Hello,
as far as I can see there is no way to block Skype via a Pix firewall. Now there is NBAR in Cico's IOS 12.4T. I thought I blocked it but it doesn't seem to work:
Version 12.4(4)T3
class-map match-any peer2peer description "Peer-to-peer stuff" match protocol gnutella match protocol edonkey match protocol fasttrack match protocol napster match protocol kazaa2 match protocol skype match protocol bittorrent ! policy-map p2p-drop description "Drop the unwanted peer-to-peer stuff" class peer2peer drop
interface GigabitEthernet0/0 ip address 192.168.8.254 255.255.255.248 no ip mroute-cache duplex auto speed auto no cdp enable service-policy input p2p-drop service-policy output p2p-drop
What is wrong here?
Regards, Christoph Gartmann