Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
380
Views
4
Helpful
2
Replies

Blocking Kazaa causing vpn problems

aseamans
Level 1
Level 1

‎07-02-2003 07:02 AM - edited ‎03-02-2019 08:34 AM

Ok here is how I am blocking Peer to peer network programs.. I have this is many of our remote offices and it has not proved to be a problem for clients . Now in one of our offices a client has problems with his VPN being slow and dropping connections. WHen I take the programming off it works fine. With it on it has problems can anyone tell me why and how I can resolve it and still block or limit the perr to peer file sharing...

thanks

Aaron

I am using a cisco 2621 with one of the latest IOS images on it.

**************

class-map match-any p2p

match protocol fasttrack

match protocol gnutella

match protocol napster

match protocol http url "\.hash=*"

match protocol http url "/.hash=*"

match protocol kazaa2

policy-map p2p

class p2p

police cir 28500 bc 14400 be 14400

conform-action transmit

exceed-action drop

interface FastEthernet0/1

service-policy input p2p

service-policy output p2p

*********

Labels:
0 Helpful
2 Replies 2

owillins
Level 6
Level 6

‎07-08-2003 07:07 AM

I read something about a problem with Kazaa and IOS release 12.2 (13). What is the IOS release that you are using on your Router.You could also take a look at the release notes. Here's what it says.

NBAR is incorrectly matching packets as Kazaa2 in 12.2(13)T1. The problem was seen on a 7200-series router and 1700-series router and appears to be a platform-independent problem. Kazaa2 can use any available port, including DNS (53) and HTTP (80), and NBAR looks into the packet to see if it's a Kazaa2 packet.

This problem results in non-Kazaa2 traffic being matched and having actions taken on the traffic that are detrimental to network performance, such as the rate-limiting of DNS, web traffic, and e-mail (and only Kazaa2 traffic was configured to be rate-limited / policed). It can also cause other features to fail, such as vpn tunnels not coming up, because the packets needed to establish the connections are incorrectly marked as Kazaa2 traffic and possibly dropped or rate-limited.

The solution is to load the Kazaa2 pdlm currently available on CCO and use the "ip nbar pdlm" command to load the pdlm from flash.

Hope this helps.

aseamans
Level 1
Level 1
In response to owillins

‎07-08-2003 07:38 AM

I am using 12.2 13 T3.....

0 Helpful
Customers Also Viewed These Support Documents