cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

3214
Views
0
Helpful
6
Replies
simonyeeklang
Beginner

Confirguration of ACL to block messenger

Hi,

I have

Model: SRP527W, ADSL2+ AnnexA, 802.11n ETSI,  2FXS/1FXO
Product ID: SRP527W-U-E-K9

I need to block Yahoo and MSN messenger using either ACL or Advanced Firewall.

Thanks

Simon Yee

Best Regards, Mr. Simon Yee Document Control Budi Feed Sdn. Bhd.(827186-P) Lot 11940, Jalan Perajurit 1, Off Jalan Perajurit, Kampung Tengah, Telok Gong, 42000 Port Klang, Selangor Darul Ehsan. Tel :-- 603-3134 1081 Notice of Confidentiali
1 ACCEPTED SOLUTION

Accepted Solutions

you can use ACL in router to block MSN and Yahoo, also you can block another websites as  facebook.

Messenger:

access-list 102 deny tcp any any eq 1863 log

access-list 102 permit ip any any.

Facebook:

access-list 1 deny 69.63.184.0 0.0.0.255

access-list 1 permit any

yahoo:

access-list 10 deny 98.139.183.0 0.0.0.255

access-list 10 deny 98.138.253.0 0.0.0.255

access-list 10 permit any any

If this answer was satisfactory for you, please mark the question as Answered.

Thank you

Greetings, Johnnatan Rodriguez Miranda

View solution in original post

6 REPLIES 6
Tom Watts
Advocate

Hi Simon,

It likely is not possible to block the messenger services. The router blocks by port to static IP address. Meaning if you block port 443 or 80, you will block almost all internet functions.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Hi Thomas,

I just only block the port 5050 only.

But looks like it cannot work. hurmmpp

Best Regards,

Mr. Simon Yee

Document Control
Budi Feed Sdn. Bhd.(827186-P)
Lot 11940, Jalan Perajurit 1,
Off Jalan Perajurit,
Kampung Tengah,
Telok Gong, 
42000 Port Klang,
Selangor Darul Ehsan.
Tel :-- 603-3134 1081
Notice of Confidentiality:
The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material.  Any review, re-transmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited.  If you received this in error, please contact the sender immediately by return electronic transmission and then immediately delete this transmission, including all attachments, without copying, distributing or disclosing same.

Best Regards, Mr. Simon Yee Document Control Budi Feed Sdn. Bhd.(827186-P) Lot 11940, Jalan Perajurit 1, Off Jalan Perajurit, Kampung Tengah, Telok Gong, 42000 Port Klang, Selangor Darul Ehsan. Tel :-- 603-3134 1081 Notice of Confidentiali

Simon, here are the ports MSN messenger uses alone;

The following table lists the network ports that are required for various features of Windows Live Messenger 8.1 on a Windows Vista-based computer.

Collapse this tableExpand this table

FeaturePort that is used
Sign in to the Messenger service TCP 80, 443, 1863
Network DetectionTCP 7001
UDP 9, 7001
Audio TCP 80, 443, 1863
TCP/UDP 30000 - 65535
Audio (Legacy) *UDP 5004 – 65535
Webcam and Video ConversationsTCP 80
TCP/UDP 5000 - 65535
File TransferTCP 443, 1863
TCP/UDP 1025 - 65535
File Transfer (Legacy) *TCP 6891 - 6900
Sharing Folders TCP 1863
TCP/UDP 1025 – 65535
Whiteboard and Application SharingTCP 1503
Remote AssistanceTCP 3389
TCP/UDP 49152 – 65535
Windows Live CallTCP 443, 5061
UDP 5004 - 65525
GamesTCP 80, 443, 1863
TCP/UDP 1025 - 65535

The SRP can block by IP address or by service. If you know every IP address the MSN services use, you may try...

But if you block these ports, you will block a lot more than MSN messenger. The router cannot support this.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

You can use ACL in router to block MSN and Yahoo, also you can block another websites as  facebook. Messenger: access-list 102 deny tcp any any eq 1863 log access-list 102 permit ip any any. Where it is assumed that 1863 is the port used and the lock would block all msn. Facebook: access-list 1 deny 69.63.184.0 0.0.0.255 access-list 1 permit any yahoo: access-list 10 deny 98.139.183.0 0.0.0.255 access-list 10 deny 98.138.253.0 0.0.0.255 access-list 10 permit any any

If this answer was satisfactory for you, please mark the question as Answered.
Thank you

Hi Juan Diego Rodriguez Estrada

How do I key in this & how do I key in this?

Thanks

Best Regards,

Mr. Simon Yee

Document Control
Budi Feed Sdn. Bhd.(827186-P)
Lot 11940, Jalan Perajurit 1,
Off Jalan Perajurit,
Kampung Tengah,
Telok Gong, 
42000 Port Klang,
Selangor Darul Ehsan.
Tel :-- 603-3134 1081
Notice of Confidentiality:
The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material.  Any review, re-transmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited.  If you received this in error, please contact the sender immediately by return electronic transmission and then immediately delete this transmission, including all attachments, without copying, distributing or disclosing same.

Best Regards, Mr. Simon Yee Document Control Budi Feed Sdn. Bhd.(827186-P) Lot 11940, Jalan Perajurit 1, Off Jalan Perajurit, Kampung Tengah, Telok Gong, 42000 Port Klang, Selangor Darul Ehsan. Tel :-- 603-3134 1081 Notice of Confidentiali

you can use ACL in router to block MSN and Yahoo, also you can block another websites as  facebook.

Messenger:

access-list 102 deny tcp any any eq 1863 log

access-list 102 permit ip any any.

Facebook:

access-list 1 deny 69.63.184.0 0.0.0.255

access-list 1 permit any

yahoo:

access-list 10 deny 98.139.183.0 0.0.0.255

access-list 10 deny 98.138.253.0 0.0.0.255

access-list 10 permit any any

If this answer was satisfactory for you, please mark the question as Answered.

Thank you

Greetings, Johnnatan Rodriguez Miranda

View solution in original post