Since one cannot create an access-list with a domain (microsoft.com), I've been struggling with the task of creating an ACL to cover all ip addresses (CIDR networks) involved when a user wants to perform a Windows/Microsoft update from their desktop. Does anybody have a firm grasp on the ip ranges that I need to add to my access-list?
Running a Windows SUS/WUS box or a patch management server is not an option as this is a small network of only two PCs. They need to get their updates from Microsoft directly.
I'd appreciate any help with this as I'm really struggling to finish off my ACL and this is the last task. For those that want to know, I'm using a Cisco 837 running IOS 12.3.14.T7.
Re: Success with Access-List for Microsoft Updates?
You can go ahead and create the filters based on ACLs, but that's not a recommended solution for blocking web access. You can succesfully block ranges of IPs, but the moment they change, you need to update your list.
There's an IOS FPM feature or IPS features in order to try to match the content instead than just the destination IP. The problem is that FPM is not supported on your model. IPS software is only on security-based IOS.
You can go ahead and implement this solution, but keep in mind that is a temporary workaround only, until you filter the sites using other methods.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :