1-6
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Inspection of Basic Internet Protocols
DNS Inspection
Step 6
match [not] domain-name regex {regex_id |
class class_id]
For direct match only:
{drop [log] | drop-connection [log]|
enforce-tsig {[drop] [log]} | log}
Example:
hostname(config-pmap)# match domain-name
regex regex1
hostname(config-pmap-c)# drop-connection
Matches a DNS message domain name list. The regex_name
argument is a regular expression. The class regex_class_name is
a regular expression class map. See the “Prerequisites” section on
page 1-3.
To specify traffic that should not match, use the match not
command.
If you are matching directly in the inspection policy map, specify
the action for the match:
• drop [log]—Drops the packet. log also logs the packet.
• drop-connection [log]—Drops the packet and closes the
connection. log also logs the packet.
• enforce-tsig {[drop] [log]}—Enforces the TSIG resource
record in a message. drop drops a packet without the TSIG
resource record. log also logs the packet.
• log—Logs the packet.
Command Purpose
To Next Page
Loading...
