Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

ASA: Block / Allow IM by Username



The purpose of this document is to provide you an example of how to block all IM usernames except 1, using the modular policy framework on ASA.


Problem Description

We are faced with a challenge of blocking all the IM communication from the network except for a few users, based on their username.



The following example considers that you have a fair understanding of configuring modular policy framework on the ASA. Please enter the following configurations to block all the usernames on the IM except "".


This section creates a regex entries for the allowed user.

regex user1 ""


This section creates a class map to match the regex created earlier.

class-map type regex match-any allowed-senders

match regex user1


This section creates an inspection policy map for IM.

policy-map type inspect im filter-senders


match not login-name regex class allowed-senders

reset log


This section applies the previous inspection policy to the global policy for all traffic.

policy-map global_policy

class inspection_default

  inspect im filter-senders


This section applies the global policy to the service policy.

service-policy global_policy global



To learn more about modular policy framework on ASA please refer to

Version history
Revision #:
2 of 2
Last update:
‎08-24-2017 06:03 AM
Updated by:
Labels (1)
Everyone's tags (4)