Identifying traffic in an inspection class map, Identifying traffic in – Cisco ASA 5505 User Manual
Page 666
 
33-6
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 33 Configuring Special Actions for Application Inspections (Inspection Policy Map)
Identifying Traffic in an Inspection Class Map
Identifying Traffic in an Inspection Class Map
This type of class map allows you to match criteria that is specific to an application. For example, for 
DNS traffic, you can match the domain name in a DNS query.
A class map groups multiple traffic matches (in a match-all class map), or lets you match any of a list of 
matches (in a match-any class map). The difference between creating a class map and defining the traffic 
match directly in the inspection policy map is that the class map lets you group multiple match 
commands, and you can reuse class maps. For the traffic that you identify in this class map, you can 
specify actions such as dropping, resetting, and/or logging the connection in the inspection policy map. 
If you want to perform different actions on different types of traffic, you should identify the traffic 
directly in the policy map.
Restrictions
Not all applications support inspection class maps. See the CLI help for class-map type inspect for a 
list of supported applications.
Detailed Steps
Command
Purpose
Step 1
(Optional)
Create a regular expression.
See the
“Creating a Regular Expression” section on page 13-12
and the
“Creating a Regular Expression Class Map” section on
.
Step 2
class-map type
inspect application
[match-all | match-any] class_map_name
Example:
hostname(config)# class-map type inspect
http http_traffic
hostname(config-cmap)#
Creates an inspection class map, where the application is the 
application you want to inspect. For supported applications, see 
the CLI help for a list of supported applications or see 
“Getting Started with Application Layer Protocol Inspection.”
The class_map_name argument is the name of the class map up to 
40 characters in length.
The match-all keyword is the default, and specifies that traffic 
must match all criteria to match the class map.
The match-any keyword specifies that the traffic matches the 
class map if it matches at least one of the criteria.
The CLI enters class-map configuration mode, where you can 
enter one or more match commands.