EasyManuals Logo
Home>Cisco>Firewall>ASA 5512-X

Cisco ASA 5512-X Configuration Guide

Cisco ASA 5512-X
428 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #250 background imageLoading...
Page #250 background image
11-16
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 11 Service Policy Using the Modular Policy Framework
Configure Service Policies
Define Actions (Layer 3/4 Policy Map)
After you configure Layer 3/4 class maps to identify traffic, use a Layer 3/4 policy map to associate
actions to those classes.
Tip The maximum number of policy maps is 64, but you can only apply one policy map per interface.
Procedure
Step 1 Add the policy map: policy-map policy_map_name
Where policy_map_name argument is the name of the policy map, up to 40 characters in length. All types
of policy maps use the same name space, so you cannot reuse a name already used by another type of
policy map. The CLI enters policy-map configuration mode.
Example:
hostname(config)# policy-map global_policy
Step 2 Specify a previously configured Layer 3/4 class map: class class_map_name
Where the class_map_name is the name of the class map.
See Identify Traffic (Layer 3/4 Class Maps), page 11-13 to add a class map.
Example:
hostname(config-pmap)# class all-http
Step 3 Specify one or more actions for this class map.
See Features Configured with Service Policies, page 11-4.
Note If there is no match default-inspection-traffic command in a class map, then at most one
inspect command is allowed to be configured under the class.
Step 4 Repeat the process for each class map you want to include in this policy map.
Examples
The following is an example of a policy-map command for a connection policy. It limits the number of
connections allowed to the web server 10.1.1.1:
hostname(config)# access-list http-server permit tcp any host 10.1.1.1
hostname(config)# class-map http-server
hostname(config-cmap)# match access-list http-server
hostname(config)# policy-map global-policy
hostname(config-pmap)# description This policy map defines a policy concerning connection
to http server.
hostname(config-pmap)# class http-server
hostname(config-pmap-c)# set connection conn-max 256
The following example shows how multi-match works in a policy map:
hostname(config)# class-map inspection_default
hostname(config-cmap)# match default-inspection-traffic
hostname(config)# class-map http_traffic
hostname(config-cmap)# match port tcp eq 80

Table of Contents

Other manuals for Cisco ASA 5512-X

Preview: Quick Start Guide
Quick Start Guide14 pages
Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide74 pages
Preview: Software Guide
Software Guide37 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA 5512-X and is the answer not in the manual?

Cisco ASA 5512-X Specifications

General IconGeneral
BrandCisco
ModelASA 5512-X
CategoryFirewall
LanguageEnglish

Related product manuals