Cisco ASA Series Cli Configuration Manual page 1102
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Configuring Application Layer Protocol Inspection
class-map inspection_default
match default-inspection-traffic
match access-list inspect
!
To inspect FTP traffic on port 21 as well as 1056 (a non-standard port), create an access list that specifies
the ports, and assign it to a new class map:
hostname(config)# access-list ftp_inspect extended permit tcp any any eq 21
hostname(config)# access-list ftp_inspect extended permit tcp any any eq 1056
hostname(config)# class-map new_inspection
hostname(config-cmap)# match access-list ftp_inspect
Step 2
(Optional) Some inspection engines let you control additional parameters when you apply the inspection
to the traffic. See the following sections to configure an inspection policy map for your application:
•
DCERPC—See the
Control" section on page 1-2
•
DNS—See the
page 1-3
•
ESMTP—See the
Control" section on page 1-33
•
FTP—See the
section on page
•
GTP—See the
section on page
•
H323—See the
section on page 1-6
•
HTTP—See the
section on page
•
Instant Messaging—See the
Additional Inspection Control" section on page 1-21
•
IP Options—See the
Control" section on page 1-25
•
IPsec Pass Through—See the
•
IPv6—See the
•
MGCP—See the
section on page
•
NetBIOS—See the
Control" section on page 1-30
•
RADIUS Accounting—See the
Inspection Control" section on page 1-9
•
RTSP—See the
section on page 1-16
•
ScanSafe (Cloud Web Security)—See the
Web Security" section on page 25-11
•
SIP—See the
on page 1-20
Cisco ASA Series CLI Configuration Guide
1-8
Chapter 1
"Configuring a DCERPC Inspection Policy Map for Additional Inspection
"(Optional) Configuring a DNS Inspection Policy Map and Class Map" section on
"Configuring an ESMTP Inspection Policy Map for Additional Inspection
"Configuring an FTP Inspection Policy Map for Additional Inspection Control"
1-12.
"Configuring a GTP Inspection Policy Map for Additional Inspection Control"
1-4.
"Configuring an H.323 Inspection Policy Map for Additional Inspection Control"
"Configuring an HTTP Inspection Policy Map for Additional Inspection Control"
1-16.
"Configuring an Instant Messaging Inspection Policy Map for
"Configuring an IP Options Inspection Policy Map for Additional Inspection
"IPsec Pass Through Inspection" section on page 11-64
"(Optional) Configuring an IPv6 Inspection Policy Map" section on page 11-68
"Configuring an MGCP Inspection Policy Map for Additional Inspection Control"
1-13.
"Configuring a NetBIOS Inspection Policy Map for Additional Inspection
"Configuring a RADIUS Inspection Policy Map for Additional
"Configuring an RTSP Inspection Policy Map for Additional Inspection Control"
"Configuring a SIP Inspection Policy Map for Additional Inspection Control" section
Getting Started with Application Layer Protocol Inspection
"Configuring a Service Policy to Send Traffic to Cloud
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
