Hi,

I config the cisco 1811 with firewall feature. I can block the IM traffic. However, I find that the tcp port 80 is block also.

If I remove the SDM from the interface, tcp port 80 is enabled again. the problem is SDM but I do not know what setting I need to change. any idea?

FW router

!

p inspect name sdm_ins_in_162 appfw sdm_ins_in_162

ip inspect name sdm_ins_in_162 https

ip inspect name sdm_ins_in_162 dns

!

appfw policy-name sdm_ins_in_162

application im aol

service default action reset alarm

service text-chat action reset alarm

server deny name login.oscar.aol.com

server deny name toc.oscar.aol.com

server deny name oam-d09a.blue.aol.com

audit-trail on

application im msn

service default action reset alarm

service text-chat action reset alarm

server deny name messenger.hotmail.com

server deny name gateway.messenger.hotmail.com

server deny name webmessenger.msn.com

audit-trail on

application http

port-misuse p2p action reset alarm

port-misuse im action reset alarm

application im yahoo

service default action reset alarm

service text-chat action reset alarm

server deny name scs.msg.yahoo.com

server deny name scsa.msg.yahoo.com

server deny name scsb.msg.yahoo.com

server deny name scsc.msg.yahoo.com

server deny name scsd.msg.yahoo.com

server deny name messenger.yahoo.com

server deny name cs16.msg.dcn.yahoo.com

server deny name cs19.msg.dcn.yahoo.com

server deny name cs42.msg.dcn.yahoo.com

server deny name cs53.msg.dcn.yahoo.com

server deny name cs54.msg.dcn.yahoo.com

server deny name ads1.vip.scd.yahoo.com

server deny name radio1.launch.vip.dal.yahoo.com

server deny name in1.msg.vip.re2.yahoo.com

server deny name data1.my.vip.sc5.yahoo.com

server deny name address1.pim.vip.mud.yahoo.com

server deny name edit.messenger.yahoo.com

server deny name http.pager.yahoo.com

server deny name privacy.yahoo.com

server deny name csa.yahoo.com

server deny name csb.yahoo.com

server deny name csc.yahoo.com

audit-trail on

class-map match-any sdm_p2p_kazaa

match protocol fasttrack

match protocol kazaa2

class-map match-any sdm_p2p_edonkey

match protocol edonkey

class-map match-any sdm_p2p_gnutella

match protocol gnutella

class-map match-any sdm_p2p_bittorrent

match protocol bittorrent

!

!

policy-map sdmappfwp2p_sdm_ins_in_162

class sdm_p2p_edonkey

drop

class sdm_p2p_gnutella

drop

class sdm_p2p_kazaa

drop

class sdm_p2p_bittorrent

drop

interface FastEthernet0

ip inspect sdm_ins_in_162 out

!