Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Blocking P2P, MP3 Downloads

I have a PIX 515 and was wondering if the Cisco PIX allows blocking of downloads from P2P sites like Kazaa, Morpheus as well as blocking MP3 downloads.

If this is possible how can this be done? Are there specific rules, ports or access lists I have to configure to block the access and prevent downloading?

1 REPLY
New Member

Re: Blocking P2P, MP3 Downloads

Back in the day, this was easier because these apps used specific source/destination ports. They got smart and coded the apps to search for unused ports. So it's difficult to block at the PIX. If you know the IP addresses of the Kazaa and/or Morpheus servers you can configure an outbound acl entry to deny all traffic to them.

access-list no_p2p deny ip any

access-list no_p2p deny ip any

access-list no_p2p permit ip any any

access-group no_p2p in interface inside

If you have access to the ISP prem router you can also configure NBAR. The router will look beyond tcp/udp port info and read into the payload and classify packets based on the content.

check out this link for info on how to config NBAR:

http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087cd0.html

Rich

100
Views
0
Helpful
1
Replies