Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
397
Views
0
Helpful
6
Replies

Blocking KAZAA sites using access-list

mhel
Level 1
Level 1

‎04-04-2003 10:17 PM - edited ‎03-02-2019 06:26 AM

Anyone here who can help me how to block KAZAA sites using access-list

(what is the syntax)

thnx

mhel

Labels:
0 Helpful
6 Replies 6

farshid_sh
Level 1
Level 1

‎04-05-2003 12:32 AM

Hi

first off all you got to the whole block of ip address of kazaa

assumin 10.0.x.x 255.255.0.0

in order to block such addresses with access-lists

you need to create an extended access-list (100-199)

and permit every thing not equal to 10.0.x.x 0.0.255.255

access-list 110 deny any 10.0.x.x 0.0.255.255

access-list 110 permit any any

this accesslist must be an outbound access-list on your wan(internet)

connection

int s0/0

ip access-group 110 out

hope this helps

0 Helpful

mhel
Level 1
Level 1
In response to farshid_sh

‎04-05-2003 01:06 AM

Hi,

farshid, can you check my existing config (partial).Co'z when i add the ff:

access-list 101 deny ip any host (kazaa ip host)

access-list 101 permit ip any any

int s0

ip access-group 101 out

my workstations cant access the net. What seems to be the problem?

............................................................................

access-list 2 permit (private ip) 0.0.0.255

access-list 2 deny any

interface Serial0

description 64l link to ISP

ip address x.x.x.x 255.255.255.x

ip access-group 101 out

ip nat outside

encapsulation ppp

no fair-queue

0 Helpful

ahvn
Level 1
Level 1
In response to mhel

‎04-05-2003 02:00 AM

Hi,

Call that access-list in the serial interface as inbound.And also permit other protocols like TCPand UDP along with IP in your 101 access-liost . ie ,

access-list 101 permit tcp any any

access-list 101 permit udp any any

Rgds,

Homin

0 Helpful

mhel
Level 1
Level 1
In response to ahvn

‎04-05-2003 02:59 AM

Homin,

Thanks for the help. Actually they cant access now the Kazaa(Kazza)site.But if they using the Kazaa media desktop browser, they can download some files. A little more tricky, but what do you think?

thnx

mhel

0 Helpful

ahvn
Level 1
Level 1
In response to mhel

‎04-05-2003 04:05 AM

Nothing tricky mhel.Try including an access-list to block ftp traffic from the same IP.that would do.

access-list deny ftp host any eq ftp

That may be of help.

Rgds,

Homin

0 Helpful

omohamed
Level 1
Level 1
In response to ahvn

‎04-06-2003 05:02 PM

if you are running newer cisco IOS then you can configure NBAR to block Kazaa....you need to download the kazaa pdlm from the cisco website..the URL below has the pdlm list and how to configure NBAR http://www.cisco.com/cgi-bin/tablebuild.pl/pdlm

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/dtnbarad.htm

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents