ASA5505 (ASA8.4): Block MSN and Yahoo IM

I bumped into a youtube demo instructing people how to block instant messenger, I did not watch the entire demo but searched for resource, I found the cisco documentation which documented the process.

Capture IM traffic


class-map type inspect im match-all im-traffic-class
 match protocol msn-im yahoo-im

Create ACL of the interesting traffic
This is necessary to apply the inspection policy.

access-list inside-hosts extended permit ip 10.0.0.0 255.255.255.0 any

Create a class to capture the interesting traffic

class-map im-inside-hosts-class
 match access-list inside-hosts

Create IM inspection policy

policy-map type inspect im im-inspection-policy
 parameters
 class im-traffic-class
  drop-connection log

Apply inspection policy onto interesting traffic

policy-map im-policy
 class im-inside-hosts-class
  inspect im im-inspection-policy

Apply service policy onto interface to take effect

service-policy im-policy interface inside
Advertisements
This entry was posted in ASA/PIX, Security and tagged , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s