12-9
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 12 Getting Started with Application Layer Protocol Inspection
Configure Application Layer Protocol Inspection
The default policy configuration includes the following commands:
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
dns-guard
protocol-enforcement
nat-rewrite
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225 _default_h323_map
inspect h323 ras _default_h323_map
inspect ip-options _default_ip_options_map
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp _default_esmtp_map
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
Default Inspection Policy Maps
Some inspection types use hidden default policy maps. For example, if you enable ESMTP inspection
without specifying a map, _default_esmtp_map is used.
The default inspection is described in the sections that explain each inspection type. You can view these
default maps using the
show running-config all policy-map
command.
DNS inspection is the only one that uses an explicitly-configured default map, preset_dns_map.
Configure Application Layer Protocol Inspection
You configure application inspection in service policies. Service policies provide a consistent and
flexible way to configure ASA features. For example, you can use a service policy to create a timeout
configuration that is specific to a particular TCP application, as opposed to one that applies to all TCP
applications. For some applications, you can perform special actions when you enable inspection. See
XDMCP
UDP/177
No extended PAT.
No NAT64.
(Clustering) No static PAT.
—
—
VXLAN
UDP/4789
Not applicable
RFC 7348
Virtual Extensible Local Area Network.
Table 12-1
Supported Application Inspection Engines (continued)
Application
Default Port NAT Limitations
Standards
Comments
Содержание ASA 5508-X
Страница 11: ...P A R T 1 Access Control ...
Страница 12: ......
Страница 60: ...4 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 4 Access Rules History for Access Rules ...
Страница 157: ...P A R T 2 Network Address Translation ...
Страница 158: ......
Страница 204: ...9 46 Cisco ASA Series Firewall CLI Configuration Guide Chapter 9 Network Address Translation NAT History for NAT ...
Страница 232: ...10 28 Cisco ASA Series Firewall CLI Configuration Guide Chapter 10 NAT Examples and Reference DNS and NAT ...
Страница 233: ...P A R T 3 Service Policies and Application Inspection ...
Страница 234: ......
Страница 379: ...P A R T 4 Connection Management and Threat Detection ...
Страница 380: ......
Страница 400: ...16 20 Cisco ASA Series Firewall CLI Configuration Guide Chapter 16 Connection Settings History for Connection Settings ...
Страница 414: ...17 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 17 Quality of Service History for QoS ...