Instant Messaging Inspection (CCIE Notes)


Configuration for IM inspection:-

class-map type inspect im match-all imservices_class
 match service conference file-transfer games webcam 
 match protocol msn-im yahoo-im
 match ip-address 10.1.1.0 255.255.255.0
!
policy-map type inspect im imservices_policy
 parameters
 class imservices_class
 reset log
!
policy-map global_policy
 class inspection_default
 inspect im imservices_policy
Note: Multiple L7 class-maps can be configured and referenced under a single L7 policy-map.

Verification;

ASA-FW# show service-policy inspect im 
Global policy: 
 Service-policy: global_policy
 Class-map: inspection_default
 Inspect: im imservices_policy, packet 0, drop 0, reset-drop 0
 tcp-proxy: bytes in buffer 0, bytes dropped 0
 class imservices_class
 reset log, packet 0

Matches that can be made for an IM application (yahoo or msn) under a L7 class-map or L7 policy-map;

ASA-FW(config-pmap)# match ?

mpf-policy-map mode commands/options:
 filename           Match filename from IM file transfer service
 ip-address         Match client IP address for IM application or service
 login-name         Match client login-name from IM service
 not                Negate this match result
 peer-ip-address    Match peer (client/server) IP add for IM application or service
 peer-login-name    Match client peer login name from IM service
 protocol           Match an Instant Messenger Protocol
 service            Match an Instant Messenger Service
 version            Match version from IM file transfer service

Bookmark to follow my CCIE Security v4 journey -> https://networkology.net/tag/ccie

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s