p2p and tunneling

Unanswered Question
Mar 18th, 2007
User Badges:

hi all ,


I am having ASA with AIP card , users are using lots of p2p applications and tunneling softwares and becoz of that my internet bandwidth gets chocked , and i have to restart the ASA. I want to block p2p application and tunneling. is it possible ...

kindly help me..


Regards


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pguibord Sun, 03/18/2007 - 18:50
User Badges:

Seth,


I saw you have been asking this question for quite some time (with no replys) and what you want to do is something I have been wanting to do so I open a ticket with TAC and below is the response from the TAC tech. It at least will get us both started. From TAC:


"Hello Paul,


My name is Andrew and I will be the TAC engineer, working with you on this case. The following IPS signatures are designed to block P2P traffic:


http://tools.cisco.com/MySDN/Intelligence/viewThreat.x?threatId=3794


You can configure these signatures to drop the unwanted traffic when it traverses the IPS module. An alternative solution would be to configure an HTTP Inspection map on the ASA. For instance, the following map will block HTTP tunnelled traffic over port TCP/80 recording each attempt to pass such traffic in the logs:


class HTTP_TRAFFIC

match port tcp eq 80


policy-map type inspect http BLOCK_P2P

class _default_gator

drop-connection log

class _default_kazaa

drop-connection log

class _default_http-tunnel

drop-connection log

class _default_gnu-http-tunnel

drop-connection log

class _default_httport-tunnel

drop-connection log

class _default_firethru-tunnel

drop-connection log


policy-map global_policy

class HTTP_TRAFFIC

inspect http BLOCK_P2P


service-policy global_policy global


Please let me know if you have any more questions. Should you need assistance outside of my normal hours, please call TAC Hotline at 1-800-553-2447. Thanks!"




amit.seth Mon, 03/19/2007 - 00:37
User Badges:

Thank you very much for such a specific and clear response.


Regards


Actions

This Discussion