I blocked that ports but it did not work.

Correct, I was wrong I tested it as well and did not work.. I guess this must be blocked through app layer protocol inspection rules, let me take a look and possibly lab this out.

Rgds

Jorge

Sure, here it is:

class-map global-class

match default-inspection-traffic

class-map type inspect im match-all IM_MSN

match protocol msn-im yahoo-im

match service file-transfer

class-map mss_ajust

match access-list mss

class-map inside-class

match access-list inside_mpc

class-map IPS_map

match access-list IPS

class-map global-class1

match access-list global_mpc

!

!

policy-map type inspect im IM_Map

parameters

match not service chat

drop-connection log

policy-map IPS_policy

class IPS_map

ips inline fail-open

policy-map mss-http

class mss_ajust

set connection advanced-options mss-map

inspect http

policy-map global-policy

class global-class

inspect im IM_Map

inspect ftp

inspect icmp

class global-class1

ips inline fail-open

inspect im IM_Map

policy-map inside-policy

description Block msn

class inside-class

inspect im IM_Map

!

service-policy global-policy global

service-policy mss-http interface outside

service-policy inside-policy interface inside

I have tried to drop the traffic that maches:

not chat

file transfer

none has worked.

thanks

Thanks. Try replacing IM_Map as follows:

policy-map type inspect im IM_Map

class IM_MSN

drop-connection log

Did you manage to block the file transfering with that solution?