Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Modular Policy Framework

Hi.. All

Pls expain how can I block P2P Applications such as emule,Kazza etc with Modular Policy Framework?

Also to block certain file types to be uploaded to internal FTP server?

7 REPLIES
Cisco Employee

Re: Modular Policy Framework

You must be knowing ASA/Pix(version7) has default classes for this type of traffic

Security-525(config-pmap-c)# sh run all class-map type inspect http

!

class-map type inspect http match-all _default_gator

match request header user-agent regex _default_gator

class-map type inspect http match-all default_kazaa

match none

class-map type inspect http match-all _default_msn-messenger

match response header content-type regex _default_msn-messenger

class-map type inspect http match-all _default_yahoo-messenger

match request body regex _default_yahoo-messenger

class-map type inspect http match-all _default_windows-media-player-tunnel

match request header user-agent regex _default_windows-media-player-tunnel

class-map type inspect http match-all _default_gnu-http-tunnel

match request args regex _default_gnu-http-tunnel_arg

match request uri regex _default_gnu-http-tunnel_uri

class-map type inspect http match-all _default_firethru-tunnel

match request header host regex _default_firethru-tunnel_1

match request uri regex _default_firethru-tunnel_2

class-map type inspect http match-all _default_aim-messenger

match request header host regex _default_aim-messenger

class-map type inspect http match-all _default_http-tunnel

match request uri regex _default_http-tunnel

class-map type inspect http match-all _default_kazaa

match response header regex _default_x-kazaa-network count gt 0

class-map type inspect http match-all _default_shoutcast-tunneling-protocol

match request header regex _default_icy-metadata regex _default_shoutcast-tunneling-protocol

class-map type inspect http match-all _default_GoToMyPC-tunnel

match request args regex _default_GoToMyPC-tunnel

match request uri regex _default_GoToMyPC-tunnel_2

class-map type inspect http match-all _default_httport-tunnel

match request header host regex _default_httport-tunnel

!

So you use the following commands to block for example Kaza

policy-map type inspect http filterp2p

Security-525(config-pmap-c)# policy-map global_policy

Security-525(config-pmap)# policy-map type inspect http filterp2p

Security-525(config-pmap)# class default_kazaa

Security-525(config-pmap-c)# drop-connection log

see if this helps !

Silver

Re: Modular Policy Framework

I've been struggling with the following for

the past year without any solutions:

1- I want to block users from using

AOL Instant messenging. AOL can masquerade any

ports. I don't want to do a nslookup and

block the AOL destination. With Checkpoint,

this was not an issue via SmartDefense. How

can I do this with pix or asa devices?

2- How do I block nachi worm with Pix/ASA,

like this below:

access-list 199 permit icmp any any echo

access-list 199 permit icmp any any echo-reply

route-map nachi-worm permit 10

match ip address 199

match length 92 92

set interface Null0

interface F0/0

no ip unreachables

ip route-cache policy

ip policy route-map nachi-worm

I can do this with Checkpoint in 20 seconds.

With Pix, I don't know how.

Cisco Employee

Re: Modular Policy Framework

GUIs are always a 20 seconds game..

Silver

Re: Modular Policy Framework

so what are the solutions for pix/asa?

Cisco Employee

Re: Modular Policy Framework

Hello Anish, please try my sample config that I posted for you and let me know if there is anything else I can help you with.

New Member

Re: Modular Policy Framework

Hi.. ASHISH

Thanks Lot. I havent noticed the above default class maps. I will try it.

I also set my FTP policy to allow only certain file types. Can I use CSC module to inspect inbounf FTP files? If my ASA has AIP module populated and no room for CSC how can i use an antivirus program to inspect inbound FTP traffic?

Cisco Employee

Re: Modular Policy Framework

hey Anish,,well if you have AIP/SSM module or CSC module then you actually a full fledged IPS mechanism and you can certainly monitor/block/reset inbound/outbound FTP files or ftp commands as well

You just need to configure AIP-SSM and turn on all the default signatures

572
Views
0
Helpful
7
Replies