Ip options inspection – Cisco ASA 5505 User Manual

Page 900

Advertising
background image

43-24

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 43 Configuring Inspection of Basic Internet Protocols

IP Options Inspection

Where the drop-connection action closes the connection. The reset action closes the connection and
sends a TCP reset to the client. The log action sends a system log message when this policy map matches
traffic.

The following example shows how to define an IM inspection policy map.

hostname(config)# regex loginname1 “ying\@yahoo.com”

hostname(config)# regex loginname2 “Kevin\@yahoo.com”

hostname(config)# regex loginname3 “rahul\@yahoo.com”

hostname(config)# regex loginname4 “darshant\@yahoo.com”

hostname(config)# regex yahoo_version_regex “1\.0”

hostname(config)# regex gif_files “.*\.gif”

hostname(config)# regex exe_files “.*\.exe”

hostname(config)# class-map type regex match-any yahoo_src_login_name_regex

hostname(config-cmap)# match regex loginname1

hostname(config-cmap)# match regex loginname2

hostname(config)# class-map type regex match-any yahoo_dst_login_name_regex

hostname(config-cmap)# match regex loginname3

hostname(config-cmap)# match regex loginname4

hostname(config)# class-map type inspect im match-any yahoo_file_block_list

hostname(config-cmap)# match filename regex gif_files

hostname(config-cmap)# match filename regex exe_files

hostname(config)# class-map type inspect im match-all yahoo_im_policy

hostname(config-cmap)# match login-name regex class yahoo_src_login_name_regex

hostname(config-cmap)# match peer-login-name regex class yahoo_dst_login_name_regex

hostname(config)# class-map type inspect im match-all yahoo_im_policy2

hostname(config-cmap)# match version regex yahoo_version_regex

hostname(config)# class-map im_inspect_class_map

hostname(config-cmap)# match default-inspection-traffic

hostname(config)# policy-map type inspect im im_policy_all

hostname(config-pmap)# class yahoo_file_block_list

hostname(config-pmap-c)# match service file-transfer

hostname(config-pmap)# class yahoo_im_policy

hostname(config-pmap-c)# drop-connection

hostname(config-pmap)# class yahoo_im_policy2

hostname(config-pmap-c)# reset

hostname(config)# policy-map global_policy_name

hostname(config-pmap)# class im_inspect_class_map

hostname(config-pmap-c)# inspect im im_policy_all

IP Options Inspection

This section describes the IP Options inspection engine. This section includes the following topics:

IP Options Inspection Overview, page 43-25

Configuring an IP Options Inspection Policy Map for Additional Inspection Control, page 43-25

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals