Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Allow IM only for some hosts

I am trying to allow IM only for some hosts and the rest of the network host to be blocked, I did as it says the following link without success:

There is no match on ACL and everyone can sign in to MSN and Yahoo, can anyone had this behaviour before that can give me some ideas on how to enable it??

ASA 5510 version 8.0(3)


Juan Carlos Arias


Re: Allow IM only for some hosts

Provide your running-config of ASA and brief discussion about your topology.

Community Member

Re: Allow IM only for some hosts

This is the IM blocking configuration, I use AnyIM regex to be able to use MSN, but only between the users defined on IM-SRCLogin and IM-DSTLogin. I can not define all the destination users who can chat my users.


Here is the configuration, I found that this is not possible for the moment, it is only possible restricting by IP Address, what do you think?

regex Test "[Tt][Ee][Ss][Tt]@[Hh][Oo][Tt][Mm][Aa][Ii][Ll].[Cc][Oo][Mm]"

regex AnyIM ".*"

access-list ACL-IMPolicy extended permit ip any any


class-map type regex match-any IM-SRCLogin

match regex Test

class-map type regex match-any IM-DSTLogin

match regex AnyIM

class-map type inspect im match-all IM-BlockExcept

match not login-name regex class IM-SRCLogin

match not peer-login-name regex class IM-DSTLogin

class-map IM-Traffic

match access-list ACL-IMPolicy


policy-map type inspect im IM-Policy


class IM-BlockExcept

drop-connection log

match protocol msn-im yahoo-im

policy-map IM-PolicyAll

class IM-Traffic

inspect im IM-Policy


service-policy IM-PolicyAll interface Inside


policy-map Global-Policy

class Global-Class

inspect im IM-Policy

CreatePlease to create content