How do I configure Cisco ASA 5505 (using ASDM 5.2) to block a workstation (IP address) from accessing internet completely? I was trying to set up a new incoming access rule for outside interface to deny any IP traffic to that workstation but it doesn't work from some reason - the workstation can still access the internet. The ASA has no special settings, only a few ports opened for servers?
View 1 RepliesCan I use AAA Radius on a ASA 5505 to block outgoing user access by user name in a group?
View 2 Replies View RelatedI have configure Cisco 5505 as layer 2 firewall mode. I have vendor machine connected to Cisco ASA 5505 on port 2 as VLAN2 inside then VLAN1 outside connected to my internal network on layer 2 cisco 2960 switch. This machine needs access only to LOGMEIN then block all internal/internet traffic.
vendor machine on vlan 2 inside >> Cisco ASA 5505 vlan1 outside >> layer2 switch >> internal LAN >> Cisco 5520 main FW >>> INTERNET
We have an ASA 5505 and I want to block www.facebook.com for all users on the inside network. I followed the instructions laid out in Cisco support document ID 100513 using regular expressions with MPF but am running into some problems.
[URL]
Once the configuration has been changed based on these instruction www.facebook.com is blocked. However I can't access any other websites except my Google News home page comes up just fine for some reason.
ASA Version 7.2(3)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password 4nJloDG8uYd8w4D3 encrypted
names
!
interface Vlan1
[code]....
I am setting up a network for a friend with children. He has a BT homehub and wants to block their access between certain hours. However by using access control on BT it tells you that you have been blocked which is no good as he cannot feign ignorance and pretend he doesn't know what to do (as his kids will pester him to fix it). He therefore wants to block their access more discreetly (as if the internet was generally timing out or messing up instead of actually displaying they have access control).Is there a way to block an individual's access on the router without blocking everybody either on a timer or manually done each time (thus if there isn't a way of automating it he can at least do this manually each time).
View 1 Replies View Relatedi saw on router address that someone is using my wifi and i just want to disconnect him without changing my wifi password
View 1 Replies View RelatedHow can I block my son's computer from internet access through our wireless router without having his computer in hand? I have accessed the router on line but don't know what to change there.
[code]...
How to block internet access some of the computers in a network
View 2 Replies View RelatedHow to block other persons getting in my internet services
View 3 Replies View RelatedI am trying to allow a block of 7 or 8 devices to access the internet all the time. Two other devices I would like to allow internet access during a set time range. Finally I would like to block internet access to all devices not in one of the above groups. I need to use MAC addressing to identify the allowed devices. I was able to do this with my old WRT-54G but the DIR-825 is giving me trouble.My main problem occurs when I try to block access to "Other Machines". When I do that all devices on my network are cut off the internet.
View 5 Replies View Relatedi want block only internet access from firewall
View 1 Replies View RelatedI have the Qwest/Actiontec Q1000 modem/router. I go to the ip address using my web-browser and open up advanced configurations -> access scheduler. I select a computer (and it automatically adds the MAC address) and then the days/times I want the internet to be accessible. However, when I click "add" (to add my internet allowance to the scheduler list) it just says 12:00 to 0:00, which is essentially permanently blocking the internet for that computer.
View 7 Replies View RelatedI have a windows server 2003 ent., with about 6pcs and a couple of macs. I don't want the server to connect to the internet, though every computer only has one network card. I want all the clients to access the internet but not the server. How do I set this up.
View 4 Replies View RelatedIs it possible to have my file server only accessable in the LAN. I would like to block all inbound/outbound traffic outside of the LAN. I back up all of my personal files to that server and some contain sensitive information.
View 9 Replies View RelatedE2000 about a years old.One of the rule is to block internet access from 1am to 4am for certain internal IPs.Working fine until a week ago. Once the time kick in, the E2000 will not route any internet access for any internal IP until the unit is power off and power on reboot.If that rule is disabled. then the E2000 will route all days and nights with no problem.Updated firmware to 1.0.0.4 already.I replaced the WRT45 because of the same problem a year ago. Now just about a year, this E2000 keeps blocking all traffic.
View 1 Replies View RelatedI have a netwokr in which users are getting ip address from DHCP server that is window server.i want to block some users to access interent by using their device mac address.i have these devices in my network...
2921 cisco cme router
cisco 2960 switches
cisco 892 cisco internet router
internet ADSL that cnnected with cisco 892...
wireless AP 1142...
i have no firewall or any asa...how can i block some users for accessing internet but they can access internal network...for file sharing and prinitng,...
Setup firewall rules that will block all inbound Internet access to the web server except port 443, Setup firewall rules that will block all communication between the two internal networks, except ports 7000 and 1702
View 1 Replies View Relatedi want to block all internet access on all my computers from the time range of 9 PM to 8 PM. Yes, that gives 1 hour of internet access per day. However, it seems that there are certain rules of the router that won't let me do this. It seems I can't make 2 different policies for PC's within the same IP range (192.168.1.0 to 192.168.1.254) , it gives me the error: "The values you entered are invalid. Please try again."every time I try to do so. And when I try to give the time range from 9 PM to 8 PM it gives an error stating that the end time must be bigger than start time. I am using the WRT54GL with firmware v4.30.7.
View 5 Replies View RelatedOn E4200 Firmware Version: 1.0.03, I managed to successfully set up "Internet Access Policy" (not the "Parental Controls") to set up the times when internet access is disabled for various IPs on my network.
But I could't setup a policy to block facebook.com. What I am doing wrong? See the attached screen shot. I did click the "Edit List" and apply this polity to the IP Address Range 192.168.1.2 to 192.168.1.254.
We have an RVS-4000 router that we use as an Internet gateway on our school network. I am trying to set up an Internet Access Policy to block some specific websites by URL using a domain name. I set up the policy, and added a PC to the list using the mac address, and the blocking did not work. I went back to the list and added the IP address of the same PC, the policy still did not work to block the domain. I rebooted the router, cleared the Internet Temporary files and history on the PC, and the policy still does not work. It acts like it is going to block access to the website because it takes a long time, but it will eventually connect.
View 7 Replies View RelatedI have a Cisco C3560CG which is running C3560c405ex-UNIVERSALK9-M), Version 12.2(55)EX2.The switch has vlan 1 and vlan 50 configured, vlan 50 should have access to a limited number of host in vlan 1.The following acl has been applied on the inbound to vlan 50:
10 permit tcp 10.16.30.0 0.0.0.255 host 192.168.15.243 eq 137 138 139 445
20 permit udp 10.16.30.0 0.0.0.255 host 192.168.15.243 eq netbios-ns netbios-dgm netbios-ss 445
25 permit icmp 10.16.30.0 0.0.0.255 host 192.168.1.243
26 permit ip 10.16.30.0 0.0.0.255 host 10.16.30.254
30 permit ip 10.16.30.0 0.0.0.255 host 192.168.15.254
[code]....
I sure the above would work, but for some reason some of the packet counter are not incrementing but the traffic is being blocked. But I would like to see the counter increment.Also I have that I may beed to use VACL wouls this be the case?
Why does my E1200 forget my Parental Control Password? This happens almost weekly and I have to use the "forgot password" option. It asks my security question, I answer it and set the new password to the same password it keeps forgetting. Why does this happen? Also, is there anyway to have total 24hr control on the Block Internet Access?
View 4 Replies View RelatedI can make some "local policy" with client of SSL VPN AnyConnect and block access to internet?
The user would only have access to the internet if he was connected to the VPN (by internal proxy).
I have configured my e4200 to block traffic at certian times uses both the Parental Controls and the Intenet Access Polices. Neither one seems to work though. [code] I have the same MAC addresses specified in each rule. Initally I had only the first two rules. Those didn't work, so I added rule 3 and 4 (they do the same thing as rules 1 and 2 but from the opposite direction). There are no compliaints, but they don't stop any traffic.
I started with the Parental Controls, they didn't work either. The page in there that lets you pick which machines you want to block seemed next to worthless. I have about four rows listed as "Network Device." REALLY LAME! As the MAC addresses are accesible and these weren't working I went to the IAP.
I was asked to block pings from the internet to the outside interface of our ASA-5505 firewall. I found a post that said to enter "icmp deny any outside", however that does not do it.
I created an ACL to try and do the trick, also to no avail:
access-list outside_in extended permit icmp any any echo-reply
access-list outside_in in interface outside
access-group outside_in in interface outside
I am using ASA5505 and I would like to block certain websites such as facebook.com on some users only
View 3 Replies View RelatedWe have a client that is running a PC on a internet over satellite. To avoid any unessecery traffic over the satellite link (data traffic is quite expensive), we've suggested to use a 5505, as we had one handy already.
So basically what we wanted was to block everything outgoing and everything ingoing, except for example port 22 (ssh).
But I'm struggling a bit, since this is my first cisco router to be configured.
My interfaces are as follows.
Outside - DHCP
Inside (port 1) - 192.168.1.1
I'm only running ipv4.
in ASDM I made a static NAT rule for port 22, being forwarded to 192.168.1.5 (the computer)
in Access rules I made under outside (incomming rules) source=any destination=outside service=ssh action=permit
But when I try to add further rules to block everything else, it takes the SSH on port 22 with it. How should I do this the easiest way?
the hardware setup is pretty straight forward.
sat-terminal(with IP 192.168.0.1 running DHCP) -> 5505 (outside IP=DHCP - inside IP=192.168.1.1) -> computer (IP=192.168.1.5)
if it is possible to block a website or ip address from an ASA 5505? if it is possible, can you give me an example of the commands to get it done?
View 2 Replies View RelatedI was asked to block pings from the internet to the outside interface of our ASA-5505 firewall. I found a post that said to enter "icmp deny any outside", however that does not do it.
I created an ACL to try and do the trick, also to no avail:
access-list outside_in extended permit icmp any any echo-reply
access-list outside_in in interface outside
access-group outside_in in interface outside
I have a 5505 that i setup with a comcast cable modem (1 static address) and i cant seem to get to the internet. Im thinking it is a NAT rule but i don't have enough experience to figure it out.The current setup is E0/0 plugged into the cable modem, and a laptop plugged into E0/7. I have assigned my laptop an address within Vlan 1.[CODE]
View 19 Replies View RelatedI have a ASA 5505 that I have been using for a while, but a new ISP is trying to configure my service so that the outside interface has to be configured as DHCP to receive a reserved IP address, and then they will route a separate, non-contiguous block of addresses to that address.
Essentially, they have a DHCP reservation for 1.2.3.4 for my ASA, and then they have 10.2.3.16/28 as a separate block routed to me.
Obviously, I can do my static NAT translations using outside as the address, but I cannot get the separate block of addresses to route through the ASA. Is there a way to do this and get them to work? My ASA is running 7.2(2)
Well, I tried using the cisco configuration for ASA 5505 for blocking P2P: url...but this configuration only is usefull with programs like Kazaa, so I try this configuration to block ARES but the problem is that ARES try to make downloads from different ports, ¿How do I block ARES if there are sereveral ports ?
View 1 Replies View RelatedI'm using an ASA5505 (8.4(1)) and would like to block port 80 on a specific host in the LAN so machines in other remote LANs connected via VPN can't access this port on the host. Devices in the local LAN should have access to this port on the host. Here are the commands I'm using:
-access-list block_port extended deny tcp any host 10.20.10.20 eq 80
-access-list block_port extended permit ip any any
-access-group block_port out interface inside
These commands are not working as I would expect them to. When I browse to http://10.20.10.20 from a remote machine over the VPN tunnel I am able to access the host web server.