Defining Actions In An Inspection Policy Map - Cisco PIX 500 Series Configuration Manual

Chapter 21 Using Modular Policy Framework
The following example creates an HTTP class map that can match any of the criteria:
hostname(config-cmap)# class-map type inspect http match-any monitor-http
hostname(config-cmap)# match request method get
hostname(config-cmap)# match request method put
hostname(config-cmap)# match request method post

Defining Actions in an Inspection Policy Map

When you enable an inspection engine in the Layer 3/4 policy map, you can also optionally enable
actions as defined in an inspection policy map.
To create an inspection policy map, perform the following steps:
To create the HTTP inspection policy map, enter the following command:
Step 1
hostname(config)# policy-map type inspect application policy_map_name
hostname(config-pmap)#
See the
inspection policy maps.
The policy_map_name argument is the name of the policy map up to 40 characters in length. All types
of policy maps use the same name space, so you cannot reuse a name already used by another type of
policy map. The CLI enters policy-map configuration mode.
To apply actions to matching traffic, perform the following steps:
Step 2
a.
b.
OL-12172-03
"Configuring Application Inspection" section on page 25-5
Specify the traffic on which you want to perform actions using one of the following methods:
• Specify the inspection class map that you created in the
Class Map" section on page 21-10
hostname(config-pmap)# class class_map_name
hostname(config-pmap-c)#
Not all applications support inspection class maps.
Specify traffic directly in the policy map using one of the match commands described for each
•
application in Chapter 25, "Configuring Application Layer Protocol Inspection."
match not command, then any traffic that matches the criterion in the match not command does
not have the action applied.
Specify the action you want to perform on the matching traffic by entering the following command:
hostname(config-pmap-c)# {[drop [send-protocol-error] |
drop-connection [send-protocol-error]| mask | reset] [log] | rate-limit message_rate }
Not all options are available for each application. Other actions specific to the application might also
be available. See Chapter 25, "Configuring Application Layer Protocol Inspection,"
options available.
The drop keyword drops all packets that match.
The send-protocol-error keyword sends a protocol error message.
The drop-connection keyword drops the packet and closes the connection.
The mask keyword masks out the matching portion of the packet.
The reset keyword drops the packet, closes the connection, and sends a TCP reset to the server
and/or client.
Configuring Special Actions for Application Inspections
for a list of applications that support
"Identifying Traffic in an Inspection
by entering the following command:
Cisco Security Appliance Command Line Configuration Guide
If you use a
for the exact
21-11