I have a customer who needs to block access to specific Websites, like youtube.
I have tried this, with no luck. Please review config below, and advise.
CIGHYDUC520(config)# access-list 188 deny tcp any host www.youtube.com eq www Translating "www.badsite.com"...domain server (188.8.131.52) [OK] CIGHYDUC520(config)# access-list 188 permit tcp any any eq www
When I do a sh ip access-list it did the right thing, and showed me the IP address of the server youtube. However, I figured since youtube has a lot of servers, I need to add all of them. So on my PC I ran this command, nslookup www.youtube.com and youtube.com, added them all(10 of them) in the access list and applied it to the interface. No luck! It finds a new server each time. I am sure Cisco has this figured, and there must be an easier way! Has anyone tried this already?
Please let me know!
In IOS, there is the concept of content filtering or URL filtering. This however is not supported on the UC500.
For Small Business, the SA500 would be the way to go. Either that, or you can block it with the ACL's.
2 other things you can do. Have a proxy server on site to block content. Use a DNS server you have control over and block the traffic that way.
Hope that helps.