11-12-2013 06:01 AM - edited 03-11-2019 08:03 PM
I work in education and best practices are to throttle Bittorrent/p2p to less than 10 kbps. If I outright block it the users will either switch to a different p2p protocol or the Bitorrent client will use evasive trickery to avoid application identification by AVC/context aware.
I've done some Googling and every official Cisco doc said traffic shaping is "not in this release of CX" or did not mention traffic shaping as a feature of ASA Context Aware.
http://www.cisco.com/web/learning/le21/le39/docs/tdw153_qa.pdf
My question is, I know ASA Context Aware can block p2p, but does it support throttling p2p?
Solved! Go to Solution.
11-12-2013 01:54 PM
11-12-2013 10:04 AM
There is an example for blocking p2p on the ASA firewall,
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml
Another one for rate limiting,
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml#rate
But cannot find and example to do both operations together. Would be nice to have both.
11-12-2013 01:54 PM
Hi,
Try the latest ASA CX version - 9.2.1.1-48.
Radu
11-13-2013 09:48 AM
Looks good, have you tested the feature on a production network?
11-13-2013 12:37 PM
Hi,
I have not tested this exact feature yet; however, this release seems stable enough. Watch out for Firefox compatility, some strange error messages when accesing certain menus, and the fact that although you now have Next Generation IPS embedded and a trial version to boot, this specific feature is not orderable.
Radu
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide