02-10-2013 08:43 AM - edited 03-11-2019 05:58 PM
Hi,
Can anybody guide how to block torrents in Cisco ASA firewall or Router anywhere possible?
Thanks
Bilal
02-10-2013 09:25 AM
Hello Bilal,
I am going to provide you the answer a provided 2 days ago:
This has been always an interesting topic here at the community as it looks like the ASA can only block specific P2P sites but there are additional tools you could use with your ASA to accomplish this ( An example of that is an IPS sensor or module)
Anyway try the following and please keep us posted
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml
Now you could approach this issue on different places on your network ( with the deffense in depth approach ) as if all of this traffic reaches the ASA we are going to have a bottleneck here ( because of the huge amount of traffic being exchanged on P2P sessions ) You could try to combat this with QoS on the switches, routers in between, using NBAR,etc,etc.
NBAR rocks man, here is an example
http://slaptijack.com/networking/controlling-peer-to-peer-p2p-traffic-with-cisco-nbar/
Regards,
03-07-2013 02:58 AM
Hi,
Is there any way we can put cap on per user anywhere in router, firwall or WLC?
Becuase from shared pipe, when one user sucks the bandwidth others have to say suffer.
Please guide where should i limit that per user.
Thanks
Bilal
05-23-2016 06:07 AM
I know this is an old topic, but I recently went through this with TAC.
You cannot do Per User or Per Connection rate limiting through a Cisco ASA. The attempt I made to do this with a couple of configurations are applied to interfaces so the rate limiting is on the entire connection.
There are ways to rate limit through a router and there are documents for how to do this on a 6800 series route-switch, which may be OK if using this on a core.
In my case, bittorrent traffic is a problem on my guest networks and my guests are all using wireless. You can rate limit on a per client basis on the WLC and it is rather simple. My guest SSIDs have the Bronze QoS applied to them, Silver for the common SSIDs, Gold for my corporate SSID, and Platinum for my voice SSID.
To rate-limit on the WLC from the QoS, go to Wireless / QoS / Profiles. Select the QoS profile to rate limit and adjust the Download and Upload speeds.
You can also go to WLANs / WLANs / WLANs and select the WLAN. Select the QoS tab and change the rate there. I do not remember from my TAC Case if this is applied to just the WLAN, or if it applied to the QoS policy that is applied to that WLAN.
My recommendation is apply the QoS on WLANs so that Bronze is only on your Guest network(s) and then rate limit it accordingly.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide