05-19-2005 11:51 PM - edited 02-21-2020 12:09 AM
I need to know how to block MS instant messenger with the new PIX 7.0 software.
Can anyone help ?
Thanks.
Rod
05-22-2005 06:22 PM
You can read about advanced HTTP inspection here:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_70/config/inspect.htm#wp1202503
We can only stop this if the IM program tries to use port 80 to get out. I also believe that this inspection currently only covers Yahoo and AOL IM's, but more will be coming soon. Also, this level of HTTP inspection is going to put a greater load on your PIX since it now needs to look into every HTTP packet to see exactly what it is, if you have a lot of HTTP traffic going through this device then you will need to monitor both CPU on the device and response times for normal web traffic to make sure it doesn't have adverse effects.
Having said all that, you first need to create a class map as such:
class-map http_port
match port tcp eq 80
exit
Then create a HTTP inspection map:
http-map outbound_http
port-misuse im action drop
port-misuse default action allow
exit
Then create a policy map to tie the two together:
policy-map outbound_policy
class http-port
inspect http outbound_http
exit
exit
Then finally attach that policy map to an interface:
service-policy outbound_policy interface inside
05-23-2005 12:01 AM
Thank you very much - most helpful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide