EasyManuals Logo

Cisco ASA 5506-X Configuration Guide

Cisco ASA 5506-X
428 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #302 background imageLoading...
Page #302 background image
13-28
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 13 Inspection of Basic Internet Protocols
IP Options Inspection
Configure an IP Options Inspection Policy Map
If you want to perform non-default IP options inspection, create an IP options inspection policy map to
specify how you want to handle each supported option type.
Procedure
Step 1 Create an IP options inspection policy map:
hostname(config)# policy-map type inspect ip-options policy_map_name
hostname(config-pmap)#
Where the policy_map_name is the name of the policy map. The CLI enters policy-map configuration
mode.
Step 2 (Optional) To add a description to the policy map, enter the following command:
hostname(config-pmap)# description string
Step 3 To configure parameters that affect the inspection engine, perform the following steps:
a. To enter parameters configuration mode, enter the following command:
hostname(config-pmap)# parameters
hostname(config-pmap-p)#
b. Set one or more parameters. You can set the following options; use the no form of the command to
disable the option. In all cases, the allow action allows packets that contain the option without
modification; the clear action allows the packets but removes the option from the header. Any packet
that contains an option that you do not include in the map is dropped. For a description of the
options, see Supported IP Options for Inspection, page 13-27.
eool action {allow | clear}—Allows or clears the End of Options List option.
nop action {allow | clear}—Allows or clears the No Operation option.
router-alert action {allow | clear}—Allows or clears the Router Alert (RTRALT) option.
Configure the IP Options Inspection Service Policy
The default ASA configuration includes IP options inspection applied globally on all interfaces. A
common method for customizing the inspection configuration is to customize the default global policy.
You can alternatively create a new service policy as desired, for example, an interface-specific policy.
Procedure
Step 1 If necessary, create an L3/L4 class map to identify the traffic for which you want to apply the inspection.
class-map name
match parameter
Example:
hostname(config)# class-map ip_options_class_map
hostname(config-cmap)# match access-list ipoptions

Table of Contents

Other manuals for Cisco ASA 5506-X

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA 5506-X and is the answer not in the manual?

Cisco ASA 5506-X Specifications

General IconGeneral
ModelASA 5506-X
Firewall Throughput750 Mbps
Maximum Firewall Connections50, 000
Maximum VPN Peers50
Integrated Ports8 x 1 GE
Stateful Inspection Throughput750 Mbps
Weight4.4 lb (2 kg)
Firewall Throughput (Multiprotocol)750 Mbps
Firewall Throughput (Application Visibility and Control AVC)250 Mbps
Concurrent Sessions50, 000
New Connections per Second10, 000
IPsec VPN Throughput100 Mbps
Interfaces8 x 1 GE
Memory4 GB
Flash Memory8 GB
Form FactorDesktop
VPN Throughput100 Mbps
Maximum Concurrent Sessions50, 000
New Sessions per Second10, 000
Operating Temperature32 to 104°F (0 to 40°C)
Storage Temperature-13 to 158°F (-25 to 70°C)
Power SupplyExternal
Humidity10% to 90% non-condensing

Related product manuals