Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

How to block yahoo messanger on LAN using ASA 5510 ?

Hello Everyone,

I want to block my LAN Users from accessing IM websites such as yahoo messanger,Gtalk etc. & facebook also.

Can anyone tell me how can i do that ?

Thanks

2 REPLIES
Cisco Employee

Re: How to block yahoo messanger on LAN using ASA 5510 ?

Hi,

This link should help you:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml

Basically we will need to do all of this using MPF, Regex and http (deep packet) inspection. Let me know if this helps!!

Regards,

Prapanch

Cisco Employee

Re: How to block yahoo messanger on LAN using ASA 5510 ?

Keep in mind the following:

a) if your messengers are getting tunneled or encapsulated over port 443 then there is no way to block it, inspect IM only deals with native msn/yahoo msngr packets but if its encap'd over http than inspect http will be used

b)Inspect IM supports MSN Messenger 7.0 (Build 7.0.0816), Yahoo Messenger 7.0.0.437.

This was tested by one of our colleague Kureli, and it worked for MSN

Try this for MSN:

regex msn-messenger "^VER [1-9] MSNP[1-9]+.*\x0d\x0a.*MSNMSGR.*\x0d\x0a"

class-map type inspect http match-all http-msn

match request method post

match request body regex msn-messenger

policy-map type inspect http http-msn

class http-msn      reset log

policy-map global_policy

class inspection_default

inspect http http-msn

Note that there is a space between VER and [1-9], and [1-9] and MSNP

985
Views
0
Helpful
2
Replies
CreatePlease to create content