Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Trying blocking messenger using ZPF on the ASA.

Hello folks,

I am trying to block messenger using Zone-based Policy for certain users from the local network. This is still lab environment recreation for a customer. It does not seem to work and I am not sure this is the right way of doing this in the ASA or even if it does really work at all.

Here is the sample of the configuration:

access-list 1 permit

access-list 2 permit

class-map type inspect msnmsgr match-any cm_msn

match service text-chat

match service any

class-map type inspect match-all msn_http

match protocol http

match access-group 2

class-map type inspect match-all msn_protocol

match protocol msnmsgr

match access-group 1

class-map type inspect http match-any msn_misuse

match request port-misuse im

match request port-misuse any

class-map type inspect match-any cm_internet_protocols

match protocol http

match protocol https

match protocol dns

match protocol icmp

match protocol imap

match protocol smtp extended

match protocol pop3

match protocol tcp

match protocol udp


policy-map type inspect http msn_http_map

class type inspect http msn_misuse


class class-default

policy-map type inspect im pm_msn

class type inspect msnmsgr cm_msn


class class-default

policy-map type inspect pm_smblab_outside

class type inspect cm_internet_protocols


class type inspect msn_protocol


service-policy im pm_msn

class type inspect msn_http


service-policy http msn_http_map

class class-default


zone security smblab

zone security outside

description TAC Lab

interface FastEthernet0

zone-member security outside

interface BVI1

zone-member security smblab

zone-pair security smb_out source smblab destination outside

service-policy type inspect pm_smblab_outside

Any insight on this is highly appreciated.

Best regards,

Jose Pontes

New Member

Re: Trying blocking messenger using ZPF on the ASA.

I am very sorry, just a little mistake. This is IOS firewall not ASA.