For PIX/ASA specific stuff you could try this:
pix# shun 172.27.3.123
Shun 172.27.3.123 added in context: single_vf
Shun 172.27.3.123 successful
pix# sh shun
shun (inside) 172.27.3.123 0.0.0.0 0 0 0
This is IPS functionality and treats 172.27.3.123 in example above as
offending host. Note that /PIX/ASA places shun filtering on an interface
based on your routing configured on the unit. In example above
172.27.3.123 is available via interface "inside".
If we have a default route doing off the interface "outside" we get:
pix-sthlm# shun 1.1.1.1
Shun 1.1.1.1 added in context: single_vf
Shun 1.1.1.1 successful
pix-sthlm# sh shun
shun (outside) 1.1.1.1 0.0.0.0 0 0 0
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1401131
HTH
A.
Alexei Monastyrnyi wrote:
> access-list outbound extended deny ip aaa.bbb.ccc.ddd 255.255.255.255 any
> access-list outbound extended permit ip any any
> access-group outbound in interface inside
>
> Or you meant to achieve it with some more intelligent ASA-specific
> way? :-)
>
> HTH,
> A.
>
> oluwaseyi ojo wrote:
>> Hello GS,
>>
>> I want to exclude some ip addresses from browsing the internet on the
>> Cisco ASA in the morning, which command can I use to achieve this,
>> somebody should please help me.
>>
>> Thanks,
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Tue Jun 30 2009 - 23:20:24 ART
This archive was generated by hypermail 2.2.0 : Wed Jul 01 2009 - 20:02:38 ART