Where to go next – Cisco ASA 5505 User Manual

33-7

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 33 Configuring Special Actions for Application Inspections (Inspection Policy Map)

Where to Go Next

Examples

The following example creates an HTTP class map that must match all criteria:

hostname(config-cmap)# class-map type inspect http match-all http-traffic

hostname(config-cmap)# match req-resp content-type mismatch

hostname(config-cmap)# match request body length gt 1000

hostname(config-cmap)# match not request uri regex class URLs

The following example creates an HTTP class map that can match any of the criteria:

hostname(config-cmap)# class-map type inspect http match-any monitor-http

hostname(config-cmap)# match request method get

hostname(config-cmap)# match request method put

hostname(config-cmap)# match request method post

Where to Go Next

To use an inspection policy, see

Chapter 32, “Configuring a Service Policy Using the Modular Policy

Framework.”

Step 3

(Optional)

description

string

Example:

hostname(config-cmap)# description All UDP

traffic

Adds a description to the class map.

Step 4

Define the traffic to include in the class by
entering one or more match commands available
for your application.

To specify traffic that should not match the class map, use the
match not command. For example, if the match not command
specifies the string “example.com,” then any traffic that includes
“example.com” does not match the class map.

To see the match commands available for each application, see
the appropriate inspection chapter.

Command

Purpose