Re: Cisco ASA from Casim on 2009-07-01 (Ccielab archives 07/2009)

From: Casim <casim1980_at_gmail.com>
Date: Wed, 1 Jul 2009 17:07:29 +0300

you can use time based ACLs

if you need further assistance please unicast me.

regards
Casim

On Tue, Jun 30, 2009 at 4:20 PM, Alexei Monastyrnyi <alexeim73_at_gmail.com>wrote:

> For PIX/ASA specific stuff you could try this:
>
> pix# shun 172.27.3.123
> Shun 172.27.3.123 added in context: single_vf
> Shun 172.27.3.123 successful
> pix# sh shun
> shun (inside) 172.27.3.123 0.0.0.0 0 0 0
>
> This is IPS functionality and treats 172.27.3.123 in example above as
> offending host. Note that /PIX/ASA places shun filtering on an interface
> based on your routing configured on the unit. In example above 172.27.3.123
> is available via interface "inside".
>
> If we have a default route doing off the interface "outside" we get:
> pix-sthlm# shun 1.1.1.1
> Shun 1.1.1.1 added in context: single_vf
> Shun 1.1.1.1 successful
> pix-sthlm# sh shun
> shun (outside) 1.1.1.1 0.0.0.0 0 0 0
>
>
> http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1401131
>
> HTH
> A.
>
>
> Alexei Monastyrnyi wrote:
>
>> access-list outbound extended deny ip aaa.bbb.ccc.ddd 255.255.255.255 any
>> access-list outbound extended permit ip any any
>> access-group outbound in interface inside
>>
>> Or you meant to achieve it with some more intelligent ASA-specific way?
>> :-)
>>
>> HTH,
>> A.
>>
>> oluwaseyi ojo wrote:
>>
>>> Hello GS,
>>>
>>> I want to exclude some ip addresses from browsing the internet on the
>>> Cisco ASA in the morning, which command can I use to achieve this,
>>> somebody should please help me.
>>>
>>> Thanks,
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 01 2009 - 17:07:29 ART

This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:21 ART