Cisco ASA Series Configuration Manual page 246

Configure Service Policies
You can create a self-contained inspection policy map that identifies the traffic directly with match
commands, or you can create an inspection class map for reuse or for more complicated matching. For
example, you could match text within a inspected packets using a regular expression or a group of regular
expressions (a regular expression class map), and target actions based on narrower criteria. For example,
you might want to drop all HTTP requests with a URL including the text "example.com."
Regular Expression Statement/
Regular Expression Class Map
See Configure Application Layer Protocol Inspection, page
Define the actions you want to perform on each Layer 3/4 class map by creating a Layer 3/4 policy map,
Step 3
as described in
Determine on which interfaces you want to apply the policy map, or apply it globally, as described in
Step 4
Apply Actions to an Interface (Service Policy), page
Cisco ASA Series Firewall CLI Configuration Guide
11-12
Inspection Policy Map Actions
Inspection Class Map/
Match Commands
Define Actions (Layer 3/4 Policy Map), page
Layer 3/4 Policy Map
Connection Limits
Inspection
IPS
Chapter 11 Service Policy Using the Modular Policy Framework
12-9.
11-16.
Connection Limits
Inspection
11-17.
Service Policy