Cisco 7604 Configuration Manual page 424
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Configuring Application Inspection
ESMTP—See the
•
Control" section on page
•
FTP—See the
GTP—See the
•
H.323—See the
•
HTTP—See the
•
section on page
MGCP—See the
•
SIP—See the
•
on page
•
SNMP—See the
To add or edit a Layer 3/4 policy map that sets the actions to take with the class map traffic, enter the
Step 3
following command:
hostname(config)# policy-map name
hostname(config-pmap)#
The default policy map is called "global_policy." This policy map includes the default inspections listed
in the
example, to add or delete an inspection, or to identify an additional class map for your actions), then
enter global_policy as the name.
Step 4
To identify the class map from
command:
hostname(config-pmap)# class class_map_name
hostname(config-pmap-c)#
If you are editing the default policy map, it includes the inspection_default class map. You can edit the
actions for this class by entering inspection_default as the name. To add an additional class map to this
policy map, identify a different name. You can combine multiple class maps in the same policy if desired,
so you can create one class map to match certain traffic, and another to match different traffic. However,
if traffic matches a class map that contains an inspection command, and then matches another class map
that also has an inspection command, only the first matching class is used. For example, SNMP matches
the inspection_default class map.To enable SNMP inspection, enable SNMP inspection for the default
class in
Enable application inspection by entering the following command:
Step 5
hostname(config-pmap-c)# inspect protocol
Table 22-2
Table 22-2
Keywords
ctiqbe
dcerpc [policy_map_name]
dns [map_name]
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
22-8
"Configuring an ESMTP Inspection Policy Map for Additional Inspection
22-26.
"The request-command deny Command" section on page
"GTP Maps and Commands" section on page
"H.225 Map Commands" section on page
"Configuring an HTTP Inspection Policy Map for Additional Inspection Control"
22-60.
"Configuring and Enabling MGCP Inspection" section on page
"Configuring a SIP Inspection Policy Map for Additional Inspection Control" section
22-78.
"Enabling and Configuring SNMP Application Inspection" section on page
"Default Inspection Policy" section on page
Step 1
Step
5. Do not add another class that matches SNMP.
lists the protocol values.
Protocol Keywords
Chapter 22
Applying Application Layer Protocol Inspection
22-50.
22-4. If you want to modify the default policy (for
to which you want to assign an action, enter the following
Notes
—
If you added a DCERPC inspection policy map according to
"Configuring a DCERPC Inspection Policy Map for
Additional Inspection Control" section on page
identify the map name in this command.
—
22-31.
22-36.
22-67.
22-17,
22-98.
OL-20748-01
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
