[c-nsp] Block Ultra Surf v14 on ASA
Nick Hilliard
nick at foobar.org
Wed Feb 18 12:06:29 EST 2015
On 18/02/2015 16:53, Chuck Church wrote:
> That will technically accomplish the requested goal. There may be a bunch
> of side effects though.
yes, it will block all https. This is what happens when you try to block a
VPN system which was explicitly designed to be difficult to block.
The real answer to the question is that this application cannot be blocked
with an ASA. The OP will need to buy very expensive DPI hardware to guess
what sort of port 443 traffic is https and what sort is VPN traffic.
Nick
More information about the cisco-nsp
mailing list