利用ASA/PIX封杀MSN配置案例

network

利用ASA/PIX封杀MSN配置案例


配置案例
例一
class-map type inspect im match-all MSN－－－－－这两个条件都匹配才做drop
match protocol msn-im
match peer-ip-address 192.168.32.47 255.255.255.255

policy-map type inspect im MSN
parameters
class MSN
  drop-connection log

policy-map global_policy
class inspection_default
  inspect im MSN
只有192.168.32.47这个IP地址不能登入MSN

pix515(config-pmap)# sh service-policy inspect im

Global policy:
  Service-policy: global_policy
    Class-map: inspection_default
      Inspect: im MSN, packet 65012, drop 6, reset-drop 0
        class MSN
          drop-connection log, packet 6



例二
class-map type inspect im match-all MSN
match protocol msn-im
match ip-address 192.168.32.47 255.255.255.255
match service chat

policy-map type inspect im MSN
parameters
class MSN
  drop-connection log

policy-map global_policy
class inspection_default
  inspect im MSN
192.168.32.47可以登入了，但是不能文字聊天

例三
class-map type inspect im match-any MSN－－－－匹配下面任何一个条件的做drop
match protocol msn-im yahoo-im
match service chat conference file-transfer games webcam
match ip-address 192.168.32.47 255.255.255.255

  Service-policy: global_policy
    Class-map: inspection_default
      Inspect: im MSN, packet 47447, drop 40, reset-drop 0
        class MSN (match-any)
          Match: protocol msn-im yahoo-im , 40 packets
          Match: service chat conference file-transfer webcam , 0 packets
          drop-connection log, packet 40

feng02012

强悍 感谢！

user_2008

学习中。。。。。。。顶顶顶