Chapter 25
Configuring Application Layer Protocol Inspection
Configuring a RADIUS Inspection Policy Map for Additional Inspection Control
In order to use this feature, the radius-accounting-map will need to be specified in the policy-map type
management and then applied to the service-policy using the new control-plane keyword to specify that
this traffic is for to-the-box inspection.
The following example shows the complete set of commands in context to properly configure this
feature:
Configure the class map and the port:
Step 1
class-map type management c1
match port udp eq 1888
Create the policy map, and configure the parameters for RADIUS accounting inspection using the
Step 2
parameter command to access the proper mode to configure the attributes, host, and key.
policy-map type inspect radius-accounting radius_accounting_map
parameters
Step 3
Configure the service policy and control-plane keywords.
policy-map type management global_policy
class c1
service-policy global_policy control-plane abc global
RSH Inspection
RSH inspection is enabled by default. The RSH protocol uses a TCP connection from the RSH client to
the RSH server on TCP port 514. The client and server negotiate the TCP port number where the client
listens for the STDERR output stream. RSH inspection supports NAT of the negotiated port number if
necessary.
RTSP Inspection
This section describes RTSP application inspection. This section includes the following topics:
•
•
•
RTSP Inspection Overview
The RTSP inspection engine lets the security appliance pass RTSP packets. RTSP is used by RealAudio,
RealNetworks, Apple QuickTime 4, RealPlayer, and Cisco IP/TV connections.
OL-12172-03
host 10.1.1.1 inside key 123456789
send response
enable gprs
validate-attribute 22
inspect radius-accounting radius_accounting_map
RTSP Inspection Overview, page 25-61
Using RealPlayer, page 25-62
Restrictions and Limitations, page 25-62
Cisco Security Appliance Command Line Configuration Guide
RSH Inspection
25-61