04-25-2014 01:10 AM - edited 02-21-2020 05:10 AM
Hello Dear All
I need to block All P2P Activity (ASA 5525) from VPN Users (outside), I tried some access lists, but they didn't take any action.
could you please assist me the access lists/policy-maps that you have done before and its working.
As you see output of service-policy there are matching but there is no any packet dropped.
Output :
ASA# sh service-policy global inspect http
Global policy:
Service-policy: global_policy
Class-map: inspection_default
Inspect: http Drop-P2P, packet 942279, lock fail 0, drop 0, reset-drop 0, v6-fail-close 0
protocol violations
log, packet 123
match request header user-agent regex _default_gator
drop-connection log, packet 0
match response header regex _default_x-kazaa-network count gt 0
drop-connection log, packet 0
class bit-torrent-tracker
drop-connection log, packet 0
ASA# sh service-policy global inspect http
Global policy:
Service-policy: global_policy
Class-map: inspection_default
Inspect: http Drop-P2P, packet 980730, lock fail 0, drop 0, reset-drop 0, v6-fail-close 0
protocol violations
log, packet 131
match request header user-agent regex _default_gator
drop-connection log, packet 0
match response header regex _default_x-kazaa-network count gt 0
drop-connection log, packet 0
class bit-torrent-tracker
drop-connection log, packet 0
Thank You