RE: P2P block using ASA

I agree with you shahid, but though modular policy you have to work on each
P2P and make policy for each. Some P2P are very dynamic in nature. They change
port if the port is block.

In addition, IPS is for deep packet inspection. Normally the throughput on IPS
is limited and we send limited traffic to IPS. If you want all outgoing
traffic through IPS and inspect them then it's your choice.

Finally the right way to do this work is through CSC module.

--
Best Regards,
Muhammad Zubair Ansari.
Sr. Network Consultant
CCIE # 23556
GSM : +968 96043105
From: Shahid Ansari [mailto:shahid1357_at_gmail.com]
Sent: Monday, January 10, 2011 10:29 AM
To: Zubair Ansari
Cc: Khurram Noor; Cisco certification
Subject: Re: P2P block using ASA
Not necessary Zubair ,
You can control P2P traffic by using modular policy framework and If you have
an IPS module even better.There are several signatures in IPS that address
bittorrent, 11031, 11030, 11020
Thanks
Shahid Ansari
On Sun, Jan 9, 2011 at 7:40 AM, Zubair Ansari
<Zubair_at_mhdinfotech.com<mailto:Zubair_at_mhdinfotech.com>> wrote:
You need CSC-SSM to block P2P traffic.
--
Best Regards,
Muhammad Zubair Ansari.
Sr. Network Consultant
CCIE # 23556
GSM : +968 96043105
-----Original Message-----
From: nobody_at_groupstudy.com<mailto:nobody_at_groupstudy.com>
[mailto:nobody_at_groupstudy.com<mailto:nobody_at_groupstudy.com>] On Behalf Of
Khurram Noor
Sent: Sunday, January 09, 2011 8:35 AM
To: Cisco certification
Subject: OT: P2P block using ASA
Hello everyone,
I would like to know, what is the possibility of blocking P2P traffic using
ASA firewall. The firewall does not have any AIP-SSM.
--
Khurram Noor
Blogs and organic groups at http://www.ccie.net