p2p and tunneling

Unanswered Question
Mar 18th, 2007

hi all ,

I am having ASA with AIP card , users are using lots of p2p applications and tunneling softwares and becoz of that my internet bandwidth gets chocked , and i have to restart the ASA. I want to block p2p application and tunneling. is it possible ...

kindly help me..

Regards

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pguibord Sun, 03/18/2007 - 18:50

Seth,

I saw you have been asking this question for quite some time (with no replys) and what you want to do is something I have been wanting to do so I open a ticket with TAC and below is the response from the TAC tech. It at least will get us both started. From TAC:

"Hello Paul,

My name is Andrew and I will be the TAC engineer, working with you on this case. The following IPS signatures are designed to block P2P traffic:

http://tools.cisco.com/MySDN/Intelligence/viewThreat.x?threatId=3794

You can configure these signatures to drop the unwanted traffic when it traverses the IPS module. An alternative solution would be to configure an HTTP Inspection map on the ASA. For instance, the following map will block HTTP tunnelled traffic over port TCP/80 recording each attempt to pass such traffic in the logs:

class HTTP_TRAFFIC

match port tcp eq 80

policy-map type inspect http BLOCK_P2P

class _default_gator

drop-connection log

class _default_kazaa

drop-connection log

class _default_http-tunnel

drop-connection log

class _default_gnu-http-tunnel

drop-connection log

class _default_httport-tunnel

drop-connection log

class _default_firethru-tunnel

drop-connection log

policy-map global_policy

class HTTP_TRAFFIC

inspect http BLOCK_P2P

service-policy global_policy global

Please let me know if you have any more questions. Should you need assistance outside of my normal hours, please call TAC Hotline at 1-800-553-2447. Thanks!"

amit.seth Mon, 03/19/2007 - 00:37

Thank you very much for such a specific and clear response.

Regards

Actions

This Discussion