block websites Web of Cisco 800 series Router
Hello
I have a Cisco router running. I want to block certain websites (facebook, twitter, etc.) and download files with extensions such as
*.AVI, *.mp3, *.mp4, *.exe, *.wma, *.wmv and *.torrent etc...
I want to block for some users (based on the MAC address) and allow other users to have access to it on the same network.
Help me to do this?
Here's what you do:
IP block ip extended access list
allow an ip
permit tcp host 192.168.0.100 any eq www
permit tcp host 192.168.0.107 any eq www
I suggested to do the following:
IP block ip extended access list
permit tcp host 192.168.0.100 any eq www
permit tcp host 192.168.0.107 any eq www
Can't you see the difference?
Concerning
Alain
Remember messages useful rate.
Tags: Cisco Network
Similar Questions
-
800 series Router and ASA will not create a tunnel
Hey everybody, what had confused me for a week now, and I feel that it is something small that im overlooking. My 800 router and my ASA will not pass traffic through a VPN. Here are my configs (less sensitive data of course). I also removed irrelevant data to narrow down the config.
800 series router:
DHCP excluded-address 192.168.2.1 IP 192.168.2.100
!
IP dhcp pool internaldhcp
network 192.168.2.0 255.255.255.0
x.x.x.x where x.x.x.x DNS server
default router 192.168.2.1
!
!
IP cef
no ip domain search
domain IP (domain here)
Server name x.x.x.x IP
Server name x.x.x.x IP
No ipv6 cef
!
!
crypto ISAKMP policy 1
BA 3des
md5 hash
preshared authentication
Group 2
address key (password) crypto isakmp (ip WAN of ASA)
!
!
Crypto ipsec transform-set esp-3des esp-sha-hmac 3des-sha
Crypto ipsec transform-set esp-3des esp-md5-hmac 3des-md5
Crypto ipsec transform-set esp-3des esp-md5-hmac distance
!
!
map KentonMap 1 ipsec-isakmp crypto
defined peer (ASAs WAN IP)
the value of the transform-set 3des-sha
match address 110
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
Description outside the int
(Local WAN) 255.255.255.252 IP address
NAT outside IP
IP virtual-reassembly in
automatic duplex
automatic speed
card crypto KentonMap
service-policy output VoiceLLQ
!
interface Vlan1
IP 192.168.2.1 255.255.255.0
IP nat inside
IP virtual-reassembly in
Fair/fair-queue
!
!
IP nat pool insidepool (WAN IP) (WAN IP) netmask 255.255.255.252
IP nat inside source list 100 insidepool pool overload
IP route 0.0.0.0 0.0.0.0 (Next Hop)
!
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
Note access-list 110 VPN ACL
access-list 110 permit ip 192.168.2.0 0.0.0.255 192.168.24.0 0.0.0.255
!
The ASA config:
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
IP 192.168.24.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
(LOCAL WAN) 255.255.255.252 IP address
!
permit same-security-traffic intra-interface
IP 192.168.24.0 allow Access - list extended sheep 255.255.255.0 192.168.2.0 255.255.255.0
Access extensive list ip 192.168.24.0 LimatoKenton allow 255.255.255.0 192.168.2.0 255.255.255.0
OutsideIn list extended access permit tcp any interface outside eq 3389
Global 1 interface (outside)
NAT (inside) 0 access-list sheep
NAT (inside) 1 192.168.24.0 255.255.255.0
Route outside 0.0.0.0 0.0.0.0 (Next Hop) 1
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-3des esp-sha-hmac 3des-sha
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
card crypto LimaMap 1 corresponds to the address LimatoKenton
card crypto LimaMap 1 defined peer (800 WAN router)
card crypto LimaMap 1 the value transform-set 3des-sha
LimaMap interface card crypto outside
crypto isakmp identity address
crypto ISAKMP allow outside
crypto ISAKMP policy 1
preshared authentication
3des encryption
md5 hash
Group 2
life 86400
tunnel-group (800 WAN router) type ipsec-l2l
tunnel-group (800 WAN router)
IPSec-attributes
pre-shared key *.
ISAKMP crypto release:
ASA
Type: L2L role: initiator
Generate a new key: no State: MM_ACTIVE
Router
DST CBC conn-State id
(Local WAN) (ASA WAN) ACTIVE QM_IDLE 2003
Hello, Benjamin.
I guess that your router does NAT same for site traffic to site.
So, you have to deny traffic between ACL 100 sites.
PS: If this does not resolve your problem, could you please share isakmp/ipsec its on both sides?
-
Easy vpn server issues of Cisco 800 series.
Hello.
I want to deploy the easy vpn server on cisco 876 and 877 10 routers and access from a remote location (company headquarters). When I leave the firewall of the router off the vpn server works. When I turn it on it doesn't.
Although I allow all traffic to my ip for example 80.76.61.158 I can't access the vpn server.
I tried a place to let the firewall off and it worked fine.
I use SDM to configure the vpn server. Any ideas what I can do with the cause of firewall I really can't leave it "open."
Thanks in advance.
It would be a good idea to paste the configuration of the VPN server to the firewall.
Kind regards
Kamal
-
More small Cisco 800 series + DMVPN?
Hello
Recently I looked into the possibilities to extend a DMVPN (already implemented) with very remote of small (1-2 user) on a single link to the ISP.
I would use what is essentially the smallest Cisco router supporting DMVPN and EIGRP (heel) - here is an example configuration:
Tunnel interface *.
bandwidth *.
IP address
IP - eigrp hold time *.
authentication of property intellectual PNDH *.
map of the PNDH IP * *.
multicast IP PNDH card *.
network IP PNDH ID *.
Holdtime PNDH IP *.
property intellectual PNDH nhs *.
property intellectual PNDH registration timeout *.
tunnel source *.
multipoint gre tunnel mode
tunnel key *.
tunnel path-mtu-discovery
Ipsec-tunnel protection profile *.
All this accompanied by the overall policy and isakmp transform appropriate.
I know that the 881 can accomplish the above without problem (if it has IP Adv licenses Services).
I would like to know if I can use the small routers (physically smaller, that is) for a similar configuration. Can anyone provide an overview here? Pouvez router Cisco 819 (http://www.cisco.com/en/US/prod/collateral/routers/ps10906/ps380/ps11615/data_sheet_c78-678459.html)
provides the same functionality? What the 866VAE router (http://www.cisco.com/en/US/prod/collateral/routers/ps380/data_sheet_c78-693249.html)?
819 does support both DMVPN and EIGRP.
866VAE does not support the DMVPN.
-
Router randomly blocking websites
It is one of the strangest things I've ever seen.
My router is connected to the internet... and I can access the internet... at least a part of it.
However, it blocks some Web sites.
Now, to be clear... these aren't FTP sites... or anything that I think should cause any form of security to block.
For example... a site is the bank where I pay my monthly mortgage on the House. Another is the site of a local University.I used to be able to get to the two Web sites... .but something changed a few weeks ago.
There is no IP blocked... blocked .or anything, of any kind put in place in the configs. I even went off as to add access to IP from one PC to "allow access to blocked sites" as a test... which doesn't work anymore.
I have reset several times I mean.
I set the router to the factory default.
I reloaded the firmware.
I looked for anything or any reason in this router as to why he could block these websites and I can't find anything.I'm sure that some are asking if I've hard isolated to the router. Yes, I have.
When my cell is on the home WIFI, it cannot reach these sites.
WIFI is off, my cell to reach cutting sites.
What happens to something else, pass through this router, wired and wireless.
With my ISP, I confirmed that they do not block anything.
I know that they are not the issue anyway because when I bypass the router and go directly to the modem cable, Web sites are blocked is no longer.
In addition, I used an old TP-Link router instead of this router and the sites are not blocked.For anyone wondering about Chrome, Firefox and IE... I tried all 3.
I deleted the cache and cookies in all 3.As I said... this problem is very isolated to this router.
I really hope that someone can offer some advice because this thing is about to go out a window. I did not pay so much money for this level of aggravation in my life.
I tried to call Netgear... I have had regard to the request of the series... where I'm supposed to say 'Got It'. And no matter how I said, yelled it... etc... just kept Netgear phone system play this stupid music and telling me to say "had" when ready.
Honestly... If they can't manage a system better than this phone, maybe it's that I should expect from this router.
Yes... I called at least 5 times and got the exact same experience each time.lottathought wrote: I tried your suggestion Searay... in fact, I tried several combinations... nothing. The most important part of the process of change of MAC address, it is you power cycle the modem (router also if you want, but above all the modem). If you do not have this change of MAC address on the router will simply kill your Internet connection. More often as otherwise, that solves the problem of inaccessible sites, which is mostly nothing to do with the router (regardless of brand).
-
Question of the router Cisco RV series
Hello
I have a question. We sell a lot of cisco 800 routers. Now for some clients, we have that they are expensive.
Then we thought about the RV series, but I can't find any good routing performance for these routers specifications.
If I go to:
http://www.Cisco.com/Web/partners/downloads/765/tools/quickreference/routerperformance.PDF
I see a lot of details of the cisco product, but the RV series isn't here.
Can someone tell me what are the specifications of performance of these routers? (packets per second, Mbit/s data rate)
Thanks in advance,
Tom
You can also access the data at smallnetbuilder. There are many different performance tests
-
The vs ASA55xx 800 series routers
Can someone give me a kind of overview of the differences between the devices of the ASA and 800 series routers (specifically 871)?
Mainly interested in VPN and security, but everything that can give me an idea of which one fits my scenario is greatly appreciated.
I have several agencies that I'll set up, a few small (1 WinXP), support (WinXP 5-15, 1-10 VPN), some big (for me) (10-100 WinXP, 10-50 VPN).
I am also interested in the same question.
You may want to look at
ASA firewalls are certainly faster than the 800 series routers, but for small offices (10 users), it may be not important. I like the ASA 5505 because there a switch 8 ports built-in, while the 871 has a 4 port switch.
One thing to remember is that, although the ASA has a FEW abilities of routing... it is first a firewall. So, you lose some flexibility by going with an ASA you may have a router. (for example: I don't think that the SAA can be a "router on a stick" with packets routed in & out on the same interface)
However, on the router 871 with all the features of firewall, to ensure that firewall features are enabled and configured... by default the SAA is a firewall... not to not do anything except plug it in and the firewall features are run automatically.
That's my opinion anyway
Thomas
-
I want to stop a particular website to contact me by email.
Some e-mail providers to block or even sort
incoming mail. Check with your email provider.On your blocking of websites;
Adblock more {web link}
Blocks annoying video ads on YouTube, Facebook ads, banners
and much more. Adblock Plus blocks all the annoying ads, and
supports Web sites by blocking is not discrete (configurable) default ads.BlockSite {web link}
BlockSite is an extension, which automagically blocks websites
of your choice. In addition, this extension will disable all
hyperlinks to these sites, simply displaying the text of the link
without the feature by clicking on.Separate the issue;
Shows details of the system;Plug-ins installed
Garmin Communicator plugin 4.2.0.0
Garmin Communicator plugin BETA 4.2.0.0Having multiple versions of a program can cause problems.
-
Original title: Windows has blocked a website!
I have Mozilla Firefox on my computer and I try to go on a site that I need to go to desperately for school work and it tells me that Windows has blocked the Web site. How do the Web site and how to unlock the problem?
Hello1. what happens when you visit the same Web site using Internet Explorer?
2. what operating system is installed on your computer?Given that it is a problem with Mozilla Firefox, you can contact Mozilla for better assistance.Here is the link: http://support.mozilla.org/en-US/questions/new -
How to block specific Web sites from my PC
I have XP Pro SP3. How to block specific Web sites to come on Internet Explorer? Thank you!
Yes my brother you can block specific Web site in your pc, I got a job for you
visit-
How to block specific Web sites from my PC http://www.technet2u.com/2012/09/how-to-block-any-websites-using-host.html
-
Linksys WRT110 problems - Firmware and the blocking of Web sites
First problem is that my Linksys WRT110 blocking some Web sites. I tried to get 1up.com and it times out. When I plugged my modem without the router I could access the site without problem. I checked www.downforeveryoneorjustme.com and it's on my end... I found a few solutions workaround, which eventually do not, such as:
After you download the firmware, extract the files if its zipped.
Connect to http://192.168.1.1 router.
Leave the user name and password admin
Click administration and then search for the file (.bin)
Wait for the upgrade, then reset and reconfigure the router.
-
How to block a Web site through the firewall of windows 7 ultimate 64-bit
I tried to block a Web site, but I found never this kind of option in the windows firewall... the picture is the same in avast internet security which I use also... I don't want some websites to access it on my computer... Please help me solve the problem.
Hi ramakrishna91,
1. don't want to block certain websites?
You will not be able to block the Web site access by using the Windows Firewall, but you can use Internet explorer to access the Web sites by adding these sites in sensitive sites.
(a) click the Start button, select Control Panel, type Internet options in the search box, and then click Internet Options.
(b) click on the Security tab, click restricted sites , and then click Sites.
(c) to add a site, type the URL in the Add this Web site to the zone box, and then click Add.
Why can't open or copy files from the web?
http://Windows.Microsoft.com/en-us/Windows7/why-cant-I-open-or-copy-files-from-the-Web
I hope this helps!
Halima S - Microsoft technical support.
Visit our Microsoft answers feedback Forum and let us know what you think.
-
800 series vpn site to site?
Hello, I have a brand new pair of 851w with ios version 12.4 (15) T7. I can't seem to get a vpn site-to set up, I was able to use these seccessfully 800 series in the past. I have stripped the configs down to the essentials and still cannot be established.
When I do a crypto session see the everything seems okay, but the connection is "down".
I'm not 100% sure on my cryptographic transformation
"crypto ipsec transform-set esp - aes AES-SHA-compression hmac-sha-esp computer-lzs" I'm not sure that the 800 series will support encryption or if I should use something else.
I have attached the configs.
You must change the configuration of: -.
the IP nat inside source 1 interface 4 overload list
TO
IP nat inside source overload map route interface FastEthernet4 sheep
HTH >
-
Hi all
I have searched high and low for answering this question and came from far away confused.
Should I DMVPN in order to use a VPN endpoint behind a perfomring NAT router?
ISP---> Internet router---> 800
In addition, if the answer is no, then can al of the 800 series and soho routers support this?
I appreciate really all help with that.
I'm glad to hear that.
If you have any other questions, let us know
Please evaluate the useful messages.
Federico.
-
Cisco 800 VPN to a NetScreen-25
I'm trying to configure a VPN tunnel between a Cisco 800 router and a firewall NetScreen-25. I am able to complete Phase 1 and Phase 2 debugs see 'not found peer. What Miss me?
Jack,
The configuration of encryption on the router 800 has access lists overlap.
Card crypto access-list 115 and 116 are overlapping. Which means, the destination is the same network, and they are two different counterparts.
access-list 115 permit ip 192.168.103.64 0.0.0.31 192.168.101.0 0.0.0.255
access-list 116 allow ip 192.168.103.64 0.0.0.31 192.168.101.0 0.0.0.255
access-list 116 allow ip 192.168.101.0 0.0.0.255 192.168.103.64 0.0.0.31
Access-list 116 is also a destination of 192.168.103.64 0.0.0.31 which is your network.
Please update the configuration and try to show up the tunnel.
Let me know how it goes.
Kind regards
Arul
* Please note all useful messages *.
Maybe you are looking for
-
ZTE open not light unless it is connected to the USB power source.
Even with the battery fully charged, my ZTE open never turn on unless it is connected to a USB power source. Once connected, it can be started, behaves normally and can be disconnected.
-
Failed to open completely zooworld on facebook. Plug what am I missing?
I got a new computer with Windows 8.1 and I used Mozilla before playing Zooworld, but I can't use it on this one... can't find add necessary.
-
With the help of digital input for Boolean control?
Hello! I have spent a lot of time to search but have not found a solution to this... I have LV 2015 with chassis NI 9188 and module NI 9425 DI. Try to use the input signal to assign a State structure machine program and/or events in real time. It w
-
Second monitor will be in the image, but will not extend.
HP Desktop Windows 7 64 bit Video ports factory I have a connected VGA and works very well. The other is attached through DisplayPort and it will be in the image, but it will not display as a second monitor or even detect it. I've been working in dis
-
inserting and removing pages hide the navigation bar
My application has a page of 'low' which has a page of menu shoot upward. Page menu: m_menuPage = new Page(); ActionItem* backAction = ActionItem::create(); connect(backAction, SIGNAL(triggered()), m_navPane, SLOT(pop())); m_menuPage->setPaneProperti