Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

http policies for users to restrict them for chatting


For internet connectivity we have PIX-515E and router 1750 on our network we don’t have any proxy server running on the network and I don’t want to implement proxy server.

PIX IP has been defined as internet gateway in the TCIIP settings of workstations.

I want to implement http policies for users to restrict them for chatting “MSN, Yahoo messenger, mirc etc” and I also want to check that which machine (IP) is using internet and what was the duration and time of their usage.

Please advice that how can we achieve that do I need to introduce any new software etc, I don’t want to use proxy server.



Cisco Employee

Re: http policies for users to restrict them for chatting

To restrict them from chatting you'll need to define an outbound access-list. Here's a good page that lists the ports a lot of apps use (, so search thru this for the apps you want to filter, then apply a ACL denying your inside users from going to those particular ports. Don't forget to put a "permit any any" at the end of it also. Keep in mind that some of these chat programs, like Yahoo, will try a bunch of different ports to connect, so filtering them may be difficult. Google is always a good reference to search for a particular port that a particular app uses also.

If you want to see how long people are on, you need to set up authentication and accounting. Your staff will be prompted for a username/password before they can go out to the Internet, and the accounting function will keep track of how long they've been active.

To do this you'll need some sort of external Radius/TACACS server to storethe usernames/passwords and to store the accounting records.

See for a good sample config.

CreatePlease to create content