Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1951
Views
0
Helpful
5
Replies

Configure 2811 to block access to specific websites

femi.agboade
Level 1
Level 1

‎09-07-2009 03:03 AM

Hi,

I have been trying to block access to specific websites on a client's 2811 running C2800NM-ADVENTERPRISEK9-M, Version 12.4(24)T.

I initially tried using ACL but the sites just keeps coming up. I followed instructions on this link http://articles.techrepublic.com.com/5100-10878_11-6115879.html, created the ACL, searched as much as i could the IPs linked to the domains I want to block, and then applied the ACL in the outbound direction on the WAN interface, but still no luck.

I was trying to use the SDM to configure the firewall, but i ended up blocking HTTP access to all websites :-(

Any advice will be much appreciated.

Regards,

Femi

Labels:
0 Helpful
5 Replies 5

Richardsma
Level 1
Level 1

‎09-07-2009 03:22 AM

Post a copy of the ACL so others can see how you've configured it, substitute IP's if necessary.

0 Helpful

femi.agboade
Level 1
Level 1
In response to Richardsma

‎09-07-2009 03:38 AM

Hi,

Please see attached the config for the ACL I have on the router...

Regards,

Femi

Preview file
3 KB
0 Helpful

femi.agboade
Level 1
Level 1

‎09-16-2009 02:41 AM

Hello,

I have been able to successfully block the websites, only after upgrading my IOS though. See below the commands used, note that you would need an AdvSec IOS on the router to be able to do this:

You can use the URL Filter functions

\\ set the url filter to a bogus websense IP address

ip urlfilter server vendor websense 192.168.15.15

\\-- set filter to bypass vendor server if it can't be reached (it can't)

ip urlfilter allow-mode on

\\-- setup a BLACKLIST that gets blocked before ever sending to vendor server

ip inspect name BLACKLIST http urlfilter

ip urlfilter exclusive-domain deny .facebook.com

ip urlfilter exclusive-domain deny .myspace.com

ip urlfilter exclusive-domain deny .youtube.com

\\-- apply filter to LAN interface

interface Fast 0/0

ip inspect BLACKLIST in

Regards,

Femi

0 Helpful

Joseph Adekoya
Level 1
Level 1

‎09-23-2009 12:26 PM

hi,

can i just ask why you want to use a router for http content filtering? dont you have mcaffe or ISA or pix with websense?

0 Helpful

femi.agboade
Level 1
Level 1
In response to Joseph Adekoya

‎09-23-2009 02:54 PM

Hi Adekoya,

Thank you for our comments. However, if I had any of the appliances/software that you have mentioned, I would have used it dont you think???

Before ISA, PIX or McAfee, there was plain old Cisco IOS CLI and it worked pretty well...

Regards,

Femi

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card