Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12077
Views
0
Helpful
3
Replies

Blocking Torrents in ASA

bilal-javed1
Level 1
Level 1

‎02-10-2013 08:43 AM - edited ‎03-11-2019 05:58 PM

Hi,

Can anybody guide how to block torrents in Cisco ASA firewall or Router anywhere possible?

Thanks

Bilal

Labels:
0 Helpful
3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

‎02-10-2013 09:25 AM

Hello Bilal,

I am going to provide you the answer a provided 2 days ago:

This has  been always an interesting topic here at the community as it looks like the ASA can only block specific P2P sites  but there are additional tools you could use with your ASA to accomplish this ( An example of that is an IPS sensor or module)

Anyway try the following and please keep us posted

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml

Now you could approach this issue on different places on your network ( with the deffense in depth approach ) as if all of this traffic reaches the ASA we are going to have a bottleneck here ( because of the huge amount of traffic being exchanged on P2P sessions ) You could try to combat this with QoS on the switches, routers in between, using NBAR,etc,etc.

NBAR rocks man, here is an example

http://slaptijack.com/networking/controlling-peer-to-peer-p2p-traffic-with-cisco-nbar/

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

bilal-javed1
Level 1
Level 1
In response to Julio Carvajal

‎03-07-2013 02:58 AM

Hi,

Is there any way we can put cap on per user anywhere in router, firwall or WLC?

Becuase from shared pipe, when one user sucks the bandwidth others have to say suffer.

Please guide where should i limit that per user.

Thanks

Bilal

0 Helpful

Patrick Bixler
Level 4
Level 4
In response to bilal-javed1

‎05-23-2016 06:07 AM

I know this is an old topic, but I recently went through this with TAC. 

You cannot do Per User or Per Connection rate limiting through a Cisco ASA.  The attempt I made to do this with a couple of configurations are applied to interfaces so the rate limiting is on the entire connection.

There are ways to rate limit through a router and there are documents for how to do this on a 6800 series route-switch, which may be OK if using this on a core.

In my case, bittorrent traffic is a problem on my guest networks and my guests are all using wireless.  You can rate limit on a per client basis on the WLC and it is rather simple.  My guest SSIDs have the Bronze QoS applied to them, Silver for the common SSIDs, Gold for my corporate SSID, and Platinum for my voice SSID.

To rate-limit on the WLC from the QoS, go to Wireless / QoS / Profiles.  Select the QoS profile to rate limit and adjust the Download and Upload speeds.

You can also go to WLANs / WLANs / WLANs and select the WLAN.  Select the QoS tab and change the rate there.  I do not remember from my TAC Case if this is applied to just the WLAN, or if it applied to the QoS policy that is applied to that WLAN.

My recommendation is apply the QoS on WLANs so that Bronze is only on your Guest network(s) and then rate limit it accordingly. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card