02-23-2007 01:54 PM - edited 03-11-2019 02:37 AM
According to Bryan from Cisco System TAC:
Step 1: Launch ASDM
Step 2: Click on the Configuration button at the top of the page
Step 3: Click on the Security Policy button on the left.
Step 4: Click on the Service Policy Rules Tab
Step 5: If you don't have a Service Policy already, create one by clicking on the green plus sign next to the word Add.
If you do already have a Service Policy, select the class (it should now be highlighted in blue),
then click the green plus sign next to the work Add.
Step 6: Choose the Second Radio button - Global - applies to all interfaces, then click next.
I name the "Policy Name" as block_AIM_via_telnet
Step 7: Leave Create a new traffic class selected and put a check mark next to Default Inspection Traffic under Traffic match criteria and click next
Step 8: Select http and click next
Step 9: Select HTTP and click the configure button directly to the right of HTTP
Step 10: Select the 'Select a HTTP inspect map for fine control over inspection' radio button, then click on the Add button that is now activated
Step 11: On this screen, Give this new class a name. Then click the URI Filtering... button on the bottom right of the page
Step 12: click on Add
Step 13: In the drop down menu for regular Expression, select _default_aim-messenger. In here I select "check protocol violations" as drop connections
Step 14: Click ok
Step 15: Click ok
Step 16: Click ok
Step 17: Click ok
Step 18: Click finish
Step 19: Click Apply
This will set up your ASA to look for and block AIM. I know this might seem like a lot of steps, but like every GUI, once you get used to it, it really takes no time at all.
Bryan
------------------------
According to Replied by: cisconoobie - Feb 23, 2007, 6:31am PST
The steps Bryan showed are correct but there is a bug with version 7.2 and http inspections.
You have to make sure "protocol violations" is set to log only and inspection set to
drop connection. If you dont set to "log only", it will drop things like activex and some
other things passing through http.
-------------------------
I followed the instructions as spelled out by both Bryan and Cisconoobie and I still can use AOL
IM App to connection to AOL Server on either port 23 (telnet) or port 25 (smtp).
The instructions, to me, seem to do with blocking AOL IM App from using http port, correct.
Because clearly, it is not working in my case because I am using port 23 to connect to AOL Server
which the pix clearly doesn't know how to inspect AOL traffics masquerading as telnet traffics.
Comments anyone? Thanks.
David
02-25-2007 06:20 PM
Not sure if this will work, try this
(this assumes global_policy exists)
class-map telnet
match port tcp eq telnet
policy-map type inspect im im-block
parameters
match protocol msn-im yahoo-im
drop-connection
policy-map global_policy
class telnet
inspect im im-block
In theory that should block msn and yahoo, though I don't have any way to verify testing of that.
--Jason
Please rate this message if it would helps solve some/all of your issue/problem.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide