Cisco PIX 500 Series Configuration Manual page 515
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 25
Configuring Application Layer Protocol Inspection
Specify the IM class map that you created in
•
hostname(config-pmap)# class class_map_name
hostname(config-pmap-c)#
•
Specify traffic directly in the policy map using one of the match commands described in
you use a match not command, then any traffic that does not match the criterion in the match not
command has the action applied.
You can specify multiple class or match commands in the policy map. For information about the order
of class and match commands, see the
page
21-11.
Specify the action you want to perform on the matching traffic by entering the following command:
Step 7
hostname(config-pmap-c)# {drop-connection | reset | log}
Where the drop-connection action closes the connection. The reset action closes the connection and
sends a TCP reset to the client. The log action sends a system log message when this policy map matches
traffic.
The following example shows how to define an IM inspection policy map.
hostname(config)# regex loginname1 "ying\@yahoo.com"
hostname(config)# regex loginname2 "Kevin\@yahoo.com"
hostname(config)# regex loginname3 "rahul\@yahoo.com"
hostname(config)# regex loginname3 "darshant\@yahoo.com"
hostname(config)# regex yhoo_version_regex "1\.0"
hostname(config)# class-map type regex match-any yahoo_src_login_name_regex
hostname(config-cmap)# match regex loginname1
hostname(config-cmap)# match regex loginname2
hostname(config)# class-map type regex match-any yahoo_dst_login_name_regex
hostname(config-cmap)# match regex loginname3
hostname(config-cmap)# match regex loginname4
hostname(config)# class-map type regex match-any yhoo_file_block_list
hostname(config-cmap)# match regex ".*\.gif"
hostname(config-cmap)# match regex ".*\.exe"
hostname(config)# class-map type regex match-any new_im_regexp
hostname(config-cmap)# match regexp "new_im_regexp"
hostname(config)# class-map type inspect im match-all yahoo_im_policy
hostname(config-cmap)# match login-name regex class yhoo_src_login_name_regex
hostname(config-cmap)# match peer-login-name regex class yhoo_dst_login_name_regex
hostname(config)# class-map type inspect im yahoo_im_policy2
hostname(config-cmap)# match version regex yahoo_version_regex
hostname(config)# class-map im_inspect_class_map
hostname(config-cmap)# match default-inspection-traffic
hostname(config)# policy-map type im im_policy_all
hostname(config-pmap)# class yahoo_in_file_xfer_policy
hostname(config-pmap-c)# drop-connection
hostname(config-pmap)# class yhoo_im_policy
hostname(config-pmap-c)# drop-connection
hostname(config-pmap)# class yhoo_im_policy2
hostname(config-pmap-c)# reset
hostname(config-pmap)# match im-pattern regex class new_im_regexp
OL-12172-03
Step 3
by entering the following command:
"Defining Actions in an Inspection Policy Map" section on
Cisco Security Appliance Command Line Configuration Guide
Instant Messaging Inspection
Step
3. If
25-51
Advertisement
Table of Contents
Troubleshooting
