Cisco ASA Series Cli Configuration Manual page 1090

Software version 9.0 for the services module

Hide thumbs Also See for ASA Series:

Configuration manual (429 pages)

Getting started (31 pages)

Mount and connect (12 pages)

Table of Contents

Identifying Traffic in an Inspection Class Map

Restrictions

Not all applications support inspection class maps. See the CLI help for class-map type inspect for a

list of supported applications.

Detailed Steps

Create a regular expression.

class-map type inspect application

[match-all | match-any] class_map_name

hostname(config)# class-map type inspect

http http_traffic

hostname(config-cmap)#

description string

hostname(config-cmap)# description All UDP

Define the traffic to include in the class by

entering one or more match commands available

for your application.

The following example creates an HTTP class map that must match all criteria:

hostname(config-cmap)# class-map type inspect http match-all http-traffic

hostname(config-cmap)# match req-resp content-type mismatch

hostname(config-cmap)# match request body length gt 1000

hostname(config-cmap)# match not request uri regex class URLs

The following example creates an HTTP class map that can match any of the criteria:

hostname(config-cmap)# class-map type inspect http match-any monitor-http

hostname(config-cmap)# match request method get

hostname(config-cmap)# match request method put

hostname(config-cmap)# match request method post

Cisco ASA Series CLI Configuration Guide

Configuring Special Actions for Application Inspections (Inspection Policy Map)

"Defining Actions in an Inspection Policy Map" section

Creates an inspection class map, where the application is the

application you want to inspect. For supported applications, see

the CLI help for a list of supported applications or see

"Getting Started with Application Layer Protocol Inspection."

The class_map_name argument is the name of the class map up to

40 characters in length.

The match-all keyword is the default, and specifies that traffic

must match all criteria to match the class map.

The match-any keyword specifies that the traffic matches the

class map if it matches at least one of the criteria.

The CLI enters class-map configuration mode, where you can

enter one or more match commands.

Adds a description to the class map.

To specify traffic that should not match the class map, use the

match not command. For example, if the match not command

specifies the string "example.com," then any traffic that includes

"example.com" does not match the class map.

To see the match commands available for each application, see

the appropriate inspection chapter.

Show Quick Links

Chapters

Table of Contents

Troubleshooting

Cisco ASA Series Cli Configuration Manual page 1090

Hide quick links:

Chapters

Troubleshooting

Related Manuals for Cisco ASA Series

Related Products for Cisco ASA Series

This manual is also suitable for:

Table of Contents