cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7573
Views
0
Helpful
6
Replies

ASA-5510 - how to block p2p & IM

battanc
Level 1
Level 1

ASA 5510, version 8.4.1 with ASDM 6.4.1

How can I prevent the user to share files with p2 programs (torrent, eMule, etc) and to chat via Instant Messaging, Facebook, Twitter, etc. ?

I find a lot of suggestion, but allways related to 8.3 or older

Thanks

Claudio

6 Replies 6

csaxena
Cisco Employee
Cisco Employee

Hello Claudia,

On ASA 8.4.1 you can use all the suggestion availble for 8.3 & pre-8.3 codes. But the newer clients for yahoo, hotmail, etc and skype can't be blocked using ASA alone. All the new clients & p2p clients use dynamic ports or not know ports thus can't be blocked on ASA.

Again facebook and twitter are available over https and thus can't block the same using http inspection & url filtering.

Hope this helps.

Regards,

Chirag

Some news?

I find some suggestion:

http-map inbound_http
 content-length min 100 max 2000 action reset log
 content-type-verification match-req-rsp action reset log
 max-header-length request 100 action reset log
 max-uri-length 100 action reset log
 port-misuse p2p action drop
 port-misuse im action drop
 port-misuse default action allow

but it works only for 7.x (http-map is "deprecated")

Is there a way to convert the commands into policy-map?

Thank's a lot

Claudio

Claudio,

Follow this document for configuration in v7.2 and later. This configuration should work in 8.4.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml

Thanks,

Brendan

I already know this document, but - as I wrote 2 posts before - it don't work with 8.4 (http-map is "deprecated")

Claudio

The "PIX/ASA 7.2 and Later Configuration" portion of the document does not use the http-map. :-)

Thanks,

Brendan

Thank's

I have just read the upper part of the document ...

Review Cisco Networking for a $25 gift card