Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

P2P blocking on ASA 5525 with Software Version 8.6(1)2

Hello,

 

We have Cisco ASA 5525 with Software Version 8.6(1)2. We have permitted all the traffic from inside to outside.

Now we want to block P2P sharing Bit torrent to internet sites. Please help me with the configuration.

We have DMZ setup & also inline IPS module.

 

Thanks in advance.

Regards,

Sandeshc Chavan.

2 REPLIES
Silver

Hi Chavan ,  You can try to

Hi Chavan , 

 

You can try to block this by port. 

 

The well known TCP port for BitTorrent traffic is 6881-6889 (and 6969 for the tracker port). 

The config is

Access-list BLOCK-P2P-TRAFFIC deny tcp any any range  6881 6889 log 

And applies to the desire interface with the "Access-group command"

For example:

Access-group  BLOCK-P2P-TRAFFIC outbound interface DMZ

 

However Blocking Bittorrent is challenging, and can't really be done effectively with port blocks. The standard ports are 6881-6889 TCP, but the protocol can be run on any port, and the peer-to-peer nature of the protocol means that discovering peers that use unblocked ports is simple.

Also you can execute  from the cmd on windows  the command  netstat -a and check the port Bit torrent is using .

 

Hope this helps.

 

Community Member

I also got below

I also got below configuration from below link for Software Version 8.0 (2). Do you think it will work with Software Version 8.6(1)2?

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98684-pixasa-imblock-config.html

 

class-map P2P
 match port tcp eq www


policy-map type inspect http P2P_HTTP
 parameters
 match request uri regex _default_gator
  drop-connection log
 match request uri regex _default_x-kazaa-network
  drop-connection log


policy-map P2P
  class P2P
  inspect http P2P_HTTP


service-policy P2P interface inside

 

448
Views
0
Helpful
2
Replies
CreatePlease to create content