Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
801
Views
1
Helpful
2
Replies

I wish to block P2p & IM but, I also deny Yahoo & Google web sites

geraghtyconor
Level 1
Level 1

‎05-29-2008 07:00 AM - edited ‎03-11-2019 05:51 AM

PIX 515E 7.0 (4)

Following http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml

All commands excepted without problems however, yahoo/google are blocked - i can get onto cisco.com. Any ideas?

Here is the config followed by a hasty reload when the company couldn't surf.

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

inspect pptp

!

service-policy global_policy global

: end

uk-pix#

uk-pix#

uk-pix#

uk-pix# conf t

uk-pix(config)# http-map inbound_http

uk-pix(config-http-map)# content-length min 100 max 2000 action reset log

uk-pix(config-http-map)# content-type-verification match-req-rsp action reset$

uk-pix(config-http-map)# max-header-length request 100 action reset log

uk-pix(config-http-map)# max-uri-length 100 action reset log

uk-pix(config-http-map)# port-misuse p2p action drop

uk-pix(config-http-map)# port-misuse im action drop

uk-pix(config-http-map)# port-misuse default action allow

uk-pix(config-http-map)# exit

uk-pix(config)# class-map http-port

uk-pix(config-cmap)# match port tcp eq www

uk-pix(config-cmap)# exit

uk-pix(config)# policy-map inbound_policy

uk-pix(config-pmap)# class http-port

uk-pix(config-pmap-c)# inspect http inbound_http

uk-pix(config-pmap-c)# exit

uk-pix(config-pmap)# exit

uk-pix(config)# service-policy inbound_policy interface outside

uk-pix(config)#

uk-pix# rel

System config has been modified. Save? [Y]es/[N]o:

Proceed with reload? [confirm]

uk-pix#

Labels:
0 Helpful
2 Replies 2

smahbub
Level 6
Level 6

‎06-04-2008 01:27 PM

The document present in the following link describes how to configure the Cisco Security Appliances PIX/ASA using Modular Policy Framework (MPF) in order to block the Peer-to-Peer (P2P) and Instant Messaging (IM), such as MSN Messenger and Yahoo Messenger, traffic from the inside network to the Internet. Also, this document provides information on how to configure the PIX/ASA in order to allow the two hosts to use IM applications while the rest of the hosts remain blocked.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml

geraghtyconor
Level 1
Level 1
In response to smahbub

‎06-04-2008 11:25 PM

Thx BUT - that's the link I inserted above!! This procedure ASLO denies my users access to yahoo.co.uk and google.com. I JUST want to deny IM and P2P.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card