cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
723
Views
1
Helpful
2
Replies

I wish to block P2p & IM but, I also deny Yahoo & Google web sites

geraghtyconor
Level 1
Level 1

PIX 515E 7.0 (4)

Following http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml

All commands excepted without problems however, yahoo/google are blocked - i can get onto cisco.com. Any ideas?

Here is the config followed by a hasty reload when the company couldn't surf.

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

inspect pptp

!

service-policy global_policy global

: end

uk-pix#

uk-pix#

uk-pix#

uk-pix# conf t

uk-pix(config)# http-map inbound_http

uk-pix(config-http-map)# content-length min 100 max 2000 action reset log

uk-pix(config-http-map)# content-type-verification match-req-rsp action reset$

uk-pix(config-http-map)# max-header-length request 100 action reset log

uk-pix(config-http-map)# max-uri-length 100 action reset log

uk-pix(config-http-map)# port-misuse p2p action drop

uk-pix(config-http-map)# port-misuse im action drop

uk-pix(config-http-map)# port-misuse default action allow

uk-pix(config-http-map)# exit

uk-pix(config)# class-map http-port

uk-pix(config-cmap)# match port tcp eq www

uk-pix(config-cmap)# exit

uk-pix(config)# policy-map inbound_policy

uk-pix(config-pmap)# class http-port

uk-pix(config-pmap-c)# inspect http inbound_http

uk-pix(config-pmap-c)# exit

uk-pix(config-pmap)# exit

uk-pix(config)# service-policy inbound_policy interface outside

uk-pix(config)#

uk-pix# rel

System config has been modified. Save? [Y]es/[N]o:

Proceed with reload? [confirm]

uk-pix#

2 Replies 2

smahbub
Level 6
Level 6

The document present in the following link describes how to configure the Cisco Security Appliances PIX/ASA using Modular Policy Framework (MPF) in order to block the Peer-to-Peer (P2P) and Instant Messaging (IM), such as MSN Messenger and Yahoo Messenger, traffic from the inside network to the Internet. Also, this document provides information on how to configure the PIX/ASA in order to allow the two hosts to use IM applications while the rest of the hosts remain blocked.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml

Thx BUT - that's the link I inserted above!! This procedure ASLO denies my users access to yahoo.co.uk and google.com. I JUST want to deny IM and P2P.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: