Cisco ASA Series Configuration Manual page 299
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 13
Inspection of Basic Internet Protocols
Procedure
Step 1
If necessary, create an L3/L4 class map to identify the traffic for which you want to apply the inspection.
class-map name
match parameter
Example:
hostname(config)# class-map im_class_map
hostname(config-cmap)# match access-list im
In the default global policy, the inspection_default class map is a special class map that includes default
ports for all inspection types (match default-inspection-traffic). If you are using this class map in
either the default policy or for a new service policy, you can skip this step.
For information on matching statements, see
Add or edit a policy map that sets the actions to take with the class map traffic.
Step 2
policy-map name
Example:
hostname(config)# policy-map global_policy
In the default configuration, the global_policy policy map is assigned globally to all interfaces. If you
want to edit the global_policy, enter global_policy as the policy name.
Step 3
Identify the L3/L4 class map you are using for IM inspection.
class name
Example:
hostname(config-pmap)# class inspection_default
To edit the default policy, or to use the special inspection_default class map in a new policy, specify
inspection_default for the name. Otherwise, you are specifying the class you created earlier in this
procedure.
Configure IM inspection.
Step 4
inspect im [im_policy_map]
Where im_policy_map is the optional IM inspection policy map. You need a map only if you want
non-default inspection processing. For information on creating the IM inspection policy map, see
Configure an Instant Messaging Inspection Policy Map, page
Example:
hostname(config-class)# no inspect im
hostname(config-class)# inspect im im-map
Note
Step 5
If you are editing an existing service policy (such as the default global policy called global_policy), you
are done. Otherwise, activate the policy map on one or more interfaces.
service-policy policymap_name {global | interface interface_name}
If you are editing the default global policy (or any in-use policy) to use a different IM inspection
policy map, you must remove the IM inspection with the no inspect im command, and then
re-add it with the new IM inspection policy map name.
Identify Traffic (Layer 3/4 Class Maps), page
13-22.
Cisco ASA Series Firewall CLI Configuration Guide
Instant Messaging Inspection
11-13.
13-25
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
