04-20-2012 10:51 PM - edited 03-11-2019 03:56 PM
Hi All
I got ASA 5510 with base license, can I block all Peer-2-Peer traffic from inside to outside.
ASA Giga 0/0 connected to ISP Router 2811
ASA Giga 0/1 connected to LAN switch 3560
Thanks upfront
cheers
Steve
04-21-2012 01:01 AM
Steve,
In majority of cases you will not be able to block it completly, unless you go for full restriction of outgoing ports/protocols except the ones needed by your users and then you also need to check for integrity of those (HTTP inspection, proxy server for HTTP/HTTS request)
P2P are known to tunnel inside other protocols (HTTP and HTTPS are usually preferred) and mechanisms (toredo, 6to4, etc). Most use some level of encryption and even some IPSes are not able to cope with that - are are able to dectec only parts of traffic. Dynamic ports, upnp, megnet links, and a lot more.
And this is only for bittorrent. :-)
Marcin
04-21-2012 02:40 AM
Thanks
Any template from Cisco to block the minimum threats
04-22-2012 01:49 AM
Have a look here:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml
But don't have too high hopes in this being the solution to all problems.
Seconds thing to consider is threat-detection to a degree it can stop some of the activity by very chatty hosts (which p2p usually are).
If you have an IPS/IDS somehwere you can detect un-encrypted part of P2P and drop it - signaures exist.
IOS has nbar - it can detect quite a lot of common p2p and (via class map/policy-map) drop traffic - again don't have high hopes for this as solution to fix all the problem.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: