1 Reply Latest reply: Jun 27, 2012 11:02 PM by Aaron RSS

    how to block SSTP protocol either via router or  asa or ips ????

    Kamran Shakil

      I have a client who is using SSTP protocol and i have seen his vpn software and he makes it through the ASA and CISCO ISR ? Please tell me the possible method to block him or any use who is using SSTP protocol ????

       

      I hope experts will surely see it as a good challenging question since SSTP is an advanced version of PPTP and L2TP (i think it is secure protocol)....

       

       

      awaiting response !

        • 1. Re: how to block SSTP protocol either via router or  asa or ips ????
          Aaron

          Hi,

           

          SSTP works in this way:

          First, a TCP connection on port 443 is established.

          Second, SSL Negotiation starts, server certificate is downloaded and validated.

          Third, SSTP control over HTTP is sent.

          Fourth, PPP connection and authentication.

          Fifth, authentication verified bind for IP traffic flow.

          Sixth, PPP over SSTP encapsulated traffic between hosts.

           

          Now, the key is in the third step. Here we leverage the fact that within the HTTP CONNECT header there's a value we'll use to block in our firewall. The string is SSTP_VERSION:*

          Obviously it's not as easy as blocking a port or protocol, but with a Layer-7 policy we can beat the "new, fantastic and unbeatable" VPN protocol.

           

          Cheers,