Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

Blocking Kazaa causing vpn problems

Ok here is how I am blocking Peer to peer network programs.. I have this is many of our remote offices and it has not proved to be a problem for clients . Now in one of our offices a client has problems with his VPN being slow and dropping connections. WHen I take the programming off it works fine. With it on it has problems can anyone tell me why and how I can resolve it and still block or limit the perr to peer file sharing...

thanks

Aaron

I am using a cisco 2621 with one of the latest IOS images on it.

**************

class-map match-any p2p

match protocol fasttrack

match protocol gnutella

match protocol napster

match protocol http url "\.hash=*"

match protocol http url "/.hash=*"

match protocol kazaa2

policy-map p2p

class p2p

police cir 28500 bc 14400 be 14400

conform-action transmit

exceed-action drop

interface FastEthernet0/1

service-policy input p2p

service-policy output p2p

*********

2 REPLIES
Silver

Re: Blocking Kazaa causing vpn problems

I read something about a problem with Kazaa and IOS release 12.2 (13). What is the IOS release that you are using on your Router.You could also take a look at the release notes. Here's what it says.

NBAR is incorrectly matching packets as Kazaa2 in 12.2(13)T1. The problem was seen on a 7200-series router and 1700-series router and appears to be a platform-independent problem. Kazaa2 can use any available port, including DNS (53) and HTTP (80), and NBAR looks into the packet to see if it's a Kazaa2 packet.

This problem results in non-Kazaa2 traffic being matched and having actions taken on the traffic that are detrimental to network performance, such as the rate-limiting of DNS, web traffic, and e-mail (and only Kazaa2 traffic was configured to be rate-limited / policed). It can also cause other features to fail, such as vpn tunnels not coming up, because the packets needed to establish the connections are incorrectly marked as Kazaa2 traffic and possibly dropped or rate-limited.

The solution is to load the Kazaa2 pdlm currently available on CCO and use the "ip nbar pdlm" command to load the pdlm from flash.

Hope this helps.

New Member

Re: Blocking Kazaa causing vpn problems

I am using 12.2 13 T3.....

102
Views
4
Helpful
2
Replies
CreatePlease to create content