Dear all,
I'm trying to block the IM (MSN) traffic on my Cisco ASA device 5220 (os 7.2(3))
I've use th following configuration but i'm still able to connect to the MSN:
access-list 101 extended permit ip any any
class-map type inspect im match-all im-traffic
match protocol msn-im yahoo-im
class-map im_inspection
match access-list 101
policy-map type inspect im im-policy
parameters
class im-traffic
drop-connection log
policy-map private-policy
class im_inspection
inspect im im-policy
service-policy private-policy interface private
----
Since my private interface (the one on which i want to block) already have a policy-map applied to it with the name of "private-policy":
"service-policy private-policy interface private"
And the is this policy-map has the following configuration:
"policy-map private-policy
class private-class
inspect http
csc fail-open"
I just add a new class to this policy-map and i get the result:
"policy-map private-policy
class private-class
inspect http
csc fail-open"
class im_inspection
inspect im im-policy"
and therefore is automaticly matched to the private interface.
----------------
I also have a policy-map with name of "global-policy" witht the following configuration:
policy-map global-policy
class global-class
inspect dns
inspect ftp
inspect http
inspect icmp
inspect icmp error
inspect im block-im-nonchat
inspect pptp
inspect sip
-----------------------
I didnt change nothing on this policy-map and i don't know for what's for.
At this moment my IM traffic is still not blocked.
Can anybody please help me?
Thanks
Start Free Trial
