p2p on a asa/ips

Unanswered Question
Nov 6th, 2008

I have the asa-ssm-20 in my asa. i have it running with policy maps for inline. I can do deny packet and deny connection etc for icmp/reply it works fine for my testing. but i can't get it to stop the connections. I know the manual says "Connection blocks are not supported on security appliances. Security appliances only support host blocks with additional connection information." Then why is it give you the option with inline. Also the deny attacker inline doesn't work with it either.

Thanks

Mike

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
adiwakar Sun, 11/09/2008 - 13:06

Mike,

"Deny connection inline" should work with P2P traffic, in this case the "attacker" is the client on your network, a user, so be careful not to use "deny attacker inline" as it will also start blocking legit traffic. My recommendation is to test from a test PC and use the various inline blocking on simple "non atomic" stateful traffic to see if the blocking works. If it does, the P2P traffic could just be tunneling through http. Certain P2P/IM traffic uses various ports for various things such as "sign in", "chat", "video", etc, and have sub-sigs under the parent sig, be sure to select all the sigs for a particular parent sig.

Actions

This Discussion