Cisco 7604 Configuration Manual page 517
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Chapter 22
Applying Application Layer Protocol Inspection
where port_number is the port to which the port mapper process listens. If you need to assign a range of
contiguous ports, use the range keyword, as in the following example:
hostname(config-cmap)# match port tcp range begin_port_number end_port_number
Tip
Create a policy map or modify an existing policy map that you want to use to apply the Sun RPC
Step 4
inspection engine to the Sun RPC traffic. To do so, use the policy-map command, as follows:
hostname(config-cmap)# policy-map policy_map_name
hostname(config-pmap)#
where policy_map_name is the name of the policy map. The CLI enters the policy map configuration
mode and the prompt changes accordingly.
Specify the class map, created in
Step 5
do so, as follows:
hostname(config-pmap)# class class_map_name
hostname(config-pmap-c)#
where class_map_name is the name of the class map you created in
map class configuration mode and the prompt changes accordingly.
Enable Sun RPC application inspection. To do so, enter the following command:
Step 6
hostname(config-pmap-c)# inspect sunrpc
hostname(config-pmap-c)#
Use the service-policy command to apply the policy map globally or to a specific interface, as follows:
Step 7
hostname(config-pmap-c)# service-policy policy_map_name [global | interface interface_ID]
hostname(config)#
where policy_map_name is the policy map you configured in
to traffic on all the interfaces, use the global option. If you want to apply the policy map to traffic on a
specific interface, use the interface interface_ID option, where interface_ID is the name assigned to the
interface with the nameif command.
The FWSM begins inspecting Sun RPC traffic, as specified.
Example 22-15 Enabling and Configuring TCP-based Sun RPC Inspection
The following example enables Sun RPC application inspection on traffic sent to TCP port 111 from the
outside interface:
hostname(config)# class-map sunrpc_port
hostname(config-cmap)# match port tcp eq 111
hostname(config-cmap)# policy-map sample_policy
hostname(config-pmap)# class sunrpc_port
hostname(config-pmap-c)# inspect sunrpc
hostname(config-pmap-c)# service-policy sample_policy interface outside
hostname(config)#
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
To identify two or more non-contiguous ports, enter the access-list extended command and
define an ACE to match each port. Then, rather than the match port command, use the match
access-list command to associate the access list with the Sun RPC traffic class.
Step
2, that identifies the Sun RPC traffic. Use the class command to
Step
Sun RPC Inspection
Step
2. The CLI enters the policy
4. If you want to apply the policy map
22-101
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
