Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Allow IM only for some hosts

I am trying to allow IM only for some hosts and the rest of the network host to be blocked, I did as it says the following link without success:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml

There is no match on ACL and everyone can sign in to MSN and Yahoo, can anyone had this behaviour before that can give me some ideas on how to enable it??

ASA 5510 version 8.0(3)

Regards,

Juan Carlos Arias

2 REPLIES
Silver

Re: Allow IM only for some hosts

Provide your running-config of ASA and brief discussion about your topology.

Community Member

Re: Allow IM only for some hosts

This is the IM blocking configuration, I use AnyIM regex to be able to use MSN, but only between the users defined on IM-SRCLogin and IM-DSTLogin. I can not define all the destination users who can chat my users.

Regards,

Here is the configuration, I found that this is not possible for the moment, it is only possible restricting by IP Address, what do you think?

regex Test "[Tt][Ee][Ss][Tt]@[Hh][Oo][Tt][Mm][Aa][Ii][Ll].[Cc][Oo][Mm]"

regex AnyIM ".*"

access-list ACL-IMPolicy extended permit ip any any

!

class-map type regex match-any IM-SRCLogin

match regex Test

class-map type regex match-any IM-DSTLogin

match regex AnyIM

class-map type inspect im match-all IM-BlockExcept

match not login-name regex class IM-SRCLogin

match not peer-login-name regex class IM-DSTLogin

class-map IM-Traffic

match access-list ACL-IMPolicy

!

policy-map type inspect im IM-Policy

parameters

class IM-BlockExcept

drop-connection log

match protocol msn-im yahoo-im

policy-map IM-PolicyAll

class IM-Traffic

inspect im IM-Policy

!

service-policy IM-PolicyAll interface Inside

!

policy-map Global-Policy

class Global-Class

inspect im IM-Policy

108
Views
0
Helpful
2
Replies
CreatePlease to create content