Blocking P2P

Unanswered Question
Mar 31st, 2008

I have ACLs blocking most P2Ps on our edge rtrs. But they still coming in...can anyone post their P2P ACLs...I just want to compare with what I have.

How about NBAR? How reliable is it running in a large network?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
johnd2310 Mon, 03/31/2008 - 22:03


I would recommend you use NBAR if possible because ports used by p2p applications are very dynamic.



i-kendall Tue, 04/01/2008 - 03:33

Do as John says, NBAR is the solution to this. However, I recommend that you don't actually block it, just give it a VERY low bandwidth. That way the users do not waste time trying to get round the problem, but it is very frustrating and they actually stop using it. Done this successfully at a couple of schools, and the stats show almost no P2P activity after a short while.

opers13 Tue, 04/01/2008 - 03:38

throttle down the bandwidth with rate limting CAR? I was thinking about that over the weekend.

i-kendall Tue, 04/01/2008 - 05:34

It has been a while since I actually configured this, so can't remember the exact method. But CAR sounds about right. Make it so small that even a small file will take a couple of days, and they will give up. Good-Luck.



whiteford Tue, 04/01/2008 - 07:52

Can the ASA's utilise the NBAR feature? I have used this on my routers, but just wondered. Tue, 04/01/2008 - 23:05

yes gr8 idea i-kendall please tell me how can configure low bandwidth for those


This Discussion