Chapter 37
Configuring Inspection of Basic Internet Protocols
•
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
Add/Edit DNS Policy Map (Details)
The Add/Edit DNS Policy Map pane lets you configure the security level and additional settings for DNS
application inspection maps
Fields
•
•
•
OL-20339-01
Medium
–
DNS Guard: enabled
NAT rewrite: enabled
Protocol enforcement: enabled
ID randomization: enabled
Message length check: enabled
Message length maximum: 512
Mismatch rate logging: enabled
TSIG resource record: not enforced
High
–
DNS Guard: enabled
NAT rewrite: enabled
Protocol enforcement: enabled
ID randomization: enabled
Message length check: enabled
Message length maximum: 512
Mismatch rate logging: enabled
TSIG resource record: enforced
Default Level—Sets the security level back to the default level of Low.
–
Details—Shows the Protocol Conformance, Filtering, Mismatch Rate, and Inspection tabs to
configure additional settings.
Security Context
Transparent Single
•
•
Name—When adding a DNS map, enter the name of the DNS map. When editing a DNS map, the
name of the previously configured DNS map is shown.
Description—Enter the description of the DNS map, up to 200 characters in length.
Security Level—Shows the security level to configure.
Multiple
Context
System
—
•
Cisco ASA 5500 Series Configuration Guide using ASDM
DNS Inspection
37-11