Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

P2P blocking on ASA 5525 with Software Version 8.6(1)2



We have Cisco ASA 5525 with Software Version 8.6(1)2. We have permitted all the traffic from inside to outside.

Now we want to block P2P sharing Bit torrent to internet sites. Please help me with the configuration.

We have DMZ setup & also inline IPS module.


Thanks in advance.


Sandeshc Chavan.


Hi Chavan ,  You can try to

Hi Chavan , 


You can try to block this by port. 


The well known TCP port for BitTorrent traffic is 6881-6889 (and 6969 for the tracker port). 

The config is

Access-list BLOCK-P2P-TRAFFIC deny tcp any any range  6881 6889 log 

And applies to the desire interface with the "Access-group command"

For example:

Access-group  BLOCK-P2P-TRAFFIC outbound interface DMZ


However Blocking Bittorrent is challenging, and can't really be done effectively with port blocks. The standard ports are 6881-6889 TCP, but the protocol can be run on any port, and the peer-to-peer nature of the protocol means that discovering peers that use unblocked ports is simple.

Also you can execute  from the cmd on windows  the command  netstat -a and check the port Bit torrent is using .


Hope this helps.


Community Member

I also got below

I also got below configuration from below link for Software Version 8.0 (2). Do you think it will work with Software Version 8.6(1)2?


class-map P2P
 match port tcp eq www

policy-map type inspect http P2P_HTTP
 match request uri regex _default_gator
  drop-connection log
 match request uri regex _default_x-kazaa-network
  drop-connection log

policy-map P2P
  class P2P
  inspect http P2P_HTTP

service-policy P2P interface inside


CreatePlease to create content