Cisco ASA Series Cli Configuration Manual page 1083
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 1
Configuring a Service Policy Using the Modular Policy Framework
Configuration Examples for Modular Policy Framework
hostname(config-pmap-c)# inspect http
hostname(config)# service-policy policy_serverB interface inside
hostname(config)# service-policy policy_serverA interface outside
Applying Inspection to HTTP Traffic with NAT
In this example, the Host on the inside network has two addresses: one is the real IP address 192.168.1.1,
and the other is a mapped IP address used on the outside network, 209.165.200.225. You must use the
real IP address in the access list in the class map. If you applied it to the outside interface, you would
also use the real address.
Figure 1-4
HTTP Inspection with NAT
Security
appliance
port 80
insp.
inside
outside
Host
Server
Real IP: 192.168.1.1
209.165.201.1
Mapped IP: 209.165.200.225
See the following commands for this example:
hostname(config)# object network obj-192.168.1.1
hostname(config-network-object)# host 192.168.1.1
hostname(config-network-object)# nat (VM1,outside) static 209.165.200.225
hostname(config)# access-list http_client extended permit tcp host 192.168.1.1 any eq 80
hostname(config)# class-map http_client
hostname(config-cmap)# match access-list http_client
hostname(config)# policy-map http_client
hostname(config-pmap)# class http_client
hostname(config-pmap-c)# inspect http
hostname(config)# service-policy http_client interface inside
Cisco ASA Series CLI Configuration Guide
1-21
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
