Table Of Contents - Cisco ASA 5506-X Configuration Manual

Chapter 6 Getting Started with Application Layer Protocol Inspection
Table 6-1 Supported Application Inspection Engines (continued)
Application Default Port NAT Limitations
WAAS TCP/1-
65535
XDMCP UDP/177
The default policy configuration includes the following commands:
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225 _default_h323_map
inspect h323 ras _default_h323_map
inspect ip-options _default_ip_options_map
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp _default_esmtp_map
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
Default Inspection Policy Maps
Some inspection types use hidden default policy maps. For example, if you enable ESMTP inspection
without specifying a map, _default_esmtp_map is used.
The default inspection is described in the sections that explain each inspection type. You can view these
default maps using the show running-config all policy-map command.
DNS inspection is the only one that uses an explicitly-configured default map, preset_dns_map.
Configure Application Layer Protocol Inspection
You configure application inspection in service policies. Service policies provide a consistent and
flexible way to configure ASA features. For example, you can use a service policy to create a timeout
configuration that is specific to a particular TCP application, as opposed to one that applies to all TCP
No extended PAT.
No NAT64.
No extended PAT.
No NAT64.
(Clustering) No static PAT.
message-length maximum client auto
message-length maximum 512
dns-guard
protocol-enforcement
nat-rewrite
Configure Application Layer Protocol Inspection
Standards Comments
- -
- -
Cisco ASA Series Firewall CLI Configuration Guide
6-9