Cisco ASA 5505 User Manual

Page 642

Advertising
background image

32-4

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 32 Configuring a Service Policy Using the Modular Policy Framework

Information About Service Policies

For example, if a packet matches a class map for connection limits, and also matches a class map for an
application inspection, then both actions are applied.

If a packet matches a class map for HTTP inspection, but also matches another class map that includes
HTTP inspection, then the second class map actions are not applied.

If a packet matches a class map for HTTP inspection, but also matches another class map that includes
FTP inspection, then the second class map actions are not applied because HTTP and FTP inspections
cannpt be combined.

If a packet matches a class map for HTTP inspection, but also matches another class map that includes
IPv6 inspection, then both actions are applied because the IPv6 inspection can be combined with any
other type of inspection.

Order in Which Multiple Feature Actions are Applied

The order in which different types of actions in a policy map are performed is independent of the order
in which the actions appear in the policy map.

Note

NetFlow Secure Event Logging filtering is order-independent.

Actions are performed in the following order:

1.

QoS input policing

2.

TCP normalization, TCP and UDP connection limits and timeouts, TCP sequence number
randomization, and TCP state bypass.

Note

When a the ASA performs a proxy service (such as AAA or CSC) or it modifies the TCP payload
(such as FTP inspection), the TCP normalizer acts in dual mode, where it is applied before and
after the proxy or payload modifying service.

3.

ASA CSC

4.

Application inspections that can be combined with other inspections:

a.

IPv6

b.

IP options

c.

WAAS

5.

Application inspections that cannot be combined with other inspections. The remaining application
inspections cannot be combined with other inspections. See the

“Incompatibility of Certain Feature

Actions” section on page 32-5

for more information.

6.

ASA IPS

7.

ASA CX

8.

QoS output policing

9.

QoS standard priority queue

10.

QoS traffic shaping, hierarchical priority queue

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals