EasyManuals Logo
Home>Cisco>Firewall>ASA 5512-X

Cisco ASA 5512-X Configuration Guide

Cisco ASA 5512-X
428 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #316 background imageLoading...
Page #316 background image
13-42
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 13 Inspection of Basic Internet Protocols
SMTP and Extended SMTP Inspection
Configure ESMTP Inspection
ESMTP inspection is enabled by default. You need to configure it only if you want to different process
than that provided by the default inspection map.
Procedure
Step 1 Configure an ESMTP Inspection Policy Map, page 13-42.
Step 2 Configure the ESMTP Inspection Service Policy, page 13-44.
Configure an ESMTP Inspection Policy Map
To specify actions when a message violates a parameter, create an ESMTP inspection policy map. You
can then apply the inspection policy map when you enable ESMTP inspection.
Before You Begin
Some traffic matching options use regular expressions for matching purposes. If you intend to use one
of those techniques, first create the regular expression or regular expression class map.
Procedure
Step 1 Create an ESMTP inspection policy map, enter the following command:
hostname(config)# policy-map type inspect esmtp policy_map_name
hostname(config-pmap)#
Where the policy_map_name is the name of the policy map. The CLI enters policy-map configuration
mode.
Step 2 (Optional) To add a description to the policy map, enter the following command:
hostname(config-pmap)# description string
Step 3 To apply actions to matching traffic, perform the following steps.
a. Specify the traffic on which you want to perform actions using one of the following match
commands. If you use a match not command, then any traffic that does not match the criterion in
the match not command has the action applied.
• match [not] body {length | line length} gt bytes—Matches messages where the length or
length of a line in an ESMTP body message is greater than the specified number of bytes.
• match [not] cmd verb verb1 [verb2...]—Matches the command verb in the message. You can
specify one or more of the following commands: auth, data, ehlo, etrn, helo, help, mail, noop,
quit, rcpt, rset, saml, soml, vrfy.
• match [not] cmd line length gt bytes—Matches messages where the length of a line in the
command verb is greater than the specified number of bytes.
• match [not] cmd rcpt count gt count—Matches messages where the number of recipients is
greater than the specified count.
• match [not] ehlo-reply-parameter parameter [parameter2...]—Matches ESMTP EHLO reply
parameters. You can specify one or more of the following parameters: 8bitmime, auth,
binaryname, checkpoint, dsn, etrn, others, pipelining, size, vrfy.

Table of Contents

Other manuals for Cisco ASA 5512-X

Preview: Quick Start Guide
Quick Start Guide14 pages
Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide74 pages
Preview: Software Guide
Software Guide37 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA 5512-X and is the answer not in the manual?

Cisco ASA 5512-X Specifications

General IconGeneral
BrandCisco
ModelASA 5512-X
CategoryFirewall
LanguageEnglish

Related product manuals