Configuring an ipv6 inspection policy map, Netbios inspection, Netbios inspection overview – Cisco ASA 5505 User Manual

43-28

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 43 Configuring Inspection of Basic Internet Protocols

NetBIOS Inspection

•

Authentication

•

Encapsulating Security Payload

In addition, default IPv6 inspection checks conformance to RFC 2460 for type and order of extension
headers in IPv6 packets:

•

IPv6 header

•

Hop-by-Hop Options header (0)

•

Destination Options header (60)

•

Routing header (43)

•

Fragment header (44)

•

Authentication (51)

•

Encapsulating Security Payload header(50)

•

Destination Options header (60)

•

No Next Header (59)

When a policy map is not configured for IPv6inspection or a configured policy map is not associated
with an interface, the ASA drops packets with any mobility type and a routing-type IPv6 extension
header that arrive at the interface.

When an IPv6 inspection policy map is created, the ASA automatically generates a configuration to drop
packets that match header routing-type in the range 0-255.

Configuring an IPv6 Inspection Policy Map

You can configure a policy map for IPv6 inspection to handle IPv6 extension headers. The IPv6 policy
map is applied to each classified IPv6 packet on the specified direction. Currently, only incoming IPv6
traffic is inspected.

NetBIOS Inspection

This section describes the IM inspection engine. This section includes the following topics:

•

NetBIOS Inspection Overview, page 43-28

•

Configuring a NetBIOS Inspection Policy Map for Additional Inspection Control, page 43-29

NetBIOS Inspection Overview

NetBIOS inspection is enabled by default. The NetBios inspection engine translates IP addresses in the
NetBios name service (NBNS) packets according to the ASA NAT configuration.