07-23-2014 09:07 AM - edited 03-11-2019 09:31 PM
Hello,
We have Cisco ASA 5525 with Software Version 8.6(1)2. We have permitted all the traffic from inside to outside.
Now we want to block P2P sharing Bit torrent to internet sites. Please help me with the configuration.
We have DMZ setup & also inline IPS module.
Thanks in advance.
Regards,
Sandeshc Chavan.
07-23-2014 09:39 AM
Hi Chavan ,
You can try to block this by port.
The well known TCP port for BitTorrent traffic is 6881-6889 (and 6969 for the tracker port).
The config is
Access-list BLOCK-P2P-TRAFFIC deny tcp any any range 6881 6889 log
And applies to the desire interface with the "Access-group command"
For example:
Access-group BLOCK-P2P-TRAFFIC outbound interface DMZ
However Blocking Bittorrent is challenging, and can't really be done effectively with port blocks. The standard ports are 6881-6889 TCP, but the protocol can be run on any port, and the peer-to-peer nature of the protocol means that discovering peers that use unblocked ports is simple.
Also you can execute from the cmd on windows the command netstat -a and check the port Bit torrent is using .
Hope this helps.
07-24-2014 12:24 AM
I also got below configuration from below link for Software Version 8.0 (2). Do you think it will work with Software Version 8.6(1)2?
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98684-pixasa-imblock-config.html
class-map P2P
match port tcp eq www
policy-map type inspect http P2P_HTTP
parameters
match request uri regex _default_gator
drop-connection log
match request uri regex _default_x-kazaa-network
drop-connection log
policy-map P2P
class P2P
inspect http P2P_HTTP
service-policy P2P interface inside
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide