Cisco ASA 5505 Configuration Manual page 605
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Chapter 29
Configuring a Service Policy
5.
6.
7.
8.
Incompatibility of Certain Feature Actions
Some features are not compatible with each other for the same traffic. For example, you cannot configure
QoS priority queueing and QoS policing for the same set of traffic. Also, most inspections should not be
combined with another inspection, so the adaptive security appliance only applies one inspection if you
configure multiple inspections for the same traffic. In this case, the feature that is applied is the higher
priority feature in the list in the
page
For information about compatibility of each feature, see the chapter or section for your feature.
Note
The Default Inspection Traffic traffic class, which is used in the default global policy, is a special CLI
shortcut to match the default ports for all inspections. When used in a policy map, this class map ensures
that the correct inspection is applied to each packet, based on the destination port of the traffic. For
example, when UDP traffic for port 69 reaches the adaptive security appliance, then the adaptive security
appliance applies the TFTP inspection; when TCP traffic for port 21 arrives, then the adaptive security
appliance applies the FTP inspection. So in this case only, you can configure multiple inspections for the
same class map. Normally, the adaptive security appliance does not use the port number to determine
which inspection to apply, thus giving you the flexibility to apply inspections to non-standard ports, for
example.
Feature Matching for Multiple Service Policies
For TCP and UDP traffic (and ICMP when you enable stateful ICMP inspection), service policies
operate on traffic flows, and not just individual packets. If traffic is part of an existing connection that
matches a feature in a policy on one interface, that traffic flow cannot also match the same feature in a
policy on another interface; only the first policy is used.
OL-20339-01
SNMP
s.
SQL*Net
t.
TFTP
u.
XDMCP
v.
DCERPC
w.
Instant Messaging
x.
RADIUS accounting is not listed because it is the only inspection allowed on management
Note
traffic. WAAS is not listed because it can be configured along with other inspections for the
same traffic.
IPS
QoS output policing
QoS standard priority queue
QoS traffic shaping, hierarchical priority queue
29-4.
"Order in Which Multiple Feature Actions are Applied" section on
Cisco ASA 5500 Series Configuration Guide using ASDM
Information About Service Policies
29-5
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
