Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
749
Views
0
Helpful
7
Replies

PIX 515 need to blocking GOTOMYPC.com

FRahman
Level 1
Level 1

‎02-28-2005 10:14 AM - edited ‎02-20-2020 11:59 PM

Hello,

Need someone to review the changes being made:

Need to block gotomypc.com on a PIX 515. Based on my research a host called poll.gotomypc.com (66.151.158.177) needs to blocked to prevent users.

Here is what I am planning to add to the config:

access-list 100 deny tcp 192.168.0.0 255.255.255.0 host 66.151.158.177 eq any

access-list 100 permit ip any any

Would this config work. The LAN is 192.168.x.x based.

Thanks,

Frank

0 Helpful
7 Replies 7

sachinraja
Level 9
Level 9

‎03-01-2005 12:22 AM

Hi frank,

Yeah this would work, if TCP is the control protocol. If you dont need any access to that site, you can just deny ip for that IP

access-list 100 deny ip 192.168.0.0 255.255.255.0 host 66.151.158.177

access-list 100 permit ip any any

this will deny both tcp and udp connections to that ip.

If you have a proxy server, you can use URL based filtering in that, if you need to block many more such websites.

hope this helps.

Raj

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to sachinraja

‎03-01-2005 06:45 AM

Yes this should work, if you want to have a more detailed overview how this service works, then check out this practial paper on the GIAC web site.

http://www.giac.org/certified_professionals/practicals/gcia/0676.php

sincerely

Patrick

0 Helpful

bklambdin
Level 1
Level 1
In response to Patrick Iseli

‎03-01-2005 10:56 AM

you must apply this to an interface like this:

access-list 120 deny tcp any 216.187.82.0 255.255.255.0

access-list 120 permit ip any any

access-group 120 in interface inside

0 Helpful

FRahman
Level 1
Level 1
In response to bklambdin

‎03-03-2005 05:33 PM

Thanks everyone for the input, I will attempt Brian's suggestion and let you know how it goes.

Frank

0 Helpful

FRahman
Level 1
Level 1
In response to FRahman

‎03-09-2005 11:16 PM

Hello again,

I attemped the following changes to PIX config but it did not block the traffic. I could still ping the host and the users could still gain access to gotomypc.com access.

here is the config changes that were typed into the PIX:

access-list 120 deny tcp any 66.151.158.177 55.255.255.255

access-list 120 permit ip any any

access-group 120 in interface inside

Any further suggestions.

0 Helpful

stalljh
Level 1
Level 1
In response to FRahman

‎03-10-2005 07:01 AM

If I do an nslookup on gotomypc.com, dns comes back with 66.151.158.183. Open up your command prompt and do an c:\nslookup gotomypc.com [return] and see what you get. So maybe they changed their IP address or are changing it often. So try that IP.

Also, to keep your users from going to a site, you could block from the inside interface, eg., deny any going to that IP, then you have to put a permit any any and put the group on the inside interface.

HTH

0 Helpful

stalljh
Level 1
Level 1
In response to stalljh

‎03-10-2005 07:09 AM

Well, looking again....I see their are 2 urls, one is poll.gotomypc.com and the other is just gotomypc.com, which are two different IPs, .177 and 183 in the last octet. And I see you are blocking on the inside interface, so just add another line in acl 120 to block .183 and apply the group to the inside interface.

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card