Does anyone implemented MSN blocking?

Unanswered Question
Nov 21st, 2007

I want to buy a AIP-ssm IPS for ASA 5510. Can I block msn ? Can I say this IP can use MSN but these are not ? is that possible ? I know that there is no user based configuration on IPS but is there a way to do that with IP ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
didyap Tue, 11/27/2007 - 14:41

You can block MSN using source IP. If for example you'd like the signature action to only apply to IP address

1. Default Action for signature 11201 is e.g. TCP Reset

2. Event Action Filter defines:

Source Address:,

cisco24x7 Sun, 12/30/2007 - 07:20

Are you sure about it? Have you ever done

it before? Let say I want to block

AOL instant messenging. How do I go about

doing on the ASA? Can you give a specific

example? Thanks.

Jens Becker Sun, 12/30/2007 - 10:05

You can't block AOL. MPF only supports blocking Yahoo and MSN.

The example of Cisco:

class-map imblock

match any // or acl

policy-map type inspect im impolicy


match protocol msn-im yahoo-im

drop-connection // or log , reset

policy-map imdrop

class imblock

inspect im impolicy

service-policy imdrop interface outside

i never tried, if the asa also discovers other protocols like AOL - don't think so, unfortunately.


This Discussion