Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2566
Views
0
Helpful
4
Replies

Use ASA CX to throttle Bittorrent

Go to solution
scottywc42
Level 1
Level 1

‎11-12-2013 06:01 AM - edited ‎03-11-2019 08:03 PM

I work in education and best practices are to throttle Bittorrent/p2p to less than 10 kbps. If I outright block it the users will either switch to a different p2p protocol or the Bitorrent client will use evasive trickery to avoid application identification by AVC/context aware.

I've done some Googling and every official Cisco doc said traffic shaping is "not in this release of CX" or did not mention traffic shaping as a feature of ASA Context Aware.

http://www.cisco.com/web/learning/le21/le39/docs/tdw153_qa.pdf

My question is, I know ASA Context Aware can block p2p, but does it support throttling p2p?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
radu.ioncu
Level 1
Level 1

‎11-12-2013 01:54 PM

Hi,

Try the latest ASA CX version - 9.2.1.1-48.

Radu

View solution in original post

0 Helpful
4 Replies 4

Go to solution
o.melendres
Level 1
Level 1

‎11-12-2013 10:04 AM

There is an example for blocking p2p on the ASA firewall,

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml

Another one for rate limiting,

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml#rate

But cannot find and example to do both operations together. Would be nice to have both.

0 Helpful

Go to solution
radu.ioncu
Level 1
Level 1

‎11-12-2013 01:54 PM

Hi,

Try the latest ASA CX version - 9.2.1.1-48.

Radu

0 Helpful

Go to solution
o.melendres
Level 1
Level 1
In response to radu.ioncu

‎11-13-2013 09:48 AM

Looks good, have you tested the feature on a production network?

0 Helpful

Go to solution
radu.ioncu
Level 1
Level 1
In response to o.melendres

‎11-13-2013 12:37 PM

Hi,

I have not tested this exact feature yet; however, this release seems stable enough. Watch out for Firefox compatility, some strange error messages when accesing certain menus, and the fact that although you now have Next Generation IPS embedded and a trial version to boot, this specific feature is not orderable.

Radu

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card