Chapter 4 Configuring Class Maps and Policy Maps
Configuring a Layer 7 Policy Map
4-50
Cisco 4700 Series Application Control Engine Appliance Administration Guide
OL-11157-01
•
parameter-map type udp
—Combines all UDP connection related
configuration parameters. See the
Cisco 4700 Series Application Control
Engine Appliance Security Configuration Guide
for details
.
To specify the SSL session parameters that the ACE uses in an SSL proxy service,
you can create an SSL parameter map. Use the
parameter-map type ssl
command to
s
pecify SSL termination parameters. Refer to the
Cisco 4700 Series
Application Control Engine Appliance SSL Configuration Guide
for details.
For example, to specify the
parameter-map type connection
command to
combine TCP connection-related parameters in a parameter map, enter:
host1/Admin(config)#
parameter-map type connection TCP_MAP
host1/Admin(config-parammap-conn)#
reserved-bit allow
host1/Admin(config-parammap-conn)#
exceed-mss allow
host1/Admin(config-parammap-conn)#
nagle
host1/Admin(config-parammap-conn)#
set conn-max 64
host1/Admin(config-parammap-conn)#
set tcp queue-limit 10
host1/Admin(config-parammap-conn)#
set tcp syn-retry 3
host1/Admin(config-parammap-conn)#
set tcp timeout embryonic 60
host1/Admin(config-parammap-conn)#
exit
host1/Admin(config)#
host1/Admin(config)#
policy-map multi-match L4_SLB_POLICY
host1/Admin(config-pmap)#
class VIP_CLASS
host1/Admin(config-pmap-c)#
loadbalance policy L7_SLB_POLICY
host1/Admin(config-pmap-c)#
loadbalance vip inservice
host1/Admin(config-pmap-c)#
connection advanced-options TCP-MAP
host1/Admin(config-pmap-c)#
exit
host1/Admin(config-pmap)#
exit
host1/Admin(config)#
Configuring a Layer 7 Policy Map
To use a Layer 7 policy map, you must first create the Layer 7 policy map. For a
Layer 7 traffic classification, you create a policy map with actions to configure
the following tasks:
•
HTTP content load-balancing decisions
•
Application acceleration and optimization
•
Deep packet inspection of the HTTP protocol
•
FTP command inspection
