresses? Create an ACL or something? We have a vlan for voice calls (SIP) and we are getting a lot of scnas that are making the phones ring and such, and I think we can stop this if we only allow traffic onto the vlan from the IP's the SIP traffic is SUPPOSED to be coming from.
View 1 Replies
View Related
Jul 7, 2011
Is it possible to block internet traffic on the PC using ASA5501 firewall which is used in transperent mode.The DHCP pc is working fine we just need to pass through ASA to block the internet on the pc however intranet should be available.
View 3 Replies
View Related
Jan 21, 2012
On connecting VPN, i am getting this warning: Enabling VPN connection will block all traffic that doesn't get sent to this peer. After Yes, it stops all browsing. I want to access internet plus vpn connection.
View 4 Replies
View Related
Jul 14, 2010
Got servers in vlan 10 ip range 10.0.0.0 and servers in vlan 20 ip range 20.0.0.0 at the same layer 3 switch. (c6509 sup720)I would like to block TCP traffic initiated from Vlan 20 to Vlan 10. But the servers in Vlan 10 needs to be able to open an TCP connections to Vlan 20 did test with the ACL thats blocking (ack/established/syn) but unable to get it to work.Or it works both directions or is works non directions.
View 4 Replies
View Related
Apr 6, 2013
I have a working L2L between two locations. Location A and Location B.
Location A: 172.16.16.0/24
Location B: 192.168.0.0/24
I would like to block anything inbound to Location A from Location B that isn't initiated from Location A. The block should be done on the ASA5505 at Location A. Location B uses an ISR G2 router. i.e. Location A can start an SSH session to a server in Location B Location B cannot start an SSH session to a server in Location. .
I tried using a VPN filter on the ASA5505 but it isn't stateful, I cannot pass any traffic when using it.
Config on my ASA:
access-list vpn-traffic extended permit ip 172.16.16.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list block-vpn-to-local extended deny ip 192.168.0.0 255.255.255.0 172.16.16.0
[Code]....
I also have an AnyConnect VPN setup for the ASA5505 and it is running 8.2(5).
View 4 Replies
View Related
Apr 16, 2013
Is there a way to block lan to lan traffic (except lan to gateway/gateway to lan traffic of course) on a Cisco 2960?
View 9 Replies
View Related
Jul 11, 2011
Any comprehensive list of custom settings for NBAR V6 that will block most P2P traffic. The built in list seems incomplete. Either that or a way to better block P2P traffic at the router level.
View 1 Replies
View Related
