ICMP Inspection
The following example shows how to define an HTTP inspection policy map that will allow and log any
HTTP connection that attempts to access "www\.example.com/.*\.asp" or
"www\.example[0-9][0-9]\.com" with methods "GET" or "PUT." All other URL/Method combinations
will be silently allowed.
hostname(config)# regex url1 "www\.example.com/.*\.asp"
hostname(config)# regex url2 "www\.example[0-9][0-9]\.com"
hostname(config)# regex get "GET"
hostname(config)# regex put "PUT"
hostname(config)# class-map type regex match-any url_to_log
hostname(config-cmap)# match regex url1
hostname(config-cmap)# match regex url2
hostname(config-cmap)# exit
hostname(config)# class-map type regex match-any methods_to_log
hostname(config-cmap)# match regex get
hostname(config-cmap)# match regex put
hostname(config-cmap)# exit
hostname(config)# class-map type inspect http http_url_policy
hostname(config-cmap)# match request uri regex class url_to_log
hostname(config-cmap)# match request method regex class methods_to_log
hostname(config-cmap)# exit
hostname(config)# policy-map type inspect http http_policy
hostname(config-pmap)# class http_url_policy
hostname(config-pmap-c)# log
ICMP Inspection
ICMP inspection is disabled by default.
For information about ICMP inspection, see the inspect icmp and inspect icmp error command pages
in the Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Command
Reference.
ILS Inspection
ILS inspection is disabled by default.
For information about ILS inspection, see the inspect ils command page in the Catalyst 6500 Series
Switch and Cisco 7600 Series Router Firewall Services Module Command Reference.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
22-64
Where the string argument is the string to substitute for the server header field. Note: WebVPN
streams are not subject to the spoof-server command.
Chapter 22
Applying Application Layer Protocol Inspection
OL-20748-01