02-26-2015 05:52 AM - edited 03-05-2019 12:53 AM
Hello,
I noticed that a user was downloading a huge file today and it was using most of our internet bandwith, I noticed it via Netflow.
If I know the source and destination IP can I use the ASA to drop the traffic?
Thanks
Solved! Go to Solution.
02-26-2015 06:10 AM
Andy,
So for you the command would be:
hostname(config)# access-list Name extended deny any destination-ip
hostname(config)# access-list Name extended permit ip any any
Then apply it going out on your interface
Here is a link in case you need it
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/acl_extended.html
02-26-2015 05:56 AM
Andy,
Do you have a router onsite that you can set an ACL on blocking all traffic going to the destination IP?
02-26-2015 05:57 AM
No, the routers on the outside of the ASA are manage by our ISP.
Was hoping the ASA could help.
02-26-2015 06:10 AM
Andy,
The ASA is not my best subject but I'm pretty sure ACLs work the same from the CLI of the ASA as they would in a Cisco router.
02-26-2015 06:10 AM
Andy,
So for you the command would be:
hostname(config)# access-list Name extended deny any destination-ip
hostname(config)# access-list Name extended permit ip any any
Then apply it going out on your interface
Here is a link in case you need it
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/acl_extended.html
02-26-2015 05:59 AM
It's a 50MB line, I might add QoS so http/https on use 30mbps of it.
add it to the inside and outside interface
02-26-2015 07:27 AM
Yes if you know the ports just don't allow them between those IPs.
Or for a more drastic solution you could just block all IP between those two IP addresses.
edited - rant over :-)
Jon
02-26-2015 07:34 AM
Andy,
Were you able to apply the ACL to your ASA?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide