Solved

Block Google Talk on a Cisco ASA 5505

Posted on 2010-09-10
6
2,427 Views
Last Modified: 2012-05-10
I need to block users from being able to use Google Talk, but still have access to Gmail using the ASDM java web interface
0
Comment
Question by:ctechsol
6 Comments
 
LVL 2

Expert Comment

by:Tordan
Comment Utility
the easiest way is to add records to your DNS server (if you have one) to both talk.google.com and talkx.l.google.com, returning 127.0.0.1.

otherwise you can firewall access to the google talk servers, but the actual addresses might change. I found this page that lists all the stuff you need to block access to:
http://googledoll.blogspot.com/2009/08/how-to-block-gtalk-using-microsoft-isa.html
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
Comment Utility
0
 
LVL 7

Accepted Solution

by:
lacrewga earned 50 total points
Comment Utility
Google Talk uses Port 80, Port 443 and Port 5223 other than Port 5222 for its communication purposes. Google Talk connects to 216.239.37.125, 72.14.253.125 and 72.14.217.189 other than 209.85.137.125. It connects to Ports 5222, 5223, 443 and 80 in all the cases.

Blocking all these 4 addresses blocks Google Talk at both Browser and Talk Client. Note: This does not disable Google mail.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
Here you go

object-group network Google-Talk-Servers
 network-object host 216.239.37.125
 network-object host 72.14.253.125
 network-object host 72.14.217.189
 network-object host 209.85.137.125
object-group service Google-Talk-Ports tcp
 port-object eq 5222
 port-object eq 5223
 port-object eq https
access-list outbound line 1 deny tcp any object-group Google-Talk-Servers object-group Google-Talk-Ports

where "outbound" id the name of your outbound access-list - if you do not have an outbound access list you will also need to add

access-group outbound in interface inside

Pete
www.petenetlive.com
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
In fact This aroused my interest that much I wrote it up http://www.petenetlive.com/KB/Article/0000323.htm

Pete
www.petenetlive.com
0
 
LVL 7

Expert Comment

by:lacrewga
Comment Utility
ASDM GUI gives you the ability to block the aforementioned ip addresses. If you need specific help, post back.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now