cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
358
Views
10
Helpful
2
Replies

PIX 7.0 - How do I block MS instant messenger

rod.blackie
Level 1
Level 1

I need to know how to block MS instant messenger with the new PIX 7.0 software.

Can anyone help ?

Thanks.

Rod

2 Replies 2

gfullage
Cisco Employee
Cisco Employee

You can read about advanced HTTP inspection here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_70/config/inspect.htm#wp1202503

We can only stop this if the IM program tries to use port 80 to get out. I also believe that this inspection currently only covers Yahoo and AOL IM's, but more will be coming soon. Also, this level of HTTP inspection is going to put a greater load on your PIX since it now needs to look into every HTTP packet to see exactly what it is, if you have a lot of HTTP traffic going through this device then you will need to monitor both CPU on the device and response times for normal web traffic to make sure it doesn't have adverse effects.

Having said all that, you first need to create a class map as such:

class-map http_port

   match port tcp eq 80

   exit

Then create a HTTP inspection map:

http-map outbound_http

   port-misuse im action drop

   port-misuse default action allow

   exit

Then create a policy map to tie the two together:

policy-map outbound_policy

   class http-port

   inspect http outbound_http

   exit

   exit

Then finally attach that policy map to an interface:

service-policy outbound_policy interface inside

Thank you very much - most helpful.

Review Cisco Networking for a $25 gift card