Cisco ASA 5505 Configuration Manual page 606

Asa 5500 series

Hide thumbs Also See for ASA 5505:

Getting started manual (168 pages)

Administrator's manual (118 pages)

Hardware installation manual (82 pages)

Table of Contents

Licensing Requirements for Service Policies

For example, if HTTP traffic matches a policy on the inside interface to inspect HTTP traffic, and you

have a separate policy on the outside interface for HTTP inspection, then that traffic is not also inspected

on the egress of the outside interface. Similarly, the return traffic for that connection will not be

inspected by the ingress policy of the outside interface, nor by the egress policy of the inside interface.

For traffic that is not treated as a flow, for example ICMP when you do not enable stateful ICMP

inspection, returning traffic can match a different policy map on the returning interface. For example, if

you configure IPS on the inside and outside interfaces, but the inside policy uses virtual sensor 1 while

the outside policy uses virtual sensor 2, then a non-stateful Ping will match virtual sensor 1 outbound,

but will match virtual sensor 2 inbound.

Licensing Requirements for Service Policies

License Requirement

Base License.

Guidelines and Limitations

This section includes the guidelines and limitations for this feature.

Context Mode Guidelines

Supported in single and multiple context mode.

Firewall Mode Guidelines

Supported in routed and transparent firewall mode.

IPv6 Guidelines

Supports IPv6 for the following features:

Traffic Class Guidelines

The maximum number of traffic classes of all types is 255 in single mode or per context in multiple

mode. Class maps include the following types:

Cisco ASA 5500 Series Configuration Guide using ASDM

Application inspection for FTP, HTTP, ICMP, SIP, SMTP and IPSec-pass-thru

NetFlow Secure Event Logging filtering

TCP and UDP connection limits and timeouts, TCP sequence number randomization

TCP normalization

TCP state bypass

Layer 3/4 class maps (for through traffic and management traffic)

Inspection class maps

Regular expression class maps

match commands used directly underneath an inspection policy map

Configuring a Service Policy

Show Quick Links

Chapters

Table of Contents

Asa 5510 Asa 5540 Asa 5520 Asa 5550 Asa 5580

Cisco ASA 5505 Configuration Manual page 606

Hide quick links:

Chapters

Related Manuals for Cisco ASA 5505

Related Products for Cisco ASA 5505

This manual is also suitable for:

Table of Contents