Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

How to Block Torrent traffic on ASA 5510

Hello

I have CISCO ASA 5510 without AIP-SSM module. Now the task is to block TORRENT traffic for wifi and inside (network) users. How can i block torrent traffic?

Please help it really urgent

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Re: How to Block Torrent traffic on ASA 5510

You'll need L7 inspection which older ASA models don't support.

ASA CX module (supported on ASA-X models only): http://asacx-cisco.com/#

Or if your budget is very limited you can try with Cisco ISA 550/570.

2 REPLIES

Re: How to Block Torrent traffic on ASA 5510

You'll need L7 inspection which older ASA models don't support.

ASA CX module (supported on ASA-X models only): http://asacx-cisco.com/#

Or if your budget is very limited you can try with Cisco ISA 550/570.

Community Member

Re: How to Block Torrent traffic on ASA 5510

Hi,

You can add these access entries that define the bittorent port range. As shown below,

access-list Inside_IN deny tcp any any range 6881 6887

access-list Inside_IN deny udp any any range 6881 6887

access-group Inside-IN in interface inside

Note: The above configuration assumes that you already have an inside ACL created. If you don't, create one and make sure that other necessary services are added such as http, https, dns. Otherwise, users will not be able to access the internet entirely.

Another better method is to use a 3rd party URL/Web filtering software that is supported by ASA. This software has an already defined category for P2P applications such as BT, so you can block it by category rather than by ports. Examples of supported softwares, WebSense and Smart Filter.

Regards,

AM

1790
Views
0
Helpful
2
Replies
CreatePlease to create content