1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Software
  5. 4700M
  6. Configuration manual

Cisco 4700M Configuration Manual page 228

Application control engine appliance security
Hide thumbs Also See for 4700M:
Table of Contents

Advertisement

Configuring a Layer 3 and Layer 4 Application Protocol Inspection Traffic Policy
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
3-104
policy name1—(Optional) Specifies the name assigned to a previously
created Layer 7 FTP command inspection policy map to implement the
inspection of Layer 7 FTP commands by the ACE. Enter an unquoted text
string with no spaces and a maximum of 64 alphanumeric characters. Use
the inspect ftp command in policy map class configuration mode to
define the FTP command request inspection policy.
http—Enables enhanced HTTP inspection on HTTP traffic. By default, the
ACE allows all request methods.
policy name4—(Optional) Specifies the name assigned to a previously
created Layer 7 HTTP application inspection policy map to implement
the deep packet inspection of Layer 7 HTTP application traffic by the
ACE. The inspection checks are based on configured parameters in an
existing Layer 7 policy map and internal RFC compliance checks
performed by the ACE. Enter an unquoted text string with no spaces and
a maximum of 64 alphanumeric characters.
If you do not specify a Layer 7 policy map, the ACE performs a
Note
general set of Layer 3 and Layer 4 HTTP fixup actions and
internal RFC compliance checks.
url-logging—(Optional) Enables the monitoring of Layer 3 and Layer 4
traffic. This function logs every URL request that is sent in the specified
class of traffic, including the source or destination IP address and the
URL that is accessed.
icmp—Enables ICMP payload inspection. ICMP inspection allows ICMP
traffic to have a "session" so it can be inspected similarly to TCP and UDP
traffic.
error—(Optional) Performs a NAT of ICMP error messages. The ACE
creates translation sessions for intermediate or endpoint nodes that send
ICMP error messages based on the NAT configuration. The ACE overwrites
the packet with the translated IP addresses.
ils—Enables Internet Locator Service (ILS) protocol inspection.
rtsp—Enables RTSP packet inspection. RTSP is used by RealAudio,
RealNetworks, Apple QuickTime 4, RealPlayer, and Cisco IP/TV
connections. The ACE monitors Setup and Response (200 OK) messages in
the control channel established using TCP port 554 (no UDP support).
Chapter 3
Configuring Application Protocol Inspection
OL-16202-01

Advertisement

Table of Contents
loading

Related Manuals for Cisco 4700M

Related Products for Cisco 4700M

This manual is also suitable for:

4700 series

Table of Contents