https://community.cisco.com/t5/network-security/p2p-and-tunneling/m-p/679379#M87226 <P>hi all , </P><P></P><P>I am having ASA with AIP card , users are using lots of p2p applications and tunneling softwares and becoz of that my internet bandwidth gets chocked , and i have to restart the ASA. I want to block p2p application and tunneling. is it possible ... </P><P>kindly help me..</P><P></P><P>Regards</P><P></P> Sun, 10 Mar 2019 10:31:13 GMT amit.seth 2019-03-10T10:31:13Z https://community.cisco.com/t5/network-security/p2p-and-tunneling/m-p/679379#M87226 <P>hi all , </P><P></P><P>I am having ASA with AIP card , users are using lots of p2p applications and tunneling softwares and becoz of that my internet bandwidth gets chocked , and i have to restart the ASA. I want to block p2p application and tunneling. is it possible ... </P><P>kindly help me..</P><P></P><P>Regards</P><P></P> Sun, 10 Mar 2019 10:31:13 GMT https://community.cisco.com/t5/network-security/p2p-and-tunneling/m-p/679379#M87226 amit.seth 2019-03-10T10:31:13Z https://community.cisco.com/t5/network-security/p2p-and-tunneling/m-p/679380#M87227 <HTML><HEAD></HEAD><BODY><P>Seth,</P><P></P><P>I saw you have been asking this question for quite some time (with no replys) and what you want to do is something I have been wanting to do so I open a ticket with TAC and below is the response from the TAC tech. It at least will get us both started. From TAC:</P><P></P><P>"Hello Paul,</P><P></P><P>My name is Andrew and I will be the TAC engineer, working with you on this case. The following IPS signatures are designed to block P2P traffic:</P><P></P><P><A class="jive-link-custom" href="http://tools.cisco.com/MySDN/Intelligence/viewThreat.x?threatId=3794" target="_blank">http://tools.cisco.com/MySDN/Intelligence/viewThreat.x?threatId=3794</A></P><P></P><P>You can configure these signatures to drop the unwanted traffic when it traverses the IPS module. An alternative solution would be to configure an HTTP Inspection map on the ASA. For instance, the following map will block HTTP tunnelled traffic over port TCP/80 recording each attempt to pass such traffic in the logs:</P><P></P><P>class HTTP_TRAFFIC</P><P> match port tcp eq 80</P><P></P><P>policy-map type inspect http BLOCK_P2P</P><P>class _default_gator</P><P> drop-connection log</P><P>class _default_kazaa</P><P> drop-connection log</P><P>class _default_http-tunnel</P><P> drop-connection log</P><P>class _default_gnu-http-tunnel</P><P> drop-connection log</P><P>class _default_httport-tunnel</P><P> drop-connection log</P><P>class _default_firethru-tunnel</P><P> drop-connection log</P><P></P><P>policy-map global_policy</P><P> class HTTP_TRAFFIC</P><P> inspect http BLOCK_P2P</P><P></P><P>service-policy global_policy global</P><P></P><P>Please let me know if you have any more questions. Should you need assistance outside of my normal hours, please call TAC Hotline at 1-800-553-2447. Thanks!"</P><P></P><P></P><P></P></BODY></HTML> Mon, 19 Mar 2007 01:50:01 GMT https://community.cisco.com/t5/network-security/p2p-and-tunneling/m-p/679380#M87227 pguibord 2007-03-19T01:50:01Z https://community.cisco.com/t5/network-security/p2p-and-tunneling/m-p/679381#M87228 <HTML><HEAD></HEAD><BODY><P>Thank you very much for such a specific and clear response.</P><P></P><P>Regards</P><P></P></BODY></HTML> Mon, 19 Mar 2007 07:37:03 GMT https://community.cisco.com/t5/network-security/p2p-and-tunneling/m-p/679381#M87228 amit.seth 2007-03-19T07:37:03Z