Following the Cisco recommended guidelines, I appear to be blocking legit traffic to our web servers with fastrack and gnutella ports. Any ideas around this problem?
Example:
Class Map match-any p2p (id 2)
Match protocol fasttrack file-transfer "*"
Match protocol gnutella file-transfer "*"
Policy Map block-p2p
class p2p
set ip dscp 1
Access-List
deny ip any any dscp 1 log-input (746 matches)
Log
Jun 16 10:31:04 L0.core3.900walnut.net 809: Jun 16 10:31:03 CDT: %SEC-6-IPACCESSLOGP: list outbound denied tcp 209.96.51.7(80) (FastEthernet0/0 0010.ffe8.9808) -> 65.234.44.33(1214), 4 packets
Jun 16 10:31:16 L0.core1.900walnut.net 15014: Jun 16 10:31:15 CDT: %SEC-6-IPACCESSLOGP: list outbound denied tcp 209.96.51.23(80) (FastEthernet0/1/0 00e0.3499.e800) -> 65.69.94.106(5634), 1 packet