Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Does anyone implemented MSN blocking?

I want to buy a AIP-ssm IPS for ASA 5510. Can I block msn ? Can I say this IP can use MSN but these are not ? is that possible ? I know that there is no user based configuration on IPS but is there a way to do that with IP ?

4 REPLIES
Silver

Re: Does anyone implemented MSN blocking?

You can block MSN using source IP. If for example you'd like the signature action to only apply to IP address 10.1.1.2

1. Default Action for signature 11201 is e.g. TCP Reset

2. Event Action Filter defines:

Source Address: 0.0.0.0-10.1.1.1, 10.1.1.3-255.255.255.255

Community Member

Re: Does anyone implemented MSN blocking?

For blocking instant messaging like msn you don't need an AIP-SSM.

You can block such traffic with the modular policy framework of asa os.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml

Silver

Re: Does anyone implemented MSN blocking?

Are you sure about it? Have you ever done

it before? Let say I want to block

AOL instant messenging. How do I go about

doing on the ASA? Can you give a specific

example? Thanks.

Community Member

Re: Does anyone implemented MSN blocking?

You can't block AOL. MPF only supports blocking Yahoo and MSN.

The example of Cisco:

class-map imblock

match any // or acl

policy-map type inspect im impolicy

parameters

match protocol msn-im yahoo-im

drop-connection // or log , reset

policy-map imdrop

class imblock

inspect im impolicy

service-policy imdrop interface outside

i never tried, if the asa also discovers other protocols like AOL - don't think so, unfortunately.

184
Views
0
Helpful
4
Replies
CreatePlease to create content