11-21-2007 06:04 AM - edited 03-10-2019 03:52 AM
I want to buy a AIP-ssm IPS for ASA 5510. Can I block msn ? Can I say this IP can use MSN but these are not ? is that possible ? I know that there is no user based configuration on IPS but is there a way to do that with IP ?
11-27-2007 02:41 PM
You can block MSN using source IP. If for example you'd like the signature action to only apply to IP address 10.1.1.2
1. Default Action for signature 11201 is e.g. TCP Reset
2. Event Action Filter defines:
Source Address: 0.0.0.0-10.1.1.1, 10.1.1.3-255.255.255.255
12-30-2007 02:52 AM
For blocking instant messaging like msn you don't need an AIP-SSM.
You can block such traffic with the modular policy framework of asa os.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml
12-30-2007 07:20 AM
Are you sure about it? Have you ever done
it before? Let say I want to block
AOL instant messenging. How do I go about
doing on the ASA? Can you give a specific
example? Thanks.
12-30-2007 10:05 AM
You can't block AOL. MPF only supports blocking Yahoo and MSN.
The example of Cisco:
class-map imblock
match any // or acl
policy-map type inspect im impolicy
parameters
match protocol msn-im yahoo-im
drop-connection // or log , reset
policy-map imdrop
class imblock
inspect im impolicy
service-policy imdrop interface outside
i never tried, if the asa also discovers other protocols like AOL - don't think so, unfortunately.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide