https://community.cisco.com/t5/network-security/asdm-and-access-rules/m-p/1521088#M695680 <HTML><HEAD></HEAD><BODY><P>Jason </P><P></P><P>I hope this helps <A href="http://www.cisco.com/en/US/docs/security/asdm/6_2/user/guide/aclrules.html#wp1046058">http://www.cisco.com/en/US/docs/security/asdm/6_2/user/guide/aclrules.html#wp1046058</A><SPAN> This is with ASDM version 6.2</SPAN></P><P></P><P>Namit </P></BODY></HTML> Thu, 23 Sep 2010 15:30:30 GMT Namit Agarwal 2010-09-23T15:30:30Z https://community.cisco.com/t5/network-security/asdm-and-access-rules/m-p/1521086#M695669 <P>Can anyone give me a quick walkthrough on how to set up an access rule to block a TCP port? I need to stop people from playing a game (World of Warcraft) and I need to block 3724. I've tried various combinations of inside outgoping, inside incoming and I just can't seem to get it. I would really appreciate some help with configuring this through the ASDM GUI.</P> Mon, 11 Mar 2019 18:44:09 GMT https://community.cisco.com/t5/network-security/asdm-and-access-rules/m-p/1521086#M695669 Jason Sypolt 2019-03-11T18:44:09Z https://community.cisco.com/t5/network-security/asdm-and-access-rules/m-p/1521087#M695675 <HTML><HEAD></HEAD><BODY><P>Jason,</P><P></P><P>What is the version of the ASDM and the ASA code you are running&nbsp; ?</P><P></P><P>Namit </P></BODY></HTML> Thu, 23 Sep 2010 15:27:24 GMT https://community.cisco.com/t5/network-security/asdm-and-access-rules/m-p/1521087#M695675 Namit Agarwal 2010-09-23T15:27:24Z https://community.cisco.com/t5/network-security/asdm-and-access-rules/m-p/1521088#M695680 <HTML><HEAD></HEAD><BODY><P>Jason </P><P></P><P>I hope this helps <A href="http://www.cisco.com/en/US/docs/security/asdm/6_2/user/guide/aclrules.html#wp1046058">http://www.cisco.com/en/US/docs/security/asdm/6_2/user/guide/aclrules.html#wp1046058</A><SPAN> This is with ASDM version 6.2</SPAN></P><P></P><P>Namit </P></BODY></HTML> Thu, 23 Sep 2010 15:30:30 GMT https://community.cisco.com/t5/network-security/asdm-and-access-rules/m-p/1521088#M695680 Namit Agarwal 2010-09-23T15:30:30Z https://community.cisco.com/t5/network-security/asdm-and-access-rules/m-p/1521089#M695687 <HTML><HEAD></HEAD><BODY><P>Sorry, forgot to include that. It is ASDM 5.2(3) on an ASA 5505 7.2(3)</P></BODY></HTML> Thu, 23 Sep 2010 15:40:41 GMT https://community.cisco.com/t5/network-security/asdm-and-access-rules/m-p/1521089#M695687 Jason Sypolt 2010-09-23T15:40:41Z https://community.cisco.com/t5/network-security/asdm-and-access-rules/m-p/1521090#M695696 <HTML><HEAD></HEAD><BODY><P>Jason </P><P></P><P><A href="http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/user/guide/aclrules.html">http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/user/guide/aclrules.html</A><SPAN> hope this helps it is for ASDM 5.2</SPAN></P><P></P><P>Regards,</P><P></P><P>Namit </P></BODY></HTML> Thu, 23 Sep 2010 15:50:15 GMT https://community.cisco.com/t5/network-security/asdm-and-access-rules/m-p/1521090#M695696 Namit Agarwal 2010-09-23T15:50:15Z https://community.cisco.com/t5/network-security/asdm-and-access-rules/m-p/1521091#M695707 <HTML><HEAD></HEAD><BODY><P>And I'm assuming that I need to block this game on the inside network since you start the client and it connects to the external game servers.</P><P></P><P>So I was trying to add an outgoing deny rule on the inside network for any source, any destination that has a source port of 3724.</P></BODY></HTML> Thu, 23 Sep 2010 15:52:51 GMT https://community.cisco.com/t5/network-security/asdm-and-access-rules/m-p/1521091#M695707 Jason Sypolt 2010-09-23T15:52:51Z https://community.cisco.com/t5/network-security/asdm-and-access-rules/m-p/1521092#M695711 <HTML><HEAD></HEAD><BODY><P>Jason,</P><P></P><P>Have you blocked IP traffc or only UDP or TCP. Please block both UDP and TCP.</P><P></P><P>Ya that should do the trick deny any connection with source port 3724 with any source IP&nbsp; any destination IP . The ACL will be applied on the inside interface in the inward direction. Also make sure that this should be top of the ACL entries as there might be a permit entry allowing this traffic before it hits the deny rule. </P><P></P><P>Can you please send the running config or at least the ACL you have applied</P><P></P><P><BR />Regards,</P><P>Namit </P></BODY></HTML> Thu, 23 Sep 2010 16:03:41 GMT https://community.cisco.com/t5/network-security/asdm-and-access-rules/m-p/1521092#M695711 Namit Agarwal 2010-09-23T16:03:41Z https://community.cisco.com/t5/network-security/asdm-and-access-rules/m-p/1521093#M695719 <HTML><HEAD></HEAD><BODY><P>hi Jason,</P><P></P><P>i think this will be helpful, apart from what namit has said about how to block them i think you should see this, looks interesting</P><P></P><P>"<SPAN>The Blizzard Downloader requires that TCP ports 3724 and&nbsp; 6112 be forwarded. It can also benefit from having ports 6881 through&nbsp; 6999 forwarded.</SPAN>"</P><P></P><P>i found this on some world of warcraft forum wherein people are discussing on which ports to open to allow it, and look at the 2 side of coin, you are going to look at it to block your users : )</P><P></P><P><A class="jive-link-external-small" href="http://forums.worldofwarcraft.com/thread.html?topicId=2215453407&amp;sid=1">http://forums.worldofwarcraft.com/thread.html?topicId=2215453407&amp;sid=1</A></P></BODY></HTML> Thu, 23 Sep 2010 16:46:01 GMT https://community.cisco.com/t5/network-security/asdm-and-access-rules/m-p/1521093#M695719 Jitendriya Athavale 2010-09-23T16:46:01Z https://community.cisco.com/t5/network-security/asdm-and-access-rules/m-p/1521094#M695726 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Jeetu thanks for the information. That is very useful. However the port 3724 is the one that is used for hosting the game. Rest of the ports are just used for downloading the patches by the Blizzard Support. I think just blocking 3724 should be enough. However as per documentation on Blizzard Support Site they have mentioned the following ports to be opened in order to run this. 3724, 6112, 6113, 6114 and 4000. <A class="active_link" href="http://us.blizzard.com/support/article.xml?locale=en_US&amp;articleId=21077">http://us.blizzard.com/support/article.xml?locale=en_US&amp;articleId=21077</A></P><P></P><P>I think we can start by blocking 3724 and of it does not help we can move on to blocking other ports as well. Moreover Jason please send the running config or the screenshot of the ACL you are configuring using the ASDM, </P><P></P><P>Regards,</P><P></P><P>Namit</P></BODY></HTML> Thu, 23 Sep 2010 17:13:39 GMT https://community.cisco.com/t5/network-security/asdm-and-access-rules/m-p/1521094#M695726 Namit Agarwal 2010-09-23T17:13:39Z https://community.cisco.com/t5/network-security/asdm-and-access-rules/m-p/1521095#M695732 <HTML><HEAD></HEAD><BODY><P>Thanks for the help thus far. </P><P></P><P>Here is the ACL:</P><P></P><P>access-list inside_access_in extended deny udp any eq 3724 any </P><P>access-list inside_access_in extended deny tcp any object-group WoW_TCP any </P><P>access-list inside_access_in extended permit ip any any </P><DIV> </DIV><P></P><P></P><P>... and the network object group that the ACL refers to:</P><P></P><P>object-group service WoW_TCP tcp</P><P> port-object range 1119 1119</P><P> port-object range 3724 3724</P><P> port-object range 4000 4000</P><P> port-object range 6112 6114</P><DIV> </DIV><P></P></BODY></HTML> Fri, 24 Sep 2010 11:57:03 GMT https://community.cisco.com/t5/network-security/asdm-and-access-rules/m-p/1521095#M695732 Jason Sypolt 2010-09-24T11:57:03Z