Our main internet router has two firewall's at our site, one of the asa's is ours the other is a client asa, the client asa has a ipsec tunnel and a riverbed steelhead caching device that goes back to there site in the usa. this is then used by the client to access servers on oursite, the previous network engineer setup the asa's etc.. so that
Client ASA has one of our outside facing ip's lets say (220.127.116.11) we don't have any access or control to this ASA other than knowing that they point 10.10.17.2 to 18.104.22.168 and 10.10.17.3 to 22.214.171.124
there are then the two servers with NAT on our asa that point the servers from 126.96.36.199 to 10.7.0.5 and 188.8.131.52 to 10.7.0.59
as per the picture when a client goes to 10.10.17.3 on there network it goes from the cache device to our asa outside ip 184.108.40.206 (defined on there asa) and then send data and the same for 10.10.17.2. my issue is that i need to block 220.127.116.11 and 18.104.22.168 from the rest of the internet, my thought was that i could just connect differently and use internal ip's over different the space interface i have however for now i need to band aid the problem until it can be coordinated, i therefore tried to block 22.214.171.124 and 126.96.36.199 from the rest of the internet by using the command
access-list 102 deny ip 188.8.131.52 255.255.255.255 any
access-list 102 deny ip 184.108.40.206 255.255.255.255 any
however after i had put this in i ended up with the following in the config
Extended IP access list 102 10 deny ip any any
and as a result 1.1.17 and 220.127.116.11 are still routable from the internet, can anyone give me info on what i am doign wrong
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.