cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

7032
Views
0
Helpful
6
Replies
Highlighted
Beginner

ASA-5510 - how to block p2p & IM

ASA 5510, version 8.4.1 with ASDM 6.4.1

How can I prevent the user to share files with p2 programs (torrent, eMule, etc) and to chat via Instant Messaging, Facebook, Twitter, etc. ?

I find a lot of suggestion, but allways related to 8.3 or older

Thanks

Claudio

Everyone's tags (3)
6 REPLIES 6
Highlighted
Cisco Employee

Re: ASA-5510 - how to block p2p & IM

Hello Claudia,

On ASA 8.4.1 you can use all the suggestion availble for 8.3 & pre-8.3 codes. But the newer clients for yahoo, hotmail, etc and skype can't be blocked using ASA alone. All the new clients & p2p clients use dynamic ports or not know ports thus can't be blocked on ASA.

Again facebook and twitter are available over https and thus can't block the same using http inspection & url filtering.

Hope this helps.

Regards,

Chirag

Highlighted
Beginner

Re: ASA-5510 - how to block p2p & IM

Some news?

I find some suggestion:

http-map inbound_http
 content-length min 100 max 2000 action reset log
 content-type-verification match-req-rsp action reset log
 max-header-length request 100 action reset log
 max-uri-length 100 action reset log
 port-misuse p2p action drop
 port-misuse im action drop
 port-misuse default action allow

but it works only for 7.x (http-map is "deprecated")

Is there a way to convert the commands into policy-map?

Thank's a lot

Claudio

Highlighted
Beginner

Re: ASA-5510 - how to block p2p & IM

Claudio,

Follow this document for configuration in v7.2 and later. This configuration should work in 8.4.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml

Thanks,

Brendan

Highlighted
Beginner

Re: ASA-5510 - how to block p2p & IM

I already know this document, but - as I wrote 2 posts before - it don't work with 8.4 (http-map is "deprecated")

Claudio

Highlighted
Beginner

Re: ASA-5510 - how to block p2p & IM

The "PIX/ASA 7.2 and Later Configuration" portion of the document does not use the http-map. :-)

Thanks,

Brendan

Highlighted
Beginner

Re: ASA-5510 - how to block p2p & IM

Thank's

I have just read the upper part of the document ...