Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to block instant messaging applications (socks protocol) on my pix 515

I would like to block all instant messaging applications trafic on my pix 515. Some of them use socks protocol. Can someone help me to block these applications or this socks protocol on my pix 515 ?

Regards

1 ACCEPTED SOLUTION

Accepted Solutions

Re: How to block instant messaging applications (socks protocol)

This was just answered by a thread below.

object-group service MSN_Messenger_tcp tcp

description MSN Messenger tries to use these ports

port-object eq www

port-object eq 1863

port-object eq 7001

object-group network MSN_Messenger_hosts

description hosts that MSN Messenger lives on

network-object 65.54.195.0 255.255.255.0

network-object 65.54.225.0 255.255.255.0

network-object 65.54.226.0 255.255.254.0

network-object 65.54.228.0 255.255.254.0

network-object host 65.54.240.61

network-object host 65.54.240.62

network-object 207.46.104.0 255.255.252.0

network-object 207.46.108.0 255.255.255.0

network-object 207.68.171.0 255.255.255.0

access-list acl-inside deny tcp any object-group MSN_Messenger_hosts object-group MSN_Messenger_tcp

Apply this to an acl on your inside interface.

Patrick

8 REPLIES

Re: How to block instant messaging applications (socks protocol)

This was just answered by a thread below.

object-group service MSN_Messenger_tcp tcp

description MSN Messenger tries to use these ports

port-object eq www

port-object eq 1863

port-object eq 7001

object-group network MSN_Messenger_hosts

description hosts that MSN Messenger lives on

network-object 65.54.195.0 255.255.255.0

network-object 65.54.225.0 255.255.255.0

network-object 65.54.226.0 255.255.254.0

network-object 65.54.228.0 255.255.254.0

network-object host 65.54.240.61

network-object host 65.54.240.62

network-object 207.46.104.0 255.255.252.0

network-object 207.46.108.0 255.255.255.0

network-object 207.68.171.0 255.255.255.0

access-list acl-inside deny tcp any object-group MSN_Messenger_hosts object-group MSN_Messenger_tcp

Apply this to an acl on your inside interface.

Patrick

New Member

Re: How to block instant messaging applications (socks protocol)

Thank you very much for your help.

Regards

Re: How to block instant messaging applications (socks protocol)

Ferdinand,

Was wondering if you would rate this solution or check it if this solved your problem.

Patrick

New Member

Re: How to block instant messaging applications (socks protocol)

Hi Patrick

I correctly do what you tell me, but after applying the ACL on my inside interface, Internet access become impossible ; users cannot accede to Internet.

Can you tell why ?

I need your help please.

Regards

Ferdinand

New Member

Re: How to block instant messaging applications (socks protocol)

If you apply an explicit deny to the interface you also need to put an explicit permit. Did you apply this on the inside interface going out? If so, you need an

access-list (ACLNAME) permit ip any any

New Member

Re: How to block instant messaging applications (socks protocol)

Thanks

I have not put an explicit permit. I will do it tomorrow and will inform you.

However when I apply the ACL on the inside interface going out, I have error. But when I apply it on the inside interface going in, I have no error.

Can you tell me why ?

Thank you for your help

Regards

Ferdinand

Re: How to block instant messaging applications (socks protocol)

Ferdinand,

access-list acl-inside deny tcp any object-group MSN_Messenger_hosts object-group MSN_Messenger_tcp

access-list acl-inside permit ip any any

Sorry I was just giving you the exact line that you would need to block msn messenger. You may have to add more to your Messenger Hosts object group depending on the servers you connect to. The easiest way to do this is by running netstat on your pc to see what servers messenger is connecting to.

Patrick

New Member

Re: How to block instant messaging applications (socks protocol)

Hi Patrick

Thank you very much. It is good now.

I have three small questions please

1- I don't know how tu use "netstat" command to see what servers messenger is connecting to.

2- How I can see the statistics about my "acl-inside"

3- After changing my TFTP server IP address on my Pix, I'm not able to save Pix configuration on my tftp server. I have the following error message "Building configuration

TFTP write /FAS/Pixconf at 10.75.3.13 on interface 1 Timed out attempting to connect"

[FAILED]

Regards

Ferdinand

339
Views
5
Helpful
8
Replies
CreatePlease login to create content