The first step would be to figure out what IP address www.xxxxxx.com is hosted on. In this case, the ip address is 188.8.131.52.
I would check to see if there is an existing ACL applied inbound on the inside interface (and others if you want to apply this to more than one interface on the pix). I would then either modify or create an access-list similar to the following (assuming no access-list exists):
access-list 40 deny tcp any host 184.108.40.206 eq 80
access-list 40 permit ip any any
Then I would apply the newly created acl to the inside interface:
access-group 40 in interface inside.
If www.xxxxxx.com would happen to change IP addresses, you need to keep up with this. This can become very tedious and time consuming if you find yourself doing this for many websites.
If you find yourself needing a more scalable solution, you should consider N2H2, Checkpoint, or some other URL filtering software.
I obviously had a brain lapse when I typed Checkpoint as an option for URL filtering software, as Checkpoint does not offer this type of software and subscription service. I indeed meant to say Websense.
Did PDM prompt you to specify the location of the host 220.127.116.11?
Usually PDM will ask for which interface a particular host is out of if PDM does not recognize the ip address on a directly connected segment.
For instance, I attempted to add the same rule via PDM on my 501. The popup message I receive with PDM 3.0 has a menu bar that reads: "Add host/network?" and has the following text inside the window: "PDM could not find host 18.104.22.168 255.255.255.255 on interface outside. Would you like to add this host or network now?"
If I click ok, a wizard leads me through some prompts on how to add this host. This is a pecularity of PDM - i.e. wanting to know out of which interface particular hosts exists.
You should be able to click through this wizard, filling in the info requested and then the rule will appear in PDM with the deny stop sign very visible.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :