Chapter 3
Configuring Application Protocol Inspection
Application Protocol Inspection Configuration Quick
Start Procedures
OL-16202-01
Table
3-2,
Table
3-3, and
to configure application protocol inspection on the ACE:
See
Table 3-2
for a quick overview on configuring Layer 7 FTP request
•
command inspection.
See
Table 3-3
for a quick overview on configuring Layer 7 HTTP deep
•
inspection.
See
Table 3-4
for a quick overview on configuring Layer 3 and Layer 4 DNS,
•
FTP, HTTP, ICMP, and RTSP application protocol inspection.
Table 3-2
Layer 7 FTP Request Command Inspection Quick Start
Task and Command Example
If you are operating in multiple context mode, observe the CLI prompt to
1.
verify that you are operating in the desired context. Change to the correct
context if necessary.
host1/Admin# changeto C1
host1/C1#
For details on creating contexts, see the Cisco 4700 Series Application
Control Engine Appliance Virtualization Configuration Guide.
Enter configuration mode.
2.
host1/Admin# config
Enter configuration commands, one per line. End with CNTL/Z
host1/Admin(config)#
Create a Layer 7 class map that is used for the inspection of FTP request
3.
commands. If you do not specify match-all or match-any, traffic must
match all the match criteria to be classified as part of the traffic class.
The CLI displays the class map FTP command inspection configuration
mode.
host1/Admin(config)# class-map type ftp inspect match-any
FTP_INSPECT_L7CLASS
host1/Admin(config-cmap-ftp-insp)#
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
Application Protocol Inspection Configuration Quick Start Procedures
Table 3-4
provide a quick overview of the steps required
3-21