Blocking Tor Browser on Cisco ASA 5505

(config)# dns domain-lookup outside
(config)# dns server-group DefaultDNS
(config)# name-server
(config)# name-server
(config)# domain-name poc.local
(config)# dynamic-filter updater-client enable
(config)# dynamic-filter use-database
(config)# access-list dynamic-filter_acl extended permit ip any any
(config)# dynamic-filter enable interface outside classify-list dynamic-filter_acl
(config)# class dynamic-filter_snoop_class
(config-cmap)# match port udp eq domain
(config-cmap)# exit
(config)# policy-map dynamic-filter_snoop_policy
(config-pmap)# class dynamic-filter_snoop_class
(config-pmap-c)# inspect dns dynamic-filter-snoop
(config-pmap-c)# exit
(config-pmap)# exit
(config)# service-policy dynamic-filter_snoop_policy interface outside

Copy ips from

Download my Excel file and paste those ips into row A5!dFsAnDIT!9c6G42zTHtKOkNW7GsgbFK-jKfaXd4hRU35eFjeQTUo
Remove duplicate entries by selecting column A, then click menu DATA, click Remove Duplicate button
Copy all ips from column A and paste into ASDM/Botnet Traffic Filter/Black and White Lists



2 thoughts on “Blocking Tor Browser on Cisco ASA 5505

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s