Configuring A Dns Parameter Map - Cisco 4700M Configuration Manual

Configuring a DNS Parameter Map

Configuring a DNS Parameter Map
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
3-106
sec-param conn_parammap_name5—(Optional) Specifies the name of
–
a previously created connection parameter map used to define parameters
for SCCP inspection.
For example, to specify the inspect http command as an action for an HTTP
application protocol inspection policy map, enter:
host1/Admin(config)# policy-map multi-match HTTP_INSPECT_L4POLICY
host1/Admin(config-pmap)# class HTTP_INSPECT_L4CLASS
host1/Admin(config-pmap-c)# inspect http policy
HTTP_DEEPINSPECT_L7POLICY
For example, to specify the inspect dns command as an action for a DNS
application protocol inspection policy map, enter:
host1/Admin(config)# policy-map multi-match DNS_INSPECT_L4POLICY
host1/Admin(config-pmap)# class DNS_INSPECT_L4CLASS
host1/Admin(config-pmap-c)# inspect dns 1000
For example, to specify the inspect ftp command as an action for an FTP
command inspection policy map, enter:
host1/Admin(config)# policy-map multi-match FTP_INSPECT_L4POLICY
host1/Admin(config-pmap)# class FTP_INSPECT_L7CLASS
host1/Admin(config-pmap-c)# inspect ftp strict policy
FTP_INSPECT_L7POLICY
host1/Admin(config-pmap-c)# exit
host1/Admin(config)#
To disable an application protocol inspection action from a policy map, enter:
host1/Admin(config-pmap-c)# no inspect dns 1000
You can use a parameter map to apply actions to a Layer 3 and Layer 4 DNS
inspection policy map. You reference this parameter map in the appl-parameter
command in policy map class configuration mode. See the
Parameter Map with a Layer 3 and Layer 4 Policy Map"
You can configure DNS actions for DNS packet inspection by using the
parameter-map type dns command in configuration mode. The syntax of this
command is as follows:
parameter-map type dns name
Chapter 3 Configuring Application Protocol Inspection
"Associating a DNS
section.
OL-16202-01