Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2623
  • Last Modified:

Block Google Talk on a Cisco ASA 5505

I need to block users from being able to use Google Talk, but still have access to Gmail using the ASDM java web interface
0
ctechsol
Asked:
ctechsol
1 Solution
 
TordanCommented:
the easiest way is to add records to your DNS server (if you have one) to both talk.google.com and talkx.l.google.com, returning 127.0.0.1.

otherwise you can firewall access to the google talk servers, but the actual addresses might change. I found this page that lists all the stuff you need to block access to:
http://googledoll.blogspot.com/2009/08/how-to-block-gtalk-using-microsoft-isa.html
0
 
Istvan KalmarHead of IT Security Division Commented:
0
 
lacrewgaCommented:
Google Talk uses Port 80, Port 443 and Port 5223 other than Port 5222 for its communication purposes. Google Talk connects to 216.239.37.125, 72.14.253.125 and 72.14.217.189 other than 209.85.137.125. It connects to Ports 5222, 5223, 443 and 80 in all the cases.

Blocking all these 4 addresses blocks Google Talk at both Browser and Talk Client. Note: This does not disable Google mail.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Pete LongTechnical ConsultantCommented:
Here you go

object-group network Google-Talk-Servers
 network-object host 216.239.37.125
 network-object host 72.14.253.125
 network-object host 72.14.217.189
 network-object host 209.85.137.125
object-group service Google-Talk-Ports tcp
 port-object eq 5222
 port-object eq 5223
 port-object eq https
access-list outbound line 1 deny tcp any object-group Google-Talk-Servers object-group Google-Talk-Ports

where "outbound" id the name of your outbound access-list - if you do not have an outbound access list you will also need to add

access-group outbound in interface inside

Pete
www.petenetlive.com
0
 
Pete LongTechnical ConsultantCommented:
In fact This aroused my interest that much I wrote it up http://www.petenetlive.com/KB/Article/0000323.htm

Pete
www.petenetlive.com
0
 
lacrewgaCommented:
ASDM GUI gives you the ability to block the aforementioned ip addresses. If you need specific help, post back.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now