Cisco ASA 5505 Configuration Manual page 822

Asa 5500 series
Hide thumbs Also See for ASA 5505:
Table of Contents

Advertisement

ICMP Inspection
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
ICMP Inspection
The ICMP inspection engine allows ICMP traffic to have a "session" so it can be inspected like TCP and
UDP traffic. Without the ICMP inspection engine, we recommend that you do not allow ICMP through
the adaptive security appliance in an access list. Without stateful inspection, ICMP can be used to attack
your network. The ICMP inspection engine ensures that there is only one response for each request, and
that the sequence number is correct.
Cisco ASA 5500 Series Configuration Guide using ASDM
37-38
Manage—Opens the Manage Regular Expressions dialog box, which lets you configure regular
expressions.
Regular Expression Class—Lists the defined regular expression classes to match.
Manage—Opens the Manage Regular Expression Class dialog box, which lets you configure
regular expression class maps.
Response Header Count—Applies the regular expression match to the header of the response
with a maximum number of headers.
Greater Than Count—Enter the maximum number of headers.
Response Header Length—Applies the regular expression match to the header of the response
with length greater than the bytes specified.
Greater Than Length—Enter a header length value in bytes.
Response Header non-ASCII—Matches non-ASCII characters in the header of the response.
Response Status Line—Applies the regular expression match to the status line.
Regular Expression—Lists the defined regular expressions to match.
Manage—Opens the Manage Regular Expressions dialog box, which lets you configure regular
expressions.
Regular Expression Class—Lists the defined regular expression classes to match.
Manage—Opens the Manage Regular Expression Class dialog box, which lets you configure
regular expression class maps.
Multiple Matches—Specifies multiple matches for the HTTP inspection.
H323 Traffic Class—Specifies the HTTP traffic class match.
Manage—Opens the Manage HTTP Class Maps dialog box to add, edit, or delete HTTP Class
Maps.
Action—Drop connection, reset, or log.
Log—Enable or disable.
Security Context
Transparent Single
Chapter 37
Configuring Inspection of Basic Internet Protocols
Multiple
Context
System
OL-20339-01

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

Asa 5510Asa 5540Asa 5520Asa 5550Asa 5580

Table of Contents