Solved

Block Google Talk on a Cisco ASA 5505

Posted on 2010-09-10
6
2,451 Views
Last Modified: 2012-05-10
I need to block users from being able to use Google Talk, but still have access to Gmail using the ASDM java web interface
0
Comment
Question by:ctechsol
6 Comments
 
LVL 2

Expert Comment

by:Tordan
ID: 33651836
the easiest way is to add records to your DNS server (if you have one) to both talk.google.com and talkx.l.google.com, returning 127.0.0.1.

otherwise you can firewall access to the google talk servers, but the actual addresses might change. I found this page that lists all the stuff you need to block access to:
http://googledoll.blogspot.com/2009/08/how-to-block-gtalk-using-microsoft-isa.html
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33652049
0
 
LVL 7

Accepted Solution

by:
lacrewga earned 50 total points
ID: 33652101
Google Talk uses Port 80, Port 443 and Port 5223 other than Port 5222 for its communication purposes. Google Talk connects to 216.239.37.125, 72.14.253.125 and 72.14.217.189 other than 209.85.137.125. It connects to Ports 5222, 5223, 443 and 80 in all the cases.

Blocking all these 4 addresses blocks Google Talk at both Browser and Talk Client. Note: This does not disable Google mail.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 57

Expert Comment

by:Pete Long
ID: 33656111
Here you go

object-group network Google-Talk-Servers
 network-object host 216.239.37.125
 network-object host 72.14.253.125
 network-object host 72.14.217.189
 network-object host 209.85.137.125
object-group service Google-Talk-Ports tcp
 port-object eq 5222
 port-object eq 5223
 port-object eq https
access-list outbound line 1 deny tcp any object-group Google-Talk-Servers object-group Google-Talk-Ports

where "outbound" id the name of your outbound access-list - if you do not have an outbound access list you will also need to add

access-group outbound in interface inside

Pete
www.petenetlive.com
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 33658136
In fact This aroused my interest that much I wrote it up http://www.petenetlive.com/KB/Article/0000323.htm

Pete
www.petenetlive.com
0
 
LVL 7

Expert Comment

by:lacrewga
ID: 33668746
ASDM GUI gives you the ability to block the aforementioned ip addresses. If you need specific help, post back.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question