03-09-2015 09:21 AM - edited 03-11-2019 10:36 PM
Hi,
Iwould like to ask how to block team viewer on my asa 5510 7.0 version??
Thanks
Solved! Go to Solution.
03-09-2015 07:29 PM
Hi Arvin,
Found this in one of the threads. Please try this and see if helps. It doesn't seem to have helped some customers.
regex TV-RGX “\.teamviewer\.com”
regex DG-RGX “\.dyngate\.com”
class-map type regex match-any TV-CLS
match regex DG-RGX
match regex TV-RGX
policy-map type inspect dns TV-PLC
parameters
message-length maximum 512
match domain-name regex class TV-CLS
drop
policy-map global_policy
class inspection_default
inspect dns TV-PLC
https://supportforums.cisco.com/discussion/11536791/block-teamviwer-cisco-asa-5520-82
https://supportforums.cisco.com/discussion/11431411/block-teamviewer-asa-842
https://supportforums.cisco.com/discussion/11341751/how-block-teamviewerlogmeingotomypc-etc
You can also try blocking the IP's of the teamviewer servers itself. But again these applications are designed to evade the firewalls and content filtering is required to block them.
Regards,
Kanwal
Note: Please mark answers if they are helpful.
03-09-2015 07:29 PM
Hi Arvin,
Found this in one of the threads. Please try this and see if helps. It doesn't seem to have helped some customers.
regex TV-RGX “\.teamviewer\.com”
regex DG-RGX “\.dyngate\.com”
class-map type regex match-any TV-CLS
match regex DG-RGX
match regex TV-RGX
policy-map type inspect dns TV-PLC
parameters
message-length maximum 512
match domain-name regex class TV-CLS
drop
policy-map global_policy
class inspection_default
inspect dns TV-PLC
https://supportforums.cisco.com/discussion/11536791/block-teamviwer-cisco-asa-5520-82
https://supportforums.cisco.com/discussion/11431411/block-teamviewer-asa-842
https://supportforums.cisco.com/discussion/11341751/how-block-teamviewerlogmeingotomypc-etc
You can also try blocking the IP's of the teamviewer servers itself. But again these applications are designed to evade the firewalls and content filtering is required to block them.
Regards,
Kanwal
Note: Please mark answers if they are helpful.
03-09-2015 07:47 PM
Hi Sir Kanwal,
When I typed regex there an error "Unrecognized Commannd" is it compatible with my ASA?
So I couldn't continue to the next step.
Also I tried to disable it by its port no. but its not working with Outside int. but when I which to Inside Im experiencing network Issues.
object-group service TeamView tcp
port-object eq 5938
access-list outside_access_in extended deny tcp any any object-group TeamView
thanks
Arvin R.
03-09-2015 07:59 PM
Hi Arvin,
Please call me just "Kanwal":) Also, i am not very sure if version 7 had regex command. I was hoping it is but on version 9 which is there in lab i see the command is there.
ASA5585-2(config)# regex ?
configure mode commands/options:
WORD < 129 char Specify the name of the regular expression
If it is not there in 7, i am not sure what else we can do because we need devices like iron port proxy or websense which can block these kind of apps.
Regards,
Kanwal
Note: Please mark answers if they are helpful.
03-09-2015 08:31 PM
Hi Kanwal,
Sad to say but there is no regex command on my firewall ASA 5510.
I would like to ask if there is an alternative to regex?
I not sure with upgrading because its too complicated one mistake could be a trouble to everyone :))hahaha
thank you
Arvin Robel
03-09-2015 08:36 PM
Hi Arvin,
Not any that i am aware of other than blocking the server IP's of the teamviewer by creating ACL. But if it resolves to any other IP, it will start working. So not sure of any other way on ASA.
Sorry to be of no further help.
Regards,
Kanwal
Note: Please mark answers if they are helpful.
03-09-2015 08:59 PM
Hi Kanwal,
Noted.
thank you for you response
Arvin R.
03-09-2015 08:10 PM
Hi Arvin,
I do see regex command in there in 7.2, however i cannot see it in 7.0 so you can try and upgrade depending upon your necessity.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa72/command/reference/cmd_ref.html
More about regular expressions:
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100513-ASARegexp.html
Regards,
Kanwal
Note: Please mark answers if they are helpful.
03-09-2015 08:34 PM
Hi Arvin,
The command regex was introduced on Cisco ASA version 7.0(2). Please validate your code.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/I-R/cmdref2/m3.html#pgfId-2118086
Regards,
Tushar Bangia
Note - Please rate post if you find it helpful!!
03-09-2015 08:42 PM
Hi Tushar,
May I ask how about ASA 7.0 (6) ?
Thanks
Arvin R.
03-09-2015 09:06 PM
Hi Arvin,
Apologies, i overlooked the link which i shared with you. The support for regex was introduced on Cisco ASA version 7.2.1.
I would encourage you to migrate to new Cisco ASA release as Cisco ASA 7.0 would be end of life soon.
Please refer below link for confirmation.
EOL:
http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/end_of_life_c51-588227.html
Regards,
Tushar Bangia
Note : Please rate post if you find it helpful!!
03-09-2015 09:11 PM
My Lab ASA also confirm this:
EYPIX-Primary(config)# regex ?
configure mode commands/options:
WORD < 41 char Specify the name of the regular expression
EYPIX-Primary(config)# sh ver
Cisco Adaptive Security Appliance Software Version 7.2(4)30
Detected an old ASDM version.
You will need to upgrade it before using ASDM.
Compiled on Wed 18-Mar-09 16:25 by builders
System image file is "disk0:/asa724-30-k8.bin"
Config file at boot was "startup-config"
EYPIX-Primary up 9 mins 45 secs
failover cluster up 9 mins 45 secs
Hardware: ASA5540, 2048 MB RAM, CPU Pentium 4 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05
0: Ext: GigabitEthernet0/0 : address is 5475.d0e3.b3a8, irq 9
1: Ext: GigabitEthernet0/1 : address is 5475.d0e3.b3a9, irq 9
2: Ext: GigabitEthernet0/2 : address is 5475.d0e3.b3aa, irq 9
3: Ext: GigabitEthernet0/3 : address is 5475.d0e3.b3ab, irq 9
4: Ext: Management0/0 : address is 5475.d0e3.b3a7, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Regards,
Tushar Bangia
Note : Please do rate post in case you find the post helpful!!
03-09-2015 09:38 PM
Hi Tushar,
I'm using cisco asa 5510, For now its too complicated to update my version.
thanks
Arvin R.
03-09-2015 10:02 PM
Hi Arvin,
The alternate in this scenario is to have any external URL filtering service such as Webesense/Iront port or you can avail some cloud based services too such as Z-Scaler etc.
Regards,
Tushar Bangia
Note: Please do rate post in case you find it helpful!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: