Solved: How to Block Torrent traffic on ASA 5510

Sabby0115 · ‎08-31-2013

Hello

I have CISCO ASA 5510 without AIP-SSM module. Now the task is to block TORRENT traffic for wifi and inside (network) users. How can i block torrent traffic?

Please help it really urgent

Thanks

Jernej Vodopivec · ‎08-31-2013

You'll need L7 inspection which older ASA models don't support.

ASA CX module (supported on ASA-X models only): http://asacx-cisco.com/#

Or if your budget is very limited you can try with Cisco ISA 550/570.

View solution in original post

Jernej Vodopivec · ‎08-31-2013

You'll need L7 inspection which older ASA models don't support.

ASA CX module (supported on ASA-X models only): http://asacx-cisco.com/#

Or if your budget is very limited you can try with Cisco ISA 550/570.

turbo_engine26 · ‎09-01-2013

Hi,

You can add these access entries that define the bittorent port range. As shown below,

access-list Inside_IN deny tcp any any range 6881 6887

access-list Inside_IN deny udp any any range 6881 6887

access-group Inside-IN in interface inside

Note: The above configuration assumes that you already have an inside ACL created. If you don't, create one and make sure that other necessary services are added such as http, https, dns. Otherwise, users will not be able to access the internet entirely.

Another better method is to use a 3rd party URL/Web filtering software that is supported by ASA. This software has an already defined category for P2P applications such as BT, so you can block it by category rather than by ports. Examples of supported softwares, WebSense and Smart Filter.

Regards,

AM