Application inspection and control for instant messaging recognizes and controls the traffic from specific brands and versions of instant messaging software.
Cisco® introduced classic firewall support for application inspection and control for instant messaging traffic in two phases. The first phase introduced application inspection and control for instant messaging carried on TCP 80 (typically used for HTTP) in Cisco IOS® Software Release 12.3(14)T. Application inspection and control for native instant messaging was introduced in the second phase, in Cisco IOS Software Release 12.4(4)T.
Application inspection and control for instant messaging for the zone-based policy firewall was introduced in Cisco IOS Software Release 12.4(9)T.
This document describes the brand and version limitations of instant messaging application inspection and control on Cisco IOS Software.
Instant messaging application inspection cannot offer options for service-specific control on unrecognized instant messaging versions, because the possibility exists that new functions may appear sufficiently similar to known behavior to allow undesired traffic through an otherwise acceptable configuration. Thus, there is no way to remove the default behavior of dropping connections for unrecognized instant messaging application traffic without compromising control of the traffic.
The only option for allowing unrecognized versions of instant messaging traffic is to remove the instant messaging application firewall policy.
Application Inspection and Control Version Support
Table 1 summarizes brands and versions supported in Cisco IOS Firewall instant messaging application inspection and control.
Table 1. Version Support
Capability Introduced in Cisco IOS Software Release
AOL Instant Messenger (AIM)
7.0.0816 and 7.5.0324
6.* (YM protocol v12)
Cisco IOS Software Release 12.4(4)T introduced "native" (non-HTTP-encapsulated) instant messaging application inspection and control for the same instant messaging application brands and versions that were introduced in HTTP application inspection and control in Cisco IOS Software Release 12.3(14).
If instant messaging inspection and control is applied with Cisco IOS Firewall and problems are observed using instant messaging applications, enable logging on the router and look for log messages similar to these:
*Mar 1 07:06:57.150: %APPFW-6-IM_YAHOO_CLIENT_VERSION: im-yahoo 192.168.2.6:2025 attempting to establish connection with yahoo server 22.214.171.124:5050 using an unsupported version of the client
*Mar 1 07:06:57.150: %FW-6-SESS_AUDIT_TRAIL: Stop im-yahoo session: initiator (192.168.2.6:2025) sent 20 bytes -- responder (126.96.36.199:5050) sent 20 bytes
If messages similar to these are observed, an unsupported instant messaging application version is in use on the network. If the usability of an unsupported instant messaging application is required, instant messaging inspection and control must be disabled until the application version support is integrated into Cisco IOS Software.