Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
573
Views
0
Helpful
1
Replies

Cisco 1811 - how to block P2P and Messaging traffic

Go to solution
OSJF2009SDL
Level 1
Level 1

‎01-14-2011 03:15 AM - edited ‎03-11-2019 12:35 PM

Hi,

I have a couple of Cisco 1811 IOS routers and I'm looking for a way to block P2P and instant messaging traffic on my networks. I understand there are different ways to do that, but I'm absolutely not sure what the right way is.

I tried to configure "ip inspect" rules but it didn't worked at all. I also read about NBAR but then read a comment about it beeing "too old" to approach todays P2P technics.

Basically I have 4 sites, each site has a single LAN configured as a VLAN interface. I need to configure firewalling to block everything except HTTP/S, DNS, ICMP, FTP, SMTP and NTP. I also need to make sure that VPN traffic is not affected by firewall rules.

I don't have access to my router configs from my current location, I will attach them later to this post.

Any help on how to accomplish my task would be greatly appreciated.

kind regards,

Sebastian

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sean_evershed
Level 7
Level 7

‎01-14-2011 05:01 AM

Hi,

I suggest that you have a look at configuring Zone Based Firewalls (ZBF).

See below a design guide

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml

See below allowing VPN traffic through a ZBF

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/prod_white_paper0900aecd8062a909.html

See below a link describing the differences between a Classic IOS firewall and ZBF

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/prod_white_paper0900aecd806f31f9.html

See also a sample config of a ZBF

http://www.dslreports.com/faq/15839

Please remember to rate all posts that are helpful

View solution in original post

0 Helpful
1 Reply 1

Go to solution
sean_evershed
Level 7
Level 7

‎01-14-2011 05:01 AM

Hi,

I suggest that you have a look at configuring Zone Based Firewalls (ZBF).

See below a design guide

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml

See below allowing VPN traffic through a ZBF

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/prod_white_paper0900aecd8062a909.html

See below a link describing the differences between a Classic IOS firewall and ZBF

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/prod_white_paper0900aecd806f31f9.html

See also a sample config of a ZBF

http://www.dslreports.com/faq/15839

Please remember to rate all posts that are helpful

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card