Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

I wish to block P2p & IM but, I also deny Yahoo & Google web sites

PIX 515E 7.0 (4)


All commands excepted without problems however, yahoo/google are blocked - i can get onto Any ideas?

Here is the config followed by a hasty reload when the company couldn't surf.

class-map inspection_default

match default-inspection-traffic



policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

inspect pptp


service-policy global_policy global

: end




uk-pix# conf t

uk-pix(config)# http-map inbound_http

uk-pix(config-http-map)# content-length min 100 max 2000 action reset log

uk-pix(config-http-map)# content-type-verification match-req-rsp action reset$

uk-pix(config-http-map)# max-header-length request 100 action reset log

uk-pix(config-http-map)# max-uri-length 100 action reset log

uk-pix(config-http-map)# port-misuse p2p action drop

uk-pix(config-http-map)# port-misuse im action drop

uk-pix(config-http-map)# port-misuse default action allow

uk-pix(config-http-map)# exit

uk-pix(config)# class-map http-port

uk-pix(config-cmap)# match port tcp eq www

uk-pix(config-cmap)# exit

uk-pix(config)# policy-map inbound_policy

uk-pix(config-pmap)# class http-port

uk-pix(config-pmap-c)# inspect http inbound_http

uk-pix(config-pmap-c)# exit

uk-pix(config-pmap)# exit

uk-pix(config)# service-policy inbound_policy interface outside


uk-pix# rel

System config has been modified. Save? [Y]es/[N]o:

Proceed with reload? [confirm]



Re: I wish to block P2p & IM but, I also deny Yahoo & Google web

The document present in the following link describes how to configure the Cisco Security Appliances PIX/ASA using Modular Policy Framework (MPF) in order to block the Peer-to-Peer (P2P) and Instant Messaging (IM), such as MSN Messenger and Yahoo Messenger, traffic from the inside network to the Internet. Also, this document provides information on how to configure the PIX/ASA in order to allow the two hosts to use IM applications while the rest of the hosts remain blocked.

Community Member

Re: I wish to block P2p & IM but, I also deny Yahoo & Google web

Thx BUT - that's the link I inserted above!! This procedure ASLO denies my users access to and I JUST want to deny IM and P2P.

CreatePlease to create content