[c-nsp] Block Ultra Surf v14 on ASA
Mohamed Nagy
eng.mohamednagy at gmail.com
Wed Feb 18 19:08:50 EST 2015
Yes i cannot block all https port it will be Catastrophic in my network is
there another solution's from asa ??
On Wed, Feb 18, 2015 at 7:06 PM, Nick Hilliard <nick at foobar.org> wrote:
> On 18/02/2015 16:53, Chuck Church wrote:
> > That will technically accomplish the requested goal. There may be a
> bunch
> > of side effects though.
>
> yes, it will block all https. This is what happens when you try to block a
> VPN system which was explicitly designed to be difficult to block.
>
> The real answer to the question is that this application cannot be blocked
> with an ASA. The OP will need to buy very expensive DPI hardware to guess
> what sort of port 443 traffic is https and what sort is VPN traffic.
>
> Nick
>
>
>
More information about the cisco-nsp
mailing list