Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1635
Views
0
Helpful
6
Replies

RVS 4000

Go to solution
paddylynch
Level 1
Level 1

‎11-27-2011 04:45 AM

I would like to block IP numbers.

When I tried with one the router festively walked straight trhough it!

Anyone has any experience with this?

Paddy

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mpyhala
Level 7
Level 7
In response to paddylynch

‎11-29-2011 12:45 PM

Hi Patrick,

The firewall should block incoming traffic by default unless a port is opened to allow certain traffic. All outbound traffic is allowed by default. You created a rule to block outbound traffic to a specific IP address. It almost sounds like you have a program on the PC that is trying to gain access to the specified site. (virus?) Since you blocked access to that IP, the "program" should be blocked from reaching the specified IP. I personally like to run a firewall such as Zone Alarm on my PCs because it blocks outbound traffic by default and you can decide what traffic is allowed outbound from that PC.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
mpyhala
Level 7
Level 7

‎11-28-2011 12:03 PM

Hi Patrick,

Thank you for posting. Please provide some detail about what you are trying to block and how you configured that in the router. Hopefully we can figure out why it is not working for you.

0 Helpful

Go to solution
paddylynch
Level 1
Level 1
In response to mpyhala

‎11-28-2011 12:35 PM

Hiya!

I have tried to add an IP address to the "IP Based ACL" section

I have followed this procedure:

"Add new Rule" ---"Action = deny"---"service=all"---"Source Interface =  WAN"---"source IP = the websites IP address" ----"Destination IP = range  (the LAN DHCP range)"---"Scheduling=24/7"

Some variations were tried (single destination Ip and such) but none if this works.

The website/IP address can still be reached without any bother!

I really need this firewall section to work. So any help will be greatly valued!

Thanks

Paddy

0 Helpful

Go to solution
mpyhala
Level 7
Level 7
In response to paddylynch

‎11-28-2011 01:45 PM

Hi Patrick,

It appears that the source and destination interfaces need to be switched. The Source Interface should be LAN (range) and the Destination IP the address you want to block.

0 Helpful

Go to solution
paddylynch
Level 1
Level 1
In response to mpyhala

‎11-28-2011 05:13 PM

Thanks for this!

I gave it a try with the first IP address that came to hand, and it seems to work...the connection times out and doesn't go to

the website.

(Craysupercomputers.com is now baned from our network.LOL!)

Cisco seems to have its own logic to things! In a way it is understandable, semanticaly correct even, but confusing enough if one isn't used to these products.

Thanks for you kind help!

However, what about this :

-I block CraySupercomputer.com the way you described (and it works, I have tried it!)

-I run a server

-CraySupercomputer.com (with the IP address I blocked) wants my advise (dream on!) and wants to ftp files from MY IP address....

would that be possible?

Blocking the LAN computers from accessing a web site is one thing. Often one is more concerned with the reverse.(say a DOS attacker needs blocking)

Can the blocked site/IP N° still get to the my network, without being blocked by the firewall?

Or does one have to block the traffic in both directions in two instances (ie : Craysupercomputer.com may not be reachable by any computers in our LAN,is the reverse true as well?)

(I just want to understand the "mechanics" of the system)

Patrick

0 Helpful

Go to solution
mpyhala
Level 7
Level 7
In response to paddylynch

‎11-29-2011 12:45 PM

Hi Patrick,

The firewall should block incoming traffic by default unless a port is opened to allow certain traffic. All outbound traffic is allowed by default. You created a rule to block outbound traffic to a specific IP address. It almost sounds like you have a program on the PC that is trying to gain access to the specified site. (virus?) Since you blocked access to that IP, the "program" should be blocked from reaching the specified IP. I personally like to run a firewall such as Zone Alarm on my PCs because it blocks outbound traffic by default and you can decide what traffic is allowed outbound from that PC.

0 Helpful

Go to solution
paddylynch
Level 1
Level 1
In response to mpyhala

‎11-29-2011 01:52 PM

Rest assured, my question was purely hypothetical!
(and I have a Bullguard subscription for ever PC in the LAN ; here too  one can determine access level on application level, even port level)

I was meanly trying to further understand how the firewall software works.
On checking the logs, there are already some DOS and DDOS attacks that were averted, so it does seem to block incoming traffic.

I am more used to Smooth-wall and pfSense, and the semantics of the interface is more "vulgo" (for lack of a better word)
The Cisco gear just takes some getting used to.

Also, the user guides aren't written with people who want to understand  in mind...nowadays all has to work "out of the box" without a  second thought... old-school as I am ; I like to understand at least the principles of the equipment I am working with...

I think I can manage from now on....and if something doesn't work, I'll  start by considering trying "the opposite" given the rather literal way Cisco lays things out.

Many thanks for your kind assistance,your patience and your help!

Regards
Patrick
 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents