Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Use ASA to block P2P

Hey guys,

I am trying to use ASA to block P2P download. I did find this link and I tested it but it's not blocking my Bitcomet download...

The page said that "The ASA can block P2P type applications only if P2P traffic is being tunneled through HTTP". However when I am using my wireshark to monitor the traffic I only see UDP and TCP, not HTTP... I guess that's why it's not working.

Then I checked more on the internet and seems I need to buy a AIP-SSM or CSC-SSM module to block the P2P. Is this true? If it's true, which one should I use? Or do you have another way to block P2P with just the ASA itself? Thanks a lot!


Re: Use ASA to block P2P

This is correct, the regex classes in this example work by blocking HTTP requests. You could block someone from going to for example but it wouldn't work if they already have a torrent running.

I don't know about the AIP module but the CSC module can only filter on HTTP, FTP, SMTP and POP traffic so you wouldn't be able to filter bit torrent layer 7 traffic.

Community Member

Re: Use ASA to block P2P

Thank you Plumbis!

CreatePlease to create content