Cisco ASA Series Cli Configuration Manual page 1112
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
DNS Inspection
Command
Step 6
match [not] domain-name regex {regex_id |
class class_id]
For direct match only:
{drop [log] | drop-connection [log]|
enforce-tsig {[drop] [log]} | log}
Example:
hostname(config-pmap)# match domain-name
regex regex1
hostname(config-pmap-c)# drop-connection
Cisco ASA Series CLI Configuration Guide
1-6
Chapter 1
Configuring Inspection of Basic Internet Protocols
Purpose
Matches a DNS message domain name list. The regex_name
argument is a regular expression. The class regex_class_name is
a regular expression class map. See the
page
1-3.
To specify traffic that should not match, use the match not
command.
If you are matching directly in the inspection policy map, specify
the action for the match:
•
drop [log]—Drops the packet. log also logs the packet.
•
drop-connection [log]—Drops the packet and closes the
connection. log also logs the packet.
•
enforce-tsig {[drop] [log]}—Enforces the TSIG resource
record in a message. drop drops a packet without the TSIG
resource record. log also logs the packet.
•
log—Logs the packet.
"Prerequisites" section on
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
