Cisco ASA 5505 Configuration Manual page 608

Task Flows for Configuring Service Policies
Default Traffic Classes
The configuration includes a default traffic class that the adaptive security appliance uses in the default
global policy called Default Inspection Traffic; it matches the default inspection traffic. This class,
which is used in the default global policy, is a special shortcut to match the default ports for all
inspections. When used in a policy, this class ensures that the correct inspection is applied to each packet,
based on the destination port of the traffic. For example, when UDP traffic for port 69 reaches the
adaptive security appliance, then the adaptive security appliance applies the TFTP inspection; when TCP
traffic for port 21 arrives, then the adaptive security appliance applies the FTP inspection. So in this case
only, you can configure multiple inspections for the same class map. Normally, the adaptive security
appliance does not use the port number to determine which inspection to apply, thus giving you the
flexibility to apply inspections to non-standard ports, for example.
Another class map that exists in the default configuration is called class-default, and it matches all
traffic. You can use the class-default class if desired, rather than using the Any traffic class. In fact, some
features are only available for class-default, such as QoS traffic shaping.
Task Flows for Configuring Service Policies
This section includes the following topics:
•
Task Flow for Configuring a Service Policy Rule
Configuring a service policy consists of adding one or more service policy rules per interface or for the
global policy. For each rule, you identify the following elements:
Identify the interface to which you want to apply the rule, or identify the global policy.
Step 1
Identify the traffic to which you want to apply actions. You can identify Layer 3 and 4 through traffic.
Step 2
Apply actions to the traffic class. You can apply multiple actions for each traffic class.
Step 3
Adding a Service Policy Rule for Through Traffic
See the
service policy rule for through traffic, perform the following steps:
Choose Configuration > Firewall > Service Policy Rules pane, and click Add.
Step 1
The Add Service Policy Rule Wizard - Service Policy dialog box appears.
Note
Cisco ASA 5500 Series Configuration Guide using ASDM
29-8
Task Flow for Configuring a Service Policy Rule, page 29-8
"Supported Features for Through Traffic" section on page 29-1
When you click the Add button, and not the small arrow on the right of the Add button, you add
a through traffic rule by default. If you click the arrow on the Add button, you can choose
between a through traffic rule and a management traffic rule.
Chapter 29 Configuring a Service Policy
for more information. To add a
OL-20339-01