Applying inspection to http traffic with nat, Feature history for service policies – Cisco ASA 5505 User Manual
Page 659
32-21
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 32 Configuring a Service Policy Using the Modular Policy Framework
Feature History for Service Policies
hostname(config)# service-policy policy_serverB interface inside
hostname(config)# service-policy policy_serverA interface outside
Applying Inspection to HTTP Traffic with NAT
In this example, the Host on the inside network has two addresses: one is the real IP address 192.168.1.1,
and the other is a mapped IP address used on the outside network, 209.165.200.225. Because the policy
is applied to the inside interface, where the real address is used, then you must use the real IP address in
the access list in the class map. If you applied it to the outside interface, you would use the mapped
address.
Figure 32-4
HTTP Inspection with NAT
See the following commands for this example:
hostname(config)# static (inside,outside) 209.165.200.225 192.168.1.1
hostname(config)# access-list http_client extended permit tcp host 192.168.1.1 any eq 80
hostname(config)# class-map http_client
hostname(config-cmap)# match access-list http_client
hostname(config)# policy-map http_client
hostname(config-pmap)# class http_client
hostname(config-pmap-c)# inspect http
hostname(config)# service-policy http_client interface inside
Feature History for Service Policies
lists the release history for this feature.
inside
outside
Host
Real IP: 192.168.1.1
Mapped IP: 209.165.200.225
Server
209.165.201.1
port 80
insp.
Security
appliance
143416
Table 32-3
Feature History for Service Policies
Feature Name
Releases
Feature Information
Modular Policy Framework
7.0(1)
Modular Policy Framework was introduced.
Management class map for use with RADIUS
accounting traffic
7.2(1)
The management class map was introduced for use with
RADIUS accounting traffic. The following commands were
introduced: class-map type management, and inspect
radius-accounting.