Solved: Can I stop someone downloading a huge file if I kow the source/destionation IP?

Andy White · ‎02-26-2015

Hello,

I noticed that a user was downloading a huge file today and it was using most of our internet bandwith, I noticed it via Netflow.

If I know the source and destination IP can I use the ASA to drop the traffic?

Thanks

Jay Vivas · ‎02-26-2015

Andy,

So for you the command would be:

hostname(config)# access-list Name extended deny any destination-ip

hostname(config)# access-list Name extended permit ip any any

Then apply it going out on your interface

Here is a link in case you need it

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/acl_extended.html

Jay Vivas · ‎02-26-2015

Andy,

Do you have a router onsite that you can set an ACL on blocking all traffic going to the destination IP?

Andy White · ‎02-26-2015

No, the routers on the outside of the ASA are manage by our ISP.

Was hoping the ASA could help.

Jay Vivas · ‎02-26-2015

Andy,

The ASA is not my best subject but I'm pretty sure ACLs work the same from the CLI of the ASA as they would in a Cisco router.

Jay Vivas · ‎02-26-2015

Andy,

So for you the command would be:

hostname(config)# access-list Name extended deny any destination-ip

hostname(config)# access-list Name extended permit ip any any

Then apply it going out on your interface

Here is a link in case you need it

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/acl_extended.html

Andy White · ‎02-26-2015

It's a 50MB line, I might add QoS so http/https on use 30mbps of it.

add it to the inside and outside interface

Jon Marshall · ‎02-26-2015

Yes if you know the ports just don't allow them between those IPs.

Or for a more drastic solution you could just block all IP between those two IP addresses.

edited - rant over :-)

Jon

Jay Vivas · ‎02-26-2015

Andy,

Were you able to apply the ACL to your ASA?