Guest

Cisco IOS Firewall

Instant Messaging Version Support in Cisco IOS FW App Inspection and Control

  • Viewing Options

  • PDF (55.1 KB)
  • Feedback

Introduction

Application inspection and control for instant messaging recognizes and controls the traffic from specific brands and versions of instant messaging software.
Cisco ® introduced classic firewall support for application inspection and control for instant messaging traffic in two phases. The first phase introduced application inspection and control for instant messaging carried on TCP 80 (typically used for HTTP) in Cisco IOS ® Software Release 12.3(14)T. Application inspection and control for native instant messaging was introduced in the second phase, in Cisco IOS Software Release 12.4(4)T.
Application inspection and control for instant messaging for the zone-based policy firewall was introduced in Cisco IOS Software Release 12.4(9)T.
This document describes the brand and version limitations of instant messaging application inspection and control on Cisco IOS Software.

Background

Instant messaging application inspection cannot offer options for service-specific control on unrecognized instant messaging versions, because the possibility exists that new functions may appear sufficiently similar to known behavior to allow undesired traffic through an otherwise acceptable configuration. Thus, there is no way to remove the default behavior of dropping connections for unrecognized instant messaging application traffic without compromising control of the traffic.
The only option for allowing unrecognized versions of instant messaging traffic is to remove the instant messaging application firewall policy.

Application Inspection and Control Version Support

Table 1 summarizes brands and versions supported in Cisco IOS Firewall instant messaging application inspection and control.

Table 1. Version Support

Service

Version

Capability Introduced in Cisco IOS Software Release

AOL Instant Messenger (AIM)

5.9.3702

12.4(4)T

Microsoft Messenger

6.2.0205

12.4(4)T

7.0.0816 and 7.5.0324

12.4(6)T

Yahoo! Messenger

6.* (YM protocol v12)

12.4(4)T

Cisco IOS Software Release 12.4(4)T introduced "native" (non-HTTP-encapsulated) instant messaging application inspection and control for the same instant messaging application brands and versions that were introduced in HTTP application inspection and control in Cisco IOS Software Release 12.3(14).

Troubleshooting Unsupported Instant Messaging Versions

If instant messaging inspection and control is applied with Cisco IOS Firewall and problems are observed using instant messaging applications, enable logging on the router and look for log messages similar to these:
*Mar 1 07:06:57.150: %APPFW-6-IM_YAHOO_CLIENT_VERSION: im-yahoo 192.168.2.6:2025 attempting to establish connection with yahoo server 216.155.193.133:5050 using an unsupported version of the client
*Mar 1 07:06:57.150: %FW-6-SESS_AUDIT_TRAIL: Stop im-yahoo session: initiator (192.168.2.6:2025) sent 20 bytes -- responder (216.155.193.133:5050) sent 20 bytes
If messages similar to these are observed, an unsupported instant messaging application version is in use on the network. If the usability of an unsupported instant messaging application is required, instant messaging inspection and control must be disabled until the application version support is integrated into Cisco IOS Software.