EasyManuals Logo

Cisco 5510 - ASA SSL / IPsec VPN Edition Configuration Guide

Cisco 5510 - ASA SSL / IPsec VPN Edition
1822 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #783 background imageLoading...
Page #783 background image
36-5
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 36 Getting Started With Application Layer Protocol Inspection
Configuring Application Layer Protocol Inspection
Configuring Application Layer Protocol Inspection
This feature uses Security Policy Rules to create a service policy. Service policies provide a consistent
and flexible way to configure adaptive security appliance features. For example, you can use a service
policy to create a timeout configuration that is specific to a particular TCP application, as opposed to
one that applies to all TCP applications. See Chapter 29, “Configuring a Service Policy, for more
information.
Inspection is enabled by default for some applications. See the “Default Settings” section for more
information. Use this section to modify your inspection policy.
Detailed Steps
Step 1 Choose Configuration > Firewall > Service Policy Rules.
Step 2 Add or edit a service policy rule according to the Adding a Service Policy Rule for Through Traffic”
section on page 29-8.
RTSP TCP/554 No PAT.
No outside NAT.
RFC 2326, 2327,
1889
No handling for HTTP cloaking.
SIP TCP/5060
UDP/5060
No outside NAT.
No NAT on same security
interfaces.
RFC 2543
SKINNY
(SCCP)
TCP/2000 No outside NAT.
No NAT on same security
interfaces.
Does not handle TFTP uploaded Cisco
IP Phone configurations under certain
circumstances.
SMTP and
ESMTP
TCP/25 RFC 821, 1123
SNMP UDP/161,
162
No NAT or PAT. RFC 1155, 1157,
1212, 1213, 1215
v.2 RFC 1902-1908; v.3 RFC
2570-2580.
SQL*Net TCP/1521 v.1 and v.2.
Sun RPC over
UDP and TCP
UDP/111 No NAT or PAT. The default rule includes UDP port 111;
if you want to enable Sun RPC
inspection for TCP port 111, you need
to create a new rule that matches TCP
port 111 and performs Sun RPC
inspection.
TFTP UDP/69 RFC 1350 Payload IP addresses are not translated.
WAAS
XDCMP UDP/177 No NAT or PAT.
1. Inspection engines that are enabled by default for the default port are in bold.
2. The adaptive security appliance is in compliance with these standards, but it does not enforce compliance on packets being inspected. For example, FTP
commands are supposed to be in a particular order, but the adaptive security appliance does not enforce the order.
Table 36-1 Supported Application Inspection Engines (continued)
Application
1
Default Port NAT Limitations Standards
2
Comments

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals