<div>
Use a class map to drop all IM traffic<br />
&nbsp;<br />
class-map type inspect im match-all IM<br />
&nbsp; match protocol yahoo-im msn-im <br />
policy-map type inspect im MSN<br />
&nbsp; class IM<br />
&nbsp; &nbsp; drop-connection log<br />
policy-map global-policy<br />
&nbsp; class global-class<br />
&nbsp; &nbsp; inspect im MSN<br />
<br />

</div>


Use a class map to drop all IM traffic
 
class-map type inspect im match-all IM
  match protocol yahoo-im msn-im
policy-map type inspect im MSN
  class IM
    drop-connection log
policy-map global-policy
  class global-class
    inspect im MSN



<div>
Here's another exmple that blocks more than MSN and Yahoo IM<br />
<br />
policy-map type inspect im IM_INSPECT<br />
&nbsp; &nbsp; &nbsp; &nbsp; match service chat file-transfer conference voice-chat games webcam <br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; drop-connection log<br />
&nbsp; &nbsp; &nbsp; &nbsp; match protocol yahoo-im msn-im <br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; drop-connection log<br />
&nbsp; &nbsp; &nbsp; policy-map outside-policy<br />
&nbsp; &nbsp; &nbsp; &nbsp; description Block IM<br />
&nbsp; &nbsp; &nbsp; &nbsp; class class-default<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; inspect im IM_INSPECT<br />
&nbsp; &nbsp; &nbsp; service-policy outside-policy interface outside<br />

</div>


Here's another exmple that blocks more than MSN and Yahoo IM

policy-map type inspect im IM_INSPECT
        match service chat file-transfer conference voice-chat games webcam
          drop-connection log
        match protocol yahoo-im msn-im
          drop-connection log
      policy-map outside-policy
        description Block IM
        class class-default
          inspect im IM_INSPECT
      service-policy outside-policy interface outside


<div>
<div class="content wysiwyg-content">
Hey team,<br />
<br />
I have a Cisco ASA 5510.<br />
Does anyone have any examples of creating rules or an ACL to known instant messaging protocols to block?<br />
I know restricting local Admin access would prevent users from installing programs to do this but some controls is better than non at all.<br />
<br />

</div>
</div>


Hey team,

I have a Cisco ASA 5510.
Does anyone have any examples of creating rules or an ACL to known instant messaging protocols to block?
I know restricting local Admin access would prevent users from installing programs to do this but some controls is better than non at all.



Blocking Instant Messaging or ACL rules

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Instant messaging (IM) is a type of online chat that offers real-time text transmission over the Internet. A LAN messenger operates in a similar way over a local area network. More advanced instant messaging can add file transfer, clickable hyperlinks, Voice over IP, or video chat. Non-IM types of chat include multicast transmission, usually referred to as "chat rooms". Depending on the IM protocol, the technical architecture can be peer-to-peer (direct point-to-point transmission) or client-server (a central server retransmits messages from the sender to the communication device).