?
Solved

ASA5510 - Block AIM on one vlan/network

Posted on 2010-09-15
4
Medium Priority
?
874 Views
Last Modified: 2012-05-10
Hello,

I have an ASA5510 with ssm-10. I need to block AIM on one of my vlans/networks.

I found this example:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml#config2

How do I modify this to only block AIM traffic on one vlan or network.

Two networks: 10.1.103.0 /24 and 10.1.104.0 /24.

Thanks!
0
Comment
Question by:DAgent
  • 2
4 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 33686525
Honestly, I didn't think people still used AIM....   but I digress.

IIRC AIM uses TCP/UCP 5190 to 5193   so we just need to create an access list to block those ports and you should be good....  

access-list inside-out deny tcp 10.1.103.0 255.255.255.0 any eq 5190
access-list inside-out deny tcp 10.1.103.0 255.255.255.0 any eq 5191
access-list inside-out deny tcp 10.1.103.0 255.255.255.0 any eq 5192
access-list inside-out deny tcp 10.1.103.0 255.255.255.0 any eq 5193
access-list inside-out deny ucp 10.1.103.0 255.255.255.0 any eq 5190
access-list inside-out deny ucp 10.1.103.0 255.255.255.0 any eq 5191
access-list inside-out deny ucp 10.1.103.0 255.255.255.0 any eq 5192
access-list inside-out deny ucp 10.1.103.0 255.255.255.0 any eq 5193
access-list inside-out permit ip any any
access-group inside-out in interface inside

That will block the 10.1.103.0 network from communicating outbound on the AIM ports.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 33686529
Oops>
IIRC AIM uses TCP/UCP 5190 to 5193
should be
IIRC AIM uses TCP/UDP 5190 to 5193
0
 

Expert Comment

by:snfink
ID: 33773915
I would take it a step further and block the login servers outright, or if that vlan doesn't need access to AOL a better solution would be to block the entire ip range of 205.188.0.0 - 205.188.255.255 which belongs to AOL. Blocking the ports can work well if they have no access If they have access, they can get in and change the port number that AIM connects on. AIM itself will port hop until it finds one it can connect on. I've seen it running on both ports 21 and 23 for instance. Also, blocking the login servers or the ip range will also block them from using the web version of Aim.

login servers are
login.oscar.aol.com (64.12.202.116)
login.oscar.aol.com:443 (64.12.202.116)
toc.oscar.aol.com (64.12.202.14)
aimexpress.aim.com (207.200.74.38)

So you can do something like

object-group network AOL
 description Block AOL and AIM
 network-object host 64.12.202.116
 network-object host 207.200.74.38
 network-object host 205.188.0.0

this creates a group name that is associated with the ip's listed, and then you can just block the group name to keep your rules nice and tidy on the 5510.

Depending on the network/vlan name you can just add it via the CLI or the ASDM.

CLI command would look something like this

access-list (VLAN NAME)-IN extended deny tcp 10.1.103.0 255.255.255.0 object-group AOL log critical
0
 
LVL 1

Accepted Solution

by:
DAgent earned 0 total points
ID: 33916091
I used this so I can block by URL:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

This way I can web sites and chat programs in one location.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

599 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question