Cisco 7604 Configuration Manual page 491
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Chapter 22
Applying Application Layer Protocol Inspection
Tip
If you allow RTSP SETUP messages on one port only or on a contiguous range or ports, you can skip
creating the access list and, in
command.
Create a class map or modify an existing class map to identify RTSP traffic. Use the class-map command
Step 3
to do so, as follows.
hostname(config)# class-map class_map_name
hostname(config-cmap)#
where class_map_name is the name of the traffic class. When you enter the class-map command, the
CLI enters class map configuration mode.
Identify traffic sent to the RTSP ports you determined in
Step 4
command, as follows.
hostname(config-cmap)# match access-list acl-name
Create a policy map or modify an existing policy map that you want to use to apply the RTSP inspection
Step 5
engine to RTSP traffic. To do so, use the policy-map command, as follows.
hostname(config-cmap)# policy-map policy_map_name
hostname(config-pmap)#
where policy_map_name is the name of the policy map. The CLI enters the policy map configuration
mode and the prompt changes accordingly.
Specify the class map, created in
Step 6
so, as follows.
hostname(config-pmap)# class class_map_name
hostname(config-pmap-c)#
where class_map_name is the name of the class map you created. The CLI enters the policy map class
configuration mode and the prompt changes accordingly.
Enable RTSP application inspection. To do so, use the inspect rtsp command, as follows.
Step 7
hostname(config-pmap-c)# inspect rtsp
hostname(config-pmap-c)#
Step 8
Use the service-policy command to apply the policy map globally or to a specific interface, as follows:
hostname(config-pmap-c)# service-policy policy_map_name [global | interface interface_ID]
hostname(config)#
where policy_map_name is the policy map you configured in
to traffic on all the interfaces, use the global option. If you want to apply the policy map to traffic on a
specific interface, use the interface interface_ID option, where interface_ID is the name assigned to the
interface with the nameif command.
The FWSM begins inspecting RTSP traffic, as specified.
Example 22-11
and 8554). The service policy is then applied to the outside interface.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Step
4, use the match port command instead of the match access-list
Step
3, that identifies the RTSP traffic. Use the class command to do
shows how to enable the RTSP inspection engine RTSP traffic on the default ports (554
Step
1. To do so, use a match access-list
Step
5. If you want to apply the policy map
RTSP Inspection
22-75
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
