blocking p2p traffic on Cisco 1800 router.

Hi Experts,

Is it possible to block p2p traffic on routers? i know we can do it using NBAR config but it did not help. i was still able to download stuff using vuze. Please help...
LVL 4
ullas_unniAsked:
Who is Participating?
 
rfc1180Connect With a Mentor Commented:
0
 
fs40490Commented:
the issue is that many p2p applications use standard ports that are allowed.  Because a router uses L3/4 controls to permit/prevent traffic the router has no way to determine what type of traffic is passing on those ports and protocols.  You need to have something that inspects at a higher level on the ISO model.  Application layer firewalls can definitely block this type of traffic, and also those devices that do deep packet inspection work.  

The basic issue is that the programs generally use standard ports and protocols, so you need something that can inspect what type of traffic is traversing the ports, which routers do not generally do.
0
 
rfc1180Commented:
looks like you have a PIX (Sorry missed that):

So this might help:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00801e419a.shtml

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml

As already stated; to be really useful, stateful/deep packet inspection is what you really need. There have been successful attempts in blocking P2P.

Billy
0
 
ullas_unniAuthor Commented:
well not a PIX..  its on routers... i was looking at the first doc.. seems like it should help.. let me try it and let you know...
0
 
ullas_unniAuthor Commented:
thanx.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.