Step 5, Do not add – Cisco ASA 5505 User Manual
Page 872
42-8
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 42 Getting Started with Application Layer Protocol Inspection
Configuring Application Layer Protocol Inspection
•
Instant Messaging—See the
“Configuring an Instant Messaging Inspection Policy Map for
Additional Inspection Control” section on page 43-21
•
IP Options—See the
“Configuring an IP Options Inspection Policy Map for Additional Inspection
Control” section on page 43-25
•
MGCP—See the
“Configuring an MGCP Inspection Policy Map for Additional Inspection Control”
•
NetBIOS—See the
“Configuring a NetBIOS Inspection Policy Map for Additional Inspection
Control” section on page 43-29
•
RADIUS Accounting—See the
“Configuring a RADIUS Inspection Policy Map for Additional
Inspection Control” section on page 46-10
•
RTSP—See the
“Configuring an RTSP Inspection Policy Map for Additional Inspection Control”
•
SIP—See the
“Configuring a SIP Inspection Policy Map for Additional Inspection Control” section
•
Skinny—See the
“Configuring a Skinny (SCCP) Inspection Policy Map for Additional Inspection
Control” section on page 44-26
•
SNMP—See the
“Configuring an SNMP Inspection Policy Map for Additional Inspection Control”
Step 3
To add or edit a Layer 3/4 policy map that sets the actions to take with the class map traffic, enter the
following command:
hostname(config)# policy-map name
hostname(config-pmap)#
The default policy map is called “global_policy.” This policy map includes the default inspections listed
in the
“Default Settings” section on page 42-4
. If you want to modify the default policy (for example, to
add or delete an inspection, or to identify an additional class map for your actions), then enter
global_policy as the name.
Step 4
To identify the class map from
to which you want to assign an action, enter the following
command:
hostname(config-pmap)# class class_map_name
hostname(config-pmap-c)#
If you are editing the default policy map, it includes the inspection_default class map. You can edit the
actions for this class by entering inspection_default as the name. To add an additional class map to this
policy map, identify a different name. You can combine multiple class maps in the same policy if desired,
so you can create one class map to match certain traffic, and another to match different traffic. However,
if traffic matches a class map that contains an inspection command, and then matches another class map
that also has an inspection command, only the first matching class is used. For example, SNMP matches
the inspection_default class map.To enable SNMP inspection, enable SNMP inspection for the default
class in
. Do not add another class that matches SNMP.
Step 5
Enable application inspection by entering the following command:
hostname(config-pmap-c)# inspect protocol
The protocol is one of the following values: