How to block yahoo messanger on LAN using ASA 5510 ?

vinayak · ‎09-17-2010

Hello Everyone,

I want to block my LAN Users from accessing IM websites such as yahoo messanger,Gtalk etc. & facebook also.

Can anyone tell me how can i do that ?

Thanks

praprama · ‎09-17-2010

Hi,

This link should help you:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml

Basically we will need to do all of this using MPF, Regex and http (deep packet) inspection. Let me know if this helps!!

Regards,

Prapanch

abinjola · ‎09-17-2010

Keep in mind the following:

a) if your messengers are getting tunneled or encapsulated over port 443 then there is no way to block it, inspect IM only deals with native msn/yahoo msngr packets but if its encap'd over http than inspect http will be used

b)Inspect IM supports MSN Messenger 7.0 (Build 7.0.0816), Yahoo Messenger 7.0.0.437.

This was tested by one of our colleague Kureli, and it worked for MSN

Try this for MSN:

regex msn-messenger "^VER [1-9] MSNP[1-9]+.*\x0d\x0a.*MSNMSGR.*\x0d\x0a"

class-map type inspect http match-all http-msn

match request method post

match request body regex msn-messenger

policy-map type inspect http http-msn

class http-msn reset log

policy-map global_policy

class inspection_default

inspect http http-msn

Note that there is a space between VER and [1-9], and [1-9] and MSNP