Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
910
Views
0
Helpful
2
Replies

Use ASA to block P2P

Difan Zhao
Level 5
Level 5

‎11-13-2009 04:08 PM - edited ‎03-11-2019 09:39 AM

Hey guys,

I am trying to use ASA to block P2P download. I did find this link and I tested it but it's not blocking my Bitcomet download...

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml#built

The page said that "The ASA can block P2P type applications only if P2P traffic is being tunneled through HTTP". However when I am using my wireshark to monitor the traffic I only see UDP and TCP, not HTTP... I guess that's why it's not working.

Then I checked more on the internet and seems I need to buy a AIP-SSM or CSC-SSM module to block the P2P. Is this true? If it's true, which one should I use? Or do you have another way to block P2P with just the ASA itself? Thanks a lot!

Labels:
0 Helpful
2 Replies 2

plumbis
Level 7
Level 7

‎11-15-2009 08:32 AM

This is correct, the regex classes in this example work by blocking HTTP requests. You could block someone from going to www.thepiratebay.com for example but it wouldn't work if they already have a torrent running.

I don't know about the AIP module but the CSC module can only filter on HTTP, FTP, SMTP and POP traffic so you wouldn't be able to filter bit torrent layer 7 traffic.

0 Helpful

Difan Zhao
Level 5
Level 5
In response to plumbis

‎11-16-2009 03:02 PM

Thank you Plumbis!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card