Solved

Block Google Talk on a Cisco ASA 5505

Posted on 2010-09-10
6
2,439 Views
Last Modified: 2012-05-10
I need to block users from being able to use Google Talk, but still have access to Gmail using the ASDM java web interface
0
Comment
Question by:ctechsol
6 Comments
 
LVL 2

Expert Comment

by:Tordan
ID: 33651836
the easiest way is to add records to your DNS server (if you have one) to both talk.google.com and talkx.l.google.com, returning 127.0.0.1.

otherwise you can firewall access to the google talk servers, but the actual addresses might change. I found this page that lists all the stuff you need to block access to:
http://googledoll.blogspot.com/2009/08/how-to-block-gtalk-using-microsoft-isa.html
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33652049
0
 
LVL 7

Accepted Solution

by:
lacrewga earned 50 total points
ID: 33652101
Google Talk uses Port 80, Port 443 and Port 5223 other than Port 5222 for its communication purposes. Google Talk connects to 216.239.37.125, 72.14.253.125 and 72.14.217.189 other than 209.85.137.125. It connects to Ports 5222, 5223, 443 and 80 in all the cases.

Blocking all these 4 addresses blocks Google Talk at both Browser and Talk Client. Note: This does not disable Google mail.
0
New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

 
LVL 57

Expert Comment

by:Pete Long
ID: 33656111
Here you go

object-group network Google-Talk-Servers
 network-object host 216.239.37.125
 network-object host 72.14.253.125
 network-object host 72.14.217.189
 network-object host 209.85.137.125
object-group service Google-Talk-Ports tcp
 port-object eq 5222
 port-object eq 5223
 port-object eq https
access-list outbound line 1 deny tcp any object-group Google-Talk-Servers object-group Google-Talk-Ports

where "outbound" id the name of your outbound access-list - if you do not have an outbound access list you will also need to add

access-group outbound in interface inside

Pete
www.petenetlive.com
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 33658136
In fact This aroused my interest that much I wrote it up http://www.petenetlive.com/KB/Article/0000323.htm

Pete
www.petenetlive.com
0
 
LVL 7

Expert Comment

by:lacrewga
ID: 33668746
ASDM GUI gives you the ability to block the aforementioned ip addresses. If you need specific help, post back.
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now