Cisco ASA Series Cli Configuration Manual page 1071
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 1
Configuring a Service Policy Using the Modular Policy Framework
inspect ip-options _default_ip_options_map
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp _default_esmtp_map
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
Note
See the
special match default-inspection-traffic command used in the default class map.
Default Class Maps
The configuration includes a default Layer 3/4 class map that the ASA uses in the default global policy
called default-inspection-traffic; it matches the default inspection traffic. This class, which is used in the
default global policy, is a special shortcut to match the default ports for all inspections. When used in a
policy, this class ensures that the correct inspection is applied to each packet, based on the destination
port of the traffic. For example, when UDP traffic for port 69 reaches the ASA, then the ASA applies the
TFTP inspection; when TCP traffic for port 21 arrives, then the ASA applies the FTP inspection. So in
this case only, you can configure multiple inspections for the same class map. Normally, the ASA does
not use the port number to determine which inspection to apply, thus giving you the flexibility to apply
inspections to non-standard ports, for example.
class-map inspection_default
match default-inspection-traffic
Another class map that exists in the default configuration is called class-default, and it matches all
traffic. This class map appears at the end of all Layer 3/4 policy maps and essentially tells the ASA to
not perform any actions on all other traffic. You can use the class-default class if desired, rather than
making your own match any class map. In fact, some features are only available for class-default, such
as QoS traffic shaping.
class-map class-default
match any
Task Flows for Configuring Service Policies
This section includes the following topics:
•
•
Task Flow for Using the Modular Policy Framework
To configure Modular Policy Framework, perform the following steps:
"Incompatibility of Certain Feature Actions" section on page 1-5
Task Flow for Using the Modular Policy Framework, page 1-9
Task Flow for Configuring Hierarchical Policy Maps for QoS Traffic Shaping, page 1-11
Task Flows for Configuring Service Policies
for more information about the
Cisco ASA Series CLI Configuration Guide
1-9
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
