Cisco ASA 5505 User Manual
Page 664
33-4
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 33 Configuring Special Actions for Application Inspections (Inspection Policy Map)
Defining Actions in an Inspection Policy Map
Detailed Steps
Command Purpose
Step 1
(Optional)
Create an inspection class map.
See the
“Identifying Traffic in an Inspection Class Map” section
. Alternatively, you can identify the traffic directly
within the policy map.
Step 2
policy-map type inspect
application
policy_map_name
Example:
hostname(config)# policy-map type inspect
http http_policy
Creates the inspection policy map. See the
Application Layer Protocol Inspection” section on page 42-6
for
a list of applications that support inspection policy maps.
The policy_map_name argument is the name of the policy map up
to 40 characters in length. All types of policy maps use the same
name space, so you cannot reuse a name already used by another
type of policy map. The CLI enters policy-map configuration
mode.
Step 3
Specify the traffic on which you want to perform actions using one of the following methods:
class
class_map_name
Example:
hostname(config-pmap)# class http_traffic
hostname(config-pmap-c)#
Specifies the inspection class map that you created in the
“Identifying Traffic in an Inspection Class Map” section on
page 33-6
Not all applications support inspection class maps.
Specify traffic directly in the policy map using
one of the match commands described for each
application in the inspection chapter.
Example:
hostname(config-pmap)# match req-resp
content-type mismatch
hostname(config-pmap-c)#
If you use a match not command, then any traffic that matches
the criterion in the match not command does not have the action
applied.