1-8
Cisco ASA Series CLI Configuration Guide
Chapter 1 Getting Started with Application Layer Protocol Inspection
Configuring Application Layer Protocol Inspection
class-map inspection_default
match default-inspection-traffic
match access-list inspect
!
To inspect FTP traffic on port 21 as well as 1056 (a non-standard port), create an access list that specifies
the ports, and assign it to a new class map:
hostname(config)# access-list ftp_inspect extended permit tcp any any eq 21
hostname(config)# access-list ftp_inspect extended permit tcp any any eq 1056
hostname(config)# class-map new_inspection
hostname(config-cmap)# match access-list ftp_inspect
Step 2 (Optional) Some inspection engines let you control additional parameters when you apply the inspection
to the traffic. See the following sections to configure an inspection policy map for your application:
• DCERPC—See the “Configuring a DCERPC Inspection Policy Map for Additional Inspection
Control” section on page 1-2
• DNS—See the “(Optional) Configuring a DNS Inspection Policy Map and Class Map” section on
page 1-3
• ESMTP—See the “Configuring an ESMTP Inspection Policy Map for Additional Inspection
Control” section on page 1-33
• FTP—See the “Configuring an FTP Inspection Policy Map for Additional Inspection Control”
section on page 1-12.
• GTP—See the “Configuring a GTP Inspection Policy Map for Additional Inspection Control”
section on page 1-4.
• H323—See the “Configuring an H.323 Inspection Policy Map for Additional Inspection Control”
section on page 1-6
• HTTP—See the “Configuring an HTTP Inspection Policy Map for Additional Inspection Control”
section on page 1-16.
• Instant Messaging—See the “Configuring an Instant Messaging Inspection Policy Map for
Additional Inspection Control” section on page 1-21
• IP Options—See the “Configuring an IP Options Inspection Policy Map for Additional Inspection
Control” section on page 1-25
• IPsec Pass Through—See the “IPsec Pass Through Inspection” section on page 11-64
• IPv6—See the “(Optional) Configuring an IPv6 Inspection Policy Map” section on page 11-68
• MGCP—See the “Configuring an MGCP Inspection Policy Map for Additional Inspection Control”
section on page 1-13.
• NetBIOS—See the “Configuring a NetBIOS Inspection Policy Map for Additional Inspection
Control” section on page 1-30
• RADIUS Accounting—See the “Configuring a RADIUS Inspection Policy Map for Additional
Inspection Control” section on page 1-9
• RTSP—See the “Configuring an RTSP Inspection Policy Map for Additional Inspection Control”
section on page 1-16
• ScanSafe (Cloud Web Security)—See the “Configuring a Service Policy to Send Traffic to Cloud
Web Security” section on page 25-11
• SIP—See the “Configuring a SIP Inspection Policy Map for Additional Inspection Control” section
on page 1-20
To Next Page
Loading...
Need help?
General
