11-27-2012 09:56 PM - edited 03-07-2019 10:16 AM
Dear Friends,
I have a 2800 router and tried so many ways to block the unwanted sites on my office network..........
Like access list ip based, null0 routing and policy map.........
Faced issues with below config
1. Creating Access-list........ very deficulty to block the sites........ with https those sites will be opend, and we cant block all the IPs
2. Creating null0 routing...... I it also a bit deficult the block maximum sites.......becuase we can't fiend all IPs for those sites
3. Policy map.. with policy map we can only 1site we can block, but not more than one........
I heard that port based routing or port based access-list are the best ways to stop the websites in my local network..
for this one i need to map the site to unsued ports then i need to null rouging or need to create the access-list........
Plz advice me which is best way and what are the config steps?
Thanks & Regards,
Srinivas. N.
11-27-2012 10:54 PM
Guess, you want to filter the sites based on URL, right?
this is possible with application gateway firewall, on router you can either block/allow the sites on ip/port basis. If you have list with you what URL/Sites/IP has to be filter then you got two below possibilities -
1. either you can allow all that Sites/URL you know on port basis but it will deny everything else (if you won't add permit any any statement in ACL)
2. or you block those sites only what you know on port basis and allow everything else.
Please update what you looking for -
11-27-2012 11:22 PM
Hi,
By far the easiest way is using a Web Proxy like Squid and do transparent proxying with WCCP between the router and the Proxy.
Regards.
Alain
Don't forget to rate helpful posts.
11-28-2012 01:30 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Hmm, can only block 1 site with a policy-map, what's you policy-map configuration look like?
As the other posters have described, dedicated appliance would probably be the best solution, but perhaps a variation of what you've already tried on your 2800 would be using NBAR to look deeper into some packet and determine whether you want to drop them; for example, HTTP URLs.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide