cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
373
Views
0
Helpful
1
Replies

p2p on a asa/ips

mrkaufman
Beginner
Beginner

I have the asa-ssm-20 in my asa. i have it running with policy maps for inline. I can do deny packet and deny connection etc for icmp/reply it works fine for my testing. but i can't get it to stop the connections. I know the manual says "Connection blocks are not supported on security appliances. Security appliances only support host blocks with additional connection information." Then why is it give you the option with inline. Also the deny attacker inline doesn't work with it either.

Thanks

Mike

1 Reply 1

adiwakar
Beginner
Beginner

Mike,

"Deny connection inline" should work with P2P traffic, in this case the "attacker" is the client on your network, a user, so be careful not to use "deny attacker inline" as it will also start blocking legit traffic. My recommendation is to test from a test PC and use the various inline blocking on simple "non atomic" stateful traffic to see if the blocking works. If it does, the P2P traffic could just be tunneling through http. Certain P2P/IM traffic uses various ports for various things such as "sign in", "chat", "video", etc, and have sub-sigs under the parent sig, be sure to select all the sigs for a particular parent sig.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers