Can any one please tell me if it is possible to completely block the use of Skype on an internal network using an 877 ADSL router. I am running advanced ip services 124-15.T8.
I have read, followed and implemented the cisco document "Cisco IOS Flexible Packet Matching(FPM) Getting started with Cisco IOS FLexible Packet Matching", which gives an example of blocking Skype at the end. However, even though I can see certain Skype traffic being blocked (01116: Feb 6 2009 15:42:17.308 GMT: %SEC-6-IPACCESSLOGP: list skype denied tcp
192.168.1.11(1185) (Vlan1 ) -> 220.127.116.11(12350), 7 packets), skype clients are still able to log in successfully.
Any help would be gratefuly accepted as this is driving me up the wall and around the bend.
On the zone-based firewall, you apply policies to zone-pairs.
First i guess you have two zones:
zone security internet
zone security vlan1
Then apply zones to interfaces:
int fastEthernet 4
zone member security internet
zone member security vlan1
and finally define zone-pairs and apply them a policies:
zone-pair security vlan1-internet source vlan1 destination internet
service-policy type inspect vlan1-int-policy
zone-pair security internet-vlan1 source internet destination vlan1
service-policy type inspect int-vlan1-policy