We are detecting this all the time from multiple ports:
"Potential worm propagation: The process 'C:\Program Files\Skype\Phone\Skype.exe' (as user ) has read downloaded content (file C:\Program Files\Skype\Phone\Skype.exe) and attempted to access an email or network related resource (making a Network IRC connection, 6//6737).This is considered suspect. The user chose 'Terminate (as default)'."
Skype Tech support said that Skype UDP traffic is mistakenly considered by CSA as an IRC connection.
This is a known "bug" in Cisco Security Agent.
I have searched for that bug but could not find any thing related.
4.0.3 does have it's limitations. I would question their tech support a bit further. We get messages from web pages initiating IRC connections and it's usually because there is some sort of messaging window open on the page.
You could create a rule that monitors Skype and logs what connections it makes and what and where it accesses if you want more info.
You might also try a test install of 5.x and see if it sheds more light on the situation.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...