cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


448
Views
0
Helpful
3
Replies
Highlighted
Beginner

How to Block Torrent traffic on ASA 5510 Details inside thanks

Hi,

Good day 

I would like to ask how to block torrent traffic on asa 5510?

I tried to this config. but didn't work. any idea??

object-group service Blocked-UDP-Ports udp

description All ports blocked for Bit Torrent UDP

port-object range 10001 65535

port-object range 1024 1193

port-object range 1195 9999

object-group service BitTorrent-Tracker tcp

description TCP Ports used by Bit Torrent for tracker communication

port-object eq 2710

port-object range 6881 6999

 

access-list inside_access_in extended deny udp any any object-group Blocked-UDP-Ports log warnings inactive

access-list inside_access_in extended deny tcp any any object-group BitTorrent-Tracker log warnings inactive

 

Thank you in advance

Everyone's tags (3)
3 REPLIES 3
Cisco Employee

Hi,I think the configuration

Hi,

I think the configuration that you have pasted covers most of the common ports.

Still , I think it is difficult to block this application using the ACL alone.

Although , the ports that you have blocked might also cause some other things not to work as the range is quite wide.

If you are okay with these ranges being blocked , I would recommend you to follow the reactive approach and try to enable debug syslog on ASDM and test the torrent traffic and simultaneously filter the logs on the ASDM to see which ports are being used and then add them to the ACL.

Thanks and Regards,

Vibhor Amrodia

Beginner

You're right. So complicated

You're right. So complicated regards with those ports some of my application won't work when I enable on inside interface I'm experiencing network issues. Hahaha.. 

But for now I usegp gp on server side to disable it but it's too easy to bypass.

How about disabling p2p??

And how about teamviewer is it possible with acl port 5...?

 

Thank you

Arvin r.

 

Cisco Employee

Hi,These application uses the

Hi,

These application uses the random Dynamic ports and that is the reason they are hard to block using a static ACL policy.

I think if you try to block a wide range of ports that might affect the other traffic so i would recommend against it.

I would suggest to go for a smarter solution like a external module which is specifically made for this requirement.

Thanks and Regards,

Vibhor Amrodia