11-10
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 11 Service Policy Using the Modular Policy Framework
Defaults for Service Policies
• H323 (H225)
• H323 (RAS)
• RSH
• RTSP
• ESMTP
• SQLnet
• Skinny (SCCP)
• SunRPC
• XDMCP
• SIP
• NetBios
• TFTP
• IP Options
The default policy configuration includes the following commands:
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
dns-guard
protocol-enforcement
nat-rewrite
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225 _default_h323_map
inspect h323 ras _default_h323_map
inspect ip-options _default_ip_options_map
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp _default_esmtp_map
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
Note See Incompatibility of Certain Feature Actions, page 11-6 for more information about the special match
default-inspection-traffic command used in the default class map.
Default Class Maps (Traffic Classes)
The configuration includes a default Layer 3/4 class map (traffic class) that the ASA uses in the default
global policy called default-inspection-traffic; it matches the default inspection traffic. This class, which
is used in the default global policy, is a special shortcut to match the default ports for all inspections.
To Next Page
Loading...
Need help?
General