cegepdematane
asked on
How to block HotSpot Shield with an Cisco Asa 5520 ?
How to block HotSpot Shield with an Cisco Asa 5520 ?
ASKER
Yes in outbound we do not need vpn connection. To disable ipsec with an ASA i have to block ESP protocol ?
Even with the ESP blocking in outbound (port 50) it seem to be able to connect.
Thanks
Even with the ESP blocking in outbound (port 50) it seem to be able to connect.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Didn't work even with the Filter on the URL string.
I've did the trick with GPO with a restriction on the openvpntray.exe.
Thanks
I've did the trick with GPO with a restriction on the openvpntray.exe.
Thanks
You have 2 options here....
1) Block the outbound traffic when the source IP is one of the hotspot servers. This is a hard one since it seems hotspot changes ip's frequently to get around this exact tactic. Here are some I've found:
129.250.211.8
64.55.144.50
74.85.13.17
129.250.211.61
With an ASA you would just block outbound IP traffic to these ips using an ACL
For example:
access-list outbound extended deny ip any host 129.250.211.8
access-list outbound extended deny ip any host 64.55.144.50
access-list outbound extended permit ip any any
access-group outbound in interface inside
2) Disable the IPSEC passthtough. This would essentially kill all outbound VPN requests. Might not be feasible in your environment.