Table of Contents
Advertisement
Class Maps
Configure Deep Packet Inspection
Class Maps
Cisco Router and Security Device Manager 2.5 User's Guide
37-6
Add or Edit a Point-to-Point Class Map
•
Add or Edit an Instant Messaging Class Map
•
Layer 7 (application) inspection augments Layer 4 inspection with the capability
to recognize and apply service-specific actions, such as selectively blocking or
allowing file search, file transfer, and text chat capabilities. Service-specific
capabilities vary by service.
If you are creating a new policy map, enter a name in the Policy Map Name field.
You can also add a description. Click Add > New Class Map to create a new
Point-to-Point class map.
information on how to create this type of class map. Click Add > class default to
add the default class map.
When the class map appears in the table, specify the action that you want taken
when a match is found, and whether you want matches logged. You can specify
<None>, Reset, or Allow. In the following example, there are
gnutella and eDonkey.
Match Class Name
gnutellaCMap
eDonkeyCMap
Class maps define the traffic that a Zone-Policy Based Firewall (ZPF) selects for
policy application. Layer 4 class maps sort the traffic based on the following
criteria:
Access group—A standard, extended, or named Access Control List can filter
•
traffic based on source and destination IP address and on source and
destination port.
Protocol—The Layer 4 protocols (TCP, UDP, and ICMP) and application
•
services such as HTTP, SMTP, DNS, etc. Any well-known or user-defined
service known to PAM may be specified.
Chapter 37
Cisco Common Classification Policy Language
Add or Edit a Point-to-Point Class Map
Action
Allow
Reset
provides
P2P
class maps for
Log
X
OL-4015-12
Advertisement
Table of Contents
Troubleshooting
