Default Configuration - Cisco ASA Series Cli Configuration Manual
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Default Settings
Default Settings
The following topics describe the default settings for Modular Policy Framework:
•
•
Default Configuration
By default, the configuration includes a policy that matches all default application inspection traffic and
applies certain inspections to the traffic on all interfaces (a global policy). Not all inspections are enabled
by default. You can only apply one global policy, so if you want to alter the global policy, you need to
either edit the default policy or disable it and apply a new one. (An interface policy overrides the global
policy for a particular feature.)
The default policy includes the following application inspections:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
The default policy configuration includes the following commands:
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225 _default_h323_map
inspect h323 ras _default_h323_map
Cisco ASA Series CLI Configuration Guide
1-8
Default Configuration, page 1-8
Default Class Maps, page 1-9
DNS inspection for the maximum message length of 512 bytes
FTP
H323 (H225)
H323 (RAS)
RSH
RTSP
ESMTP
SQLnet
Skinny (SCCP)
SunRPC
XDMCP
SIP
NetBios
TFTP
IP Options
message-length maximum client auto
message-length maximum 512
dns-guard
protocol-enforcement
nat-rewrite
Chapter 1
Configuring a Service Policy Using the Modular Policy Framework
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
