Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
460
Views
10
Helpful
5
Replies

How would you set up PIX 7.0 to block KaZaA?

douglas.carmichael
Level 1
Level 1

‎04-09-2005 09:06 AM - edited ‎02-21-2020 12:04 AM

I looked at the PIX 7.0 data sheet (http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet0900aecd80225ae1.html), and it talked about being able to block P2P apps like KaZaA/Gnutella as well as other tunneling apps like GoToMyPC.

However, when I looked in the 7.0 documentation, it didn't say anything about blocking either of those kinds of apps.

How would KaZaA/Gnutella/GoToMyPC blocking be set up?

Thanks.

--Douglas

0 Helpful
5 Replies 5

bphan
Level 1
Level 1

‎04-10-2005 07:22 AM

Hi Douglas:

Here's an example of how you can create an HTTP inspection policy and apply it to the outside interface inorder to filter P2P app such as KazaA, or tunneling application like GotoMyPC,GNU Httptunnel,Firethru.

!Classify traffic http traffic(on port 80 in this !case to be inspected. This will corresponse to the !'class http-port' statement that comes later in this !config

class-map http-port

match port tcp eq 80

!Define an http map and apply p2p,tunneling app !filtering

!Drop p2p/tunneling apps and allow the traffic !contains a supported request method that is not on a !configured list

http-map inbound_http

port-misuse p2p action drop

port-misuse tunneling action drop

port-misuse default action allow

!Create a policy map and apply http inspection policy

!to the policy

policy-map inbound_policy

class http-port

inspect http inbound_http

!Apply the policy to the outside interface

service-policy inbound_policy interface outside

For more information about the syntax of the above commands, please see PIX 7.0 command reference at the following link:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_70/70cmdref/index.htm

Please rate this posting appropriately if you find it helpful.

Sincerely,

Binh

sachinraja
Level 9
Level 9
In response to bphan

‎04-11-2005 01:22 AM

Binh, that was a useful post.. thanks for the configs. you deserve a 5/5 for this !!!

0 Helpful

bphan
Level 1
Level 1
In response to sachinraja

‎04-11-2005 07:52 AM

Thanks, Raj.

Binh

0 Helpful

bphan
Level 1
Level 1
In response to sachinraja

‎04-11-2005 08:45 AM

Thanks, Raj.

Binh

0 Helpful

thibaut.leduc
Level 1
Level 1
In response to bphan

‎04-12-2005 11:17 PM

hi,

Sorry, but in your config, you use only port 80 ! if I change my port in Kazaa by example... I believe that it's not a very good solution to match only port 80...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top