Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
373
Views
0
Helpful
1
Replies

p2p on a asa/ips

mrkaufman
Beginner
Beginner

‎11-06-2008 12:45 PM - edited ‎03-10-2019 04:22 AM

I have the asa-ssm-20 in my asa. i have it running with policy maps for inline. I can do deny packet and deny connection etc for icmp/reply it works fine for my testing. but i can't get it to stop the connections. I know the manual says "Connection blocks are not supported on security appliances. Security appliances only support host blocks with additional connection information." Then why is it give you the option with inline. Also the deny attacker inline doesn't work with it either.

Thanks

Mike

Labels:
0 Helpful
1 Reply 1

adiwakar
Beginner
Beginner

‎11-09-2008 01:06 PM

Mike,

"Deny connection inline" should work with P2P traffic, in this case the "attacker" is the client on your network, a user, so be careful not to use "deny attacker inline" as it will also start blocking legit traffic. My recommendation is to test from a test PC and use the various inline blocking on simple "non atomic" stateful traffic to see if the blocking works. If it does, the P2P traffic could just be tunneling through http. Certain P2P/IM traffic uses various ports for various things such as "sign in", "chat", "video", etc, and have sub-sigs under the parent sig, be sure to select all the sigs for a particular parent sig.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents