cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

822
Views
0
Helpful
0
Replies
Highlighted
Beginner

Which is the best way (either 2800 or asa 5510) to block some sites ?

Dear friends,

We have 1no cisco 2800 router, and 1no asa 5510 firewall (with out csc modular)    

Right now the network is running with cisco 2800 with below config .............

Configured DHCP, DNS, NATING and Bandwidth restruction.

User Access Verification

Password:

ADMIN-II_2811>

ADMIN-II_2811>

Password:

ADMIN-II_2811#sh run

Building configuration...

Current configuration : 1710 bytes

!

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ADMIN-II_2811

!

boot-start-marker

boot system flash:/c2800nm-advsecurityk9-mz.151-4.M4.bin

boot-end-marker

!

!

enable secret 4 RxEN781X

!

no aaa new-model

!

!

dot11 syslog

ip source-route

!

!

ip cef

ip dhcp excluded-address 192.168.1.0 192.168.1.10

!

ip dhcp pool ADMIN-II

network 192.168.1.0 255.255.255.128

default-router 192.168.1.1

dns-server X.X.X.X  X.X.X.X.X

!

!

!

no ip domain lookup

!

multilink bundle-name authenticated

!

!

crypto pki token default removal timeout 0

!

!

!

!

license udi pid CISCO2811 sn FH

!

redundancy

!

!

!

!

!

!

!

!

!

interface Loopback0

no ip address

!

interface FastEthernet0/0

description # WAN Network #

ip address 115.119.187.X 255.255.255.X

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface FastEthernet0/1

description # Lan Network #

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

rate-limit input 1024000 192000 384000 conform-action transmit exceed-action dr

op

rate-limit output 1024000 192000 384000 conform-action transmit exceed-action d

rop

duplex auto

speed auto

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

ip nat inside source list 10 interface FastEthernet0/0 overload

ip nat inside source static tcp 192.168.1.9 3389 115.119.187.45 3389 extendable

ip route 0.0.0.0 0.0.0.0 115.119.187.X

!

access-list 10 permit any

!

!

!

!

!

control-plane

!

!

!

line con 0

line aux 0

line vty 0 4

password 7 094

login

transport input all

!

scheduler allocate 20000 1000

end

ADMIN-II_2811#

Now I want to block some sites which are like youtube, facebook and porn site.......

Plz advice me which is the best one (cisco 2800 or ASA 5510) to block those sites.......

and how to config ...... plz guide me with config, because i have nill knowldge like accesslist and above.

Thanks & Regards,
Srinivas. N.       

Thanks & Regards, Srinivas. N.
Everyone's tags (5)