Cisco PIX 500 Series Configuration Manual page 470
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Configuring Application Inspection
hostname(config-cmap)# show running-config class-map inspection_default
!
class-map inspection_default
match default-inspection-traffic
match access-list inspect
!
To inspect FTP traffic on port 21 as well as 1056 (a non-standard port), create an access list that specifies
the ports, and assign it to a new class map:
hostname(config)# access-list ftp_inspect extended permit tcp any any eq 21
hostname(config)# access-list ftp_inspect extended permit tcp any any eq 1056
hostname(config)# class-map new_inspection
hostname(config-cmap)# match access-list ftp_inspect
(Optional) Some inspection engines let you control additional parameters when you apply the inspection
Step 2
to the traffic. See the following sections to configure an inspection policy map for your application:
DCERPC—See the
•
Control" section on page 25-12
DNS—See the
•
section on page 25-21
ESMTP—See the
•
Control" section on page 25-24
FTP—See the
•
section on page
GTP—See the
•
section on page
H323—See the
•
section on page 25-39
HTTP—See the
•
section on page
Instant Messaging—See the
•
Additional Inspection Control" section on page 25-49
MGCP—See the
•
section on page
NetBIOS—See the
•
Control" section on page 25-58
RADIUS Accounting—See the
•
Inspection Control" section on page 25-61
RTSP—See the
•
section on page 25-63
SIP—See the
•
on page 25-67
Skinny—See the
•
Control" section on page 25-73
SNMP—See the
•
To add or edit a Layer 3/4 policy map that sets the actions to take with the class map traffic, enter the
Step 3
following command:
hostname(config)# policy-map name
Cisco Security Appliance Command Line Configuration Guide
25-6
"Configuring a DCERPC Inspection Policy Map for Additional Inspection
"Configuring a DNS Inspection Policy Map for Additional Inspection Control"
"Configuring an ESMTP Inspection Policy Map for Additional Inspection
"Configuring an FTP Inspection Policy Map for Additional Inspection Control"
25-27.
"Configuring a GTP Inspection Policy Map for Additional Inspection Control"
25-32.
"Configuring an H.323 Inspection Policy Map for Additional Inspection Control"
"Configuring an HTTP Inspection Policy Map for Additional Inspection Control"
25-45.
"Configuring an Instant Messaging Inspection Policy Map for
"Configuring an MGCP Inspection Policy Map for Additional Inspection Control"
25-56.
"Configuring a NetBIOS Inspection Policy Map for Additional Inspection
"Configuring a RADIUS Inspection Policy Map for Additional
"Configuring an RTSP Inspection Policy Map for Additional Inspection Control"
"Configuring a SIP Inspection Policy Map for Additional Inspection Control" section
"Configuring a Skinny (SCCP) Inspection Policy Map for Additional Inspection
"SNMP Inspection" section on page
Chapter 25
Configuring Application Layer Protocol Inspection
25-76.
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
