ASA 7.0 uses a combination of Modular Policy Framework and Advanced Application Firewall to inspect IM and P2P traffic within the HTTP stream.
Below is an example on how you can apply MPF to inspect IM and P2P
!Define HTTP port...This can be any port in addition to 80 (8080,etc)
class-map http-port
match port tcp eq 80
.
!Create an HTTP map called inbound_http
!Drop IM and P2P traffic
http-map inbound_http
content-length min 100 max 2000 action reset log
content-type-verification match-req-rsp reset log
max-header-length request bytes 100 action reset log
max-uri-length 100 action reset log
port-misuse p2p action drop
port-misuse im action drop
port-misuse default action allow
.
!Apply inbound_http inspection above to the policy-map called inbound_policy
policy-map inbound_policy
class http-port
inspect http inbound_http
.
!Finally apply the policy-map above to the the interface using the
service-policy.
service-policy inbound_policy interface outside
Documentation for this can be found via the link below:
http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/cref_txt/mr.htm#wp1544054
http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/cref_txt/index.htm
You should be able to view the service-policy under ASDM
Configuration -->Service Policy ---> Service Policy Rules
Please try to apply the HTTP inspection rule to the Global Policy global_policy by doing the following:
Go to
Configuration --->Security Policy ---->Service Policy Rules
Highlight the Global Policy global_policy ---->Edit-->Rule Actions
---> Check the "HTTP" checkbox ---> "Configure" --->Select "inbound_http"
All of the above steps would enable Advanced HTTP inspection with P2P and IM blocking on all the interfaces of the ASA.