12-17
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 12 Getting Started with Application Layer Protocol Inspection
Configure Regular Expressions
hostname(config)#
test
regex
input_text regular_expression
Where the
input_text
argument is a string you want to match using the regular expression, up to 201
characters in length.
The
regular_expression
argument can be up to 100 characters in length.
Use
Ctrl+V
to escape all of the special characters in the CLI. For example, to enter a tab in the input
text in the
test regex
command, you must enter
test regex “test[Ctrl+V Tab]” “test\t”
.
If the regular expression matches the input text, you see the following message:
INFO: Regular expression match succeeded.
If the regular expression does not match the input text, you see the following message:
INFO: Regular expression match failed.
Step 2
To add a regular expression after you tested it, enter the following command:
hostname(config)#
regex
name regular_expression
Where the
name
argument can be up to 40 characters in length.
The
regular_expression
argument can be up to 100 characters in length.
Examples
The following example creates two regular expressions for use in an inspection policy map:
hostname(config)#
regex url_example example\.com
hostname(config)#
regex url_example2 example2\.com
Create a Regular Expression Class Map
A regular expression class map identifies one or more regular expression. It is simply a collection of
regular expression objects. You can use a regular expression class map in many cases in replace of a
regular expression object.
Procedure
Step 1
Create the regular expression class map.
hostname(config)#
class-map type regex match-any
class_map_name
hostname(config-cmap)#
Where
class_map_name
is a string up to 40 characters in length. The name “class-default” is reserved.
All types of class maps use the same name space, so you cannot reuse a name already used by another
type of class map.
The
match-any
keyword specifies that the traffic matches the class map if it matches at least one of the
regular expressions.
Step 2
(Optional) Add a description to the class map:
hostname(config-cmap)#
description
string
Step 3
Identify the regular expressions you want to include by entering the following command for each regular
expression:
Summary of Contents for ASA 5508-X
Page 11: ...P A R T 1 Access Control ...
Page 12: ......
Page 157: ...P A R T 2 Network Address Translation ...
Page 158: ......
Page 233: ...P A R T 3 Service Policies and Application Inspection ...
Page 234: ......
Page 379: ...P A R T 4 Connection Management and Threat Detection ...
Page 380: ......