Defining Actions Using A Layer 3/4 Policy Map; Layer 3/4 Policy Map Overview - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 21
Using Modular Policy Framework
class ftp1
To configure parameters that affect the inspection engine, enter the following command:
Step 3
hostname(config-pmap)# parameters
hostname(config-pmap-p)#
The CLI enters parameters configuration mode. For the parameters available for each application, see
Chapter 25, "Configuring Application Layer Protocol Inspection."
The following is an example of an HTTP inspection policy map and the related class maps. This policy
map is activated by the Layer 3/4 policy map, which is enabled by the service policy.
hostname(config)# regex url_example example.com
hostname(config)# regex url_example2 example2.com
hostname(config)# class-map type regex match-any URLs
hostname(config-cmap)# match regex url_example
hostname(config-cmap)# match regex url_example2
hostname(config-cmap)# class-map type inspect http match-all http-traffic
hostname(config-cmap)# match req-resp content-type mismatch
hostname(config-cmap)# match request body length gt 1000
hostname(config-cmap)# match not request uri regex class URLs
hostname(config-cmap)# policy-map type inspect http http-map1
hostname(config-pmap)# class http-traffic
hostname(config-pmap-c)# drop-connection log
hostname(config-pmap-c)# match req-resp content-type mismatch
hostname(config-pmap-c)# reset log
hostname(config-pmap-c)# parameters
hostname(config-pmap-p)# protocol-violation action log
hostname(config-pmap-p)# policy-map test
hostname(config-pmap)# class test
hostname(config-pmap-c)# inspect http http-map1
hostname(config-pmap-c)# service-policy test interface outside
Defining Actions Using a Layer 3/4 Policy Map
This section describes how to associate actions with Layer 3/4 class maps by creating a Layer 3/4 policy
map. This section includes the following topics:
•
•
•
Layer 3/4 Policy Map Overview
This section describes how Layer 3/4 policy maps work, and includes the following topics:
•
OL-12172-03
log
log
Layer 3/4 Policy Map Overview, page 21-13
Default Layer 3/4 Policy Map, page 21-16
Adding a Layer 3/4 Policy Map, page 21-16
Policy Map Guidelines, page 21-14
Defining Actions Using a Layer 3/4 Policy Map
(a Layer 3/4 class map not shown)
Cisco Security Appliance Command Line Configuration Guide
21-13
Advertisement
Table of Contents
Troubleshooting
