07-02-2003 07:02 AM - edited 03-02-2019 08:34 AM
Ok here is how I am blocking Peer to peer network programs.. I have this is many of our remote offices and it has not proved to be a problem for clients . Now in one of our offices a client has problems with his VPN being slow and dropping connections. WHen I take the programming off it works fine. With it on it has problems can anyone tell me why and how I can resolve it and still block or limit the perr to peer file sharing...
thanks
Aaron
I am using a cisco 2621 with one of the latest IOS images on it.
**************
class-map match-any p2p
match protocol fasttrack
match protocol gnutella
match protocol napster
match protocol http url "\.hash=*"
match protocol http url "/.hash=*"
match protocol kazaa2
policy-map p2p
class p2p
police cir 28500 bc 14400 be 14400
conform-action transmit
exceed-action drop
interface FastEthernet0/1
service-policy input p2p
service-policy output p2p
*********
07-08-2003 07:07 AM
I read something about a problem with Kazaa and IOS release 12.2 (13). What is the IOS release that you are using on your Router.You could also take a look at the release notes. Here's what it says.
NBAR is incorrectly matching packets as Kazaa2 in 12.2(13)T1. The problem was seen on a 7200-series router and 1700-series router and appears to be a platform-independent problem. Kazaa2 can use any available port, including DNS (53) and HTTP (80), and NBAR looks into the packet to see if it's a Kazaa2 packet.
This problem results in non-Kazaa2 traffic being matched and having actions taken on the traffic that are detrimental to network performance, such as the rate-limiting of DNS, web traffic, and e-mail (and only Kazaa2 traffic was configured to be rate-limited / policed). It can also cause other features to fail, such as vpn tunnels not coming up, because the packets needed to establish the connections are incorrectly marked as Kazaa2 traffic and possibly dropped or rate-limited.
The solution is to load the Kazaa2 pdlm currently available on CCO and use the "ip nbar pdlm" command to load the pdlm from flash.
Hope this helps.
07-08-2003 07:38 AM
I am using 12.2 13 T3.....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide