Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Blocking Bit-Torrent and other P2P softwares

Hello Dear All

I need to block All P2P Activity (ASA 5525) from VPN Users (outside), I tried some access lists, but they didn't take any action.

could you please assist me the access lists/policy-maps that you have done before and its working.

 

As you see output of service-policy there are matching but there is no any packet dropped.

 

Output :

ASA# sh service-policy global inspect http

Global policy:
  Service-policy: global_policy
    Class-map: inspection_default
      Inspect: http Drop-P2P, packet 942279, lock fail 0, drop 0, reset-drop 0, v6-fail-close 0
        protocol violations
          log, packet 123
        match request header user-agent regex _default_gator
          drop-connection log, packet 0
        match response header regex _default_x-kazaa-network count gt 0
          drop-connection log, packet 0
        class bit-torrent-tracker
          drop-connection log, packet 0

 

ASA# sh service-policy global inspect http

Global policy:
  Service-policy: global_policy
    Class-map: inspection_default
      Inspect: http Drop-P2P, packet 980730, lock fail 0, drop 0, reset-drop 0, v6-fail-close 0
        protocol violations
          log, packet 131
        match request header user-agent regex _default_gator
          drop-connection log, packet 0
        match response header regex _default_x-kazaa-network count gt 0
          drop-connection log, packet 0
        class bit-torrent-tracker
          drop-connection log, packet 0

 

 

 

 

Thank You

1 REPLY

Hi Ali,Your VPN users

Hi Ali,

Your VPN users connects through internet and get internet access from the ASA connected internet link??? There you want to block the bit torrent and P2P?? Please describe your setup....

 

Also provide your configurations that is related to P2P & Bit Torrent blocking

 

Remember one thing.

 

The ASA can block P2P type applications only if P2P traffic is being tunneled through HTTP. Also, ASA can drop P2P traffic if it is tunneled through HTTP. If that is already been proxied then its not poosible for asa to block such traffic.

http://www.giac.org/paper/gsec/3123/peer-to-peer-p2p-file-sharing-applications-threat-corporate-environment/103882

 

 

Regards

Karthik

273
Views
0
Helpful
1
Replies
CreatePlease to create content