ASA SSM Module inspecting and blocking Internet Radio

Unanswered Question


I am implementing ASA's with SSM modules and I wanted confirmation that they can inspect http and block embedded traffic such as Internet Radio from being tunnelled through HTTP.

The Cisco documentation hints at this, but I would like confirmation.

We will be implementing WebSense, but I was hoping the SSM modules would be a good temporary solution.

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Andrew Ossipov Thu, 02/22/2007 - 20:48


Are you using AIP-SSM (Intrusion Prevention) or CSC-SSM (Content Security)?


Andrew Ossipov Sat, 02/24/2007 - 22:55

The AIP-SSM module is not designed for content filtering. You should probably try CSC-SSM for that, but you can also use Modular Policy Framework (MPF) on the ASA itself to accomplish the task:

It's even simpler through ASDM, where you have some pre-defined maps that allow you to block streaming audio/video over HTTP.



This Discussion