I also got below

Sandesh Chavan · ‎07-23-2014

Hello,

We have Cisco ASA 5525 with Software Version 8.6(1)2. We have permitted all the traffic from inside to outside.

Now we want to block P2P sharing Bit torrent to internet sites. Please help me with the configuration.

We have DMZ setup & also inline IPS module.

Thanks in advance.

Regards,

Sandeshc Chavan.

rvarelac · ‎07-23-2014

Hi Chavan ,

You can try to block this by port.

The well known TCP port for BitTorrent traffic is 6881-6889 (and 6969 for the tracker port).

The config is

Access-list BLOCK-P2P-TRAFFIC deny tcp any any range 6881 6889 log

And applies to the desire interface with the "Access-group command"

For example:

Access-group BLOCK-P2P-TRAFFIC outbound interface DMZ

However Blocking Bittorrent is challenging, and can't really be done effectively with port blocks. The standard ports are 6881-6889 TCP, but the protocol can be run on any port, and the peer-to-peer nature of the protocol means that discovering peers that use unblocked ports is simple.

Also you can execute from the cmd on windows the command netstat -a and check the port Bit torrent is using .

Hope this helps.

Sandesh Chavan · ‎07-24-2014

I also got below configuration from below link for Software Version 8.0 (2). Do you think it will work with Software Version 8.6(1)2?

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98684-pixasa-imblock-config.html

class-map P2P
match port tcp eq www

policy-map type inspect http P2P_HTTP
parameters
match request uri regex _default_gator
drop-connection log
match request uri regex _default_x-kazaa-network
drop-connection log

policy-map P2P
class P2P
inspect http P2P_HTTP

service-policy P2P interface inside

P2P blocking on ASA 5525 with Software Version 8.6(1)2