I am trying to block messenger using Zone-based Policy for certain users from the local network. This is still lab environment recreation for a customer. It does not seem to work and I am not sure this is the right way of doing this in the ASA or even if it does really work at all.
Here is the sample of the configuration:
access-list 1 permit 192.168.1.11
access-list 2 permit 192.168.1.11
class-map type inspect msnmsgr match-any cm_msn
match service text-chat
match service any
class-map type inspect match-all msn_http
match protocol http
match access-group 2
class-map type inspect match-all msn_protocol
match protocol msnmsgr
match access-group 1
class-map type inspect http match-any msn_misuse
match request port-misuse im
match request port-misuse any
class-map type inspect match-any cm_internet_protocols
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...