06-18-2013 08:41 AM - edited 03-04-2019 08:14 PM
Hi Guys,
I have attached a copy of one of our configs we have, now my question is this, we are trying to block specific websites, like youtube and facebook etc we have tried a few different ways however it blocks the whole internet and wont let us on at all.
The config on here is untouched and the original which lets us access all websites. Can anyone help with specific website blocking?!
Thanks very much.
06-18-2013 09:43 AM
I am a bit puzzled at this posting. The config that you included assigns access list 101 on the outbound interface and assigns access list 102 on the inside interface. But neither access list is present in the config. I see a partial config for ip inspect but it is not activated that I can tell.
HTH
Rick
06-18-2013 11:53 AM
Hello
Richard is correct - Looks like you are trying to implement CBAC and have specified an acl 102 which doesnt exist( or you havent posted it) - Also cbac isnt being called either.
For basic CBAC - try the config below, it will allow return traffic initiated from inside and be inspected by your CBAC config, you may have to amend the acl so routing protocols ( if applicable) will not get inspected - see below:
access-list 102 permit udp any any eq rip
access-list 102 deny ip any any
interface ATM0
ip inspect firewall out
ip access-group 102 in
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.
06-18-2013 04:16 PM
NBAR is your answer.
The possibility to match files and URL is endless. You need to study a little bit its capabilities and restrictions but you will not be disappointed.
Alessio
Sent from Cisco Technical Support iPad App
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: