Diverting traffic to the csc ssm – Cisco ASA 5505 User Manual

Page 1278

Advertising
background image

60-10

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 60 Configuring the ASA CSC Module

Configuring the CSC SSM

What to Do Next

See the

“Diverting Traffic to the CSC SSM” section on page 60-10

.

Diverting Traffic to the CSC SSM

You use Modular Policy Framework commands to configure the ASA to divert traffic to the CSC SSM.

Prerequisites

Before configuring the ASA to divert traffic to the CSC SSM, see

Chapter 32, “Configuring a Service

Policy Using the Modular Policy Framework,”

which introduces Modular Policy Framework concepts

and common commands.

To configure the ASA to divert traffic to the CSC SSM, perform the following steps:

Detailed Steps

Command

Purpose

Step 1

access-list extended

Example:

hostname(config)# access-list extended

Creates an access list that matches the traffic you
want scanned by the CSC SSM. Create as many
ACEs as are needed to match all the traffic. For
example, to specify FTP, HTTP/HTTPS, POP3, and
SMTP traffic, you need four ACEs. For guidance on
identifying the traffic that you want to scan, see the

“Determining What Traffic to Scan” section on
page 60-3

.

Step 2

class-map

class_map_name

Example:

hostname(config)# class-map class_map_name

Creates a class map to identify the traffic that should
be diverted to the CSC SSM. The class_map_name
argument is the name of the traffic class. When you
enter the class-map command, the CLI enters class
map configuration mode.

Step 3

match access-list

acl-name

Example:

hostname(config-cmap)# match access-list acl-name

Identifies the traffic to be scanned with the access list
that you created in Step 1. The acl-name argument is
the name of the access list.

Step 4

policy-map

policy_map_name

Example:

hostname(config-cmap)# policy-map policy_map_name

Creates a policy map or modify an existing policy
map that you want to use to send traffic to the CSC
SSM. The policy_map_name argument is the name
of the policy map. When you enter the policy-map
command, the CLI enters policy map configuration
mode.

Step 5

class

class_map_name

Example:

hostname(config-pmap)# class class_map_name

Specifies the class map, created in Step 2, that
identifies the traffic to be scanned. The
class_map_name argument is the name of the class
map that you created in Step 2. The CLI enters the
policy map class configuration mode.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals