13-37
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 13 Inspection of Basic Internet Protocols
NetBIOS Inspection
NetBIOS Inspection
NetBIOS inspection is enabled by default. The NetBIOS inspection engine translates IP addresses in the
NetBIOS name service (NBNS) packets according to the ASA NAT configuration. You can optionally
create a policy map to drop or log NetBIOS protocol violations.
Procedure
Step 1 Configure a NetBIOS Inspection Policy Map for Additional Inspection Control, page 13-37.
Step 2 Configure the NetBIOS Inspection Service Policy, page 13-38.
Configure a NetBIOS Inspection Policy Map for Additional Inspection Control
To specify the action for protocol violations, create a NETBIOS inspection policy map. You can then
apply the inspection policy map when you enable NETBIOS inspection.
Procedure
Step 1 Create a NetBIOS inspection policy map.
hostname(config)# policy-map type inspect netbios policy_map_name
hostname(config-pmap)#
Where the policy_map_name is the name of the policy map. The CLI enters policy-map configuration
mode.
Step 2 (Optional) To add a description to the policy map, enter the following command:
hostname(config-pmap)# description string
Step 3 Enter parameters configuration mode.
hostname(config-pmap)# parameters
hostname(config-pmap-p)#
Step 4 Specify the action to take for NETBIOS protocol violations.
hostname(config-pmap-p)# protocol-violation action {drop [log] | log}
Where the drop action drops the packet. The log action sends a system log message when this policy
map matches traffic.
Example
hostname(config)# policy-map type inspect netbios netbios_map
hostname(config-pmap)# parameters
hostname(config-pmap-p)# protocol-violation drop log
hostname(config)# policy-map netbios_policy
hostname(config-pmap)# class inspection_default
hostname(config-pmap-c)# inspect netbios netbios_map
To Next Page
Loading...
Need help?
General