04-13-2011 08:54 AM - edited 03-11-2019 01:20 PM
ASA 5510, version 8.4.1 with ASDM 6.4.1
How can I prevent the user to share files with p2 programs (torrent, eMule, etc) and to chat via Instant Messaging, Facebook, Twitter, etc. ?
I find a lot of suggestion, but allways related to 8.3 or older
Thanks
Claudio
04-13-2011 10:31 AM
Hello Claudia,
On ASA 8.4.1 you can use all the suggestion availble for 8.3 & pre-8.3 codes. But the newer clients for yahoo, hotmail, etc and skype can't be blocked using ASA alone. All the new clients & p2p clients use dynamic ports or not know ports thus can't be blocked on ASA.
Again facebook and twitter are available over https and thus can't block the same using http inspection & url filtering.
Hope this helps.
Regards,
Chirag
05-24-2011 09:05 AM
Some news?
I find some suggestion:
http-map inbound_http
content-length min 100 max 2000 action reset log
content-type-verification match-req-rsp action reset log
max-header-length request 100 action reset log
max-uri-length 100 action reset log
port-misuse p2p action drop
port-misuse im action drop
port-misuse default action allow
but it works only for 7.x (http-map is "deprecated")
Is there a way to convert the commands into policy-map?
Thank's a lot
Claudio
05-26-2011 10:22 AM
Claudio,
Follow this document for configuration in v7.2 and later. This configuration should work in 8.4.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml
Thanks,
Brendan
05-26-2011 11:04 PM
I already know this document, but - as I wrote 2 posts before - it don't work with 8.4 (http-map is "deprecated")
Claudio
05-27-2011 05:39 AM
The "PIX/ASA 7.2 and Later Configuration" portion of the document does not use the http-map. :-)
Thanks,
Brendan
05-27-2011 07:42 AM
Thank's
I have just read the upper part of the document ...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide