04-25-2014 01:10 AM - edited 02-21-2020 05:10 AM
Hello Dear All
I need to block All P2P Activity (ASA 5525) from VPN Users (outside), I tried some access lists, but they didn't take any action.
could you please assist me the access lists/policy-maps that you have done before and its working.
As you see output of service-policy there are matching but there is no any packet dropped.
Output :
ASA# sh service-policy global inspect http
Global policy:
Service-policy: global_policy
Class-map: inspection_default
Inspect: http Drop-P2P, packet 942279, lock fail 0, drop 0, reset-drop 0, v6-fail-close 0
protocol violations
log, packet 123
match request header user-agent regex _default_gator
drop-connection log, packet 0
match response header regex _default_x-kazaa-network count gt 0
drop-connection log, packet 0
class bit-torrent-tracker
drop-connection log, packet 0
ASA# sh service-policy global inspect http
Global policy:
Service-policy: global_policy
Class-map: inspection_default
Inspect: http Drop-P2P, packet 980730, lock fail 0, drop 0, reset-drop 0, v6-fail-close 0
protocol violations
log, packet 131
match request header user-agent regex _default_gator
drop-connection log, packet 0
match response header regex _default_x-kazaa-network count gt 0
drop-connection log, packet 0
class bit-torrent-tracker
drop-connection log, packet 0
Thank You
06-29-2014 11:06 PM
Hi Ali,
Your VPN users connects through internet and get internet access from the ASA connected internet link??? There you want to block the bit torrent and P2P?? Please describe your setup....
Also provide your configurations that is related to P2P & Bit Torrent blocking
Remember one thing.
The ASA can block P2P type applications only if P2P traffic is being tunneled through HTTP. Also, ASA can drop P2P traffic if it is tunneled through HTTP. If that is already been proxied then its not poosible for asa to block such traffic.
http://www.giac.org/paper/gsec/3123/peer-to-peer-p2p-file-sharing-applications-threat-corporate-environment/103882
Regards
Karthik
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide