Configuring And Enabling Smtp And Extended Smtp Application Inspection - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
SMTP and Extended SMTP Inspection
Configuring and Enabling SMTP and Extended SMTP Application Inspection
SMTP inspection is enabled by default.
To enable SMTP or extended SMTP inspection, perform the following steps:
Determine the ports that SMTP servers behind the FWSM listen to for SMTP traffic. The default port is
Step 1
TCP port 25 but your SMTP servers may be configured to listen to other ports.
Create a class map or modify an existing class map to identify SMTP traffic. Use the class-map
Step 2
command to do so, as follows:
hostname(config)# class-map class_map_name
hostname(config-cmap)#
where class_map_name is the name of the traffic class. When you enter the class-map command, the
CLI enters class map configuration mode.
Step 3
Use a match command to identify traffic sent to the SMTP ports you determined in
If the port mapper process listens to a single port, you can use the match port command to identify
traffic sent to that port, as follows:
hostname(config-cmap)# match port tcp eq port_number
where port_number is the port to which the port mapper process listens. If you need to assign a range of
contiguous ports, use the range keyword, as in the following example:
hostname(config-cmap)# match port tcp range begin_port_number end_port_number
Tip
Create a policy map that you want to use to apply the SMTP inspection engine to the SMTP traffic. To
Step 4
do so, use the policy-map command, as follows:
hostname(config-cmap)# policy-map policy_map_name
hostname(config-pmap)#
where policy_map_name is the name of the policy map. The CLI enters the policy map configuration
mode and the prompt changes accordingly.
Specify the class map, created in
Step 5
so, as follows:
hostname(config-pmap)# class class_map_name
hostname(config-pmap-c)#
where class_map_name is the name of the class map you created in
map class configuration mode and the prompt changes accordingly.
Do one of the following:
Step 6
a.
b.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
22-96
To identify two or more non-contiguous ports, enter the access-list extended command and
define an ACE to match each port. Then, rather than the match port command, use the match
access-list command to associate the access list with the SMTP traffic class.
To enable extended SMTP application inspection, enter the following command:
hostname(config-pmap-c)# inspect esmtp
To enable SMTP application inspection, enter the following command:
hostname(config-pmap-c)# inspect smtp
Chapter 22
Step
2, that identifies the SMTP traffic. Use the class command to do
Applying Application Layer Protocol Inspection
Step
1.
Step
2. The CLI enters the policy
OL-20748-01
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
