EasyManuals Logo
Home>Cisco>Network Hardware>ASA Series

Cisco ASA Series Configuration Guide

Cisco ASA Series
428 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #249 background imageLoading...
Page #249 background image
11-15
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 11 Service Policy Using the Modular Policy Framework
Configure Service Policies
hostname(config-cmap)# description "This class-map matches all TCP traffic"
hostname(config-cmap)# match access-list tcp
hostname(config-cmap)# class-map all_http
hostname(config-cmap)# description "This class-map matches all HTTP traffic"
hostname(config-cmap)# match port tcp eq http
hostname(config-cmap)# class-map to_server
hostname(config-cmap)# description "This class-map matches all traffic to server 10.1.1.1"
hostname(config-cmap)# match access-list host_foo
Create a Layer 3/4 Class Map for Management Traffic
For management traffic to the ASA, you might want to perform actions specific to this kind of traffic.
You can specify a management class map that can match an ACL or TCP or UDP ports. The types of
actions available for a management class map in the policy map are specialized for management traffic.
See Features Configured with Service Policies, page 11-4.
Procedure
Step 1 Create a management class map, where class_map_name is a string up to 40 characters in length.
class-map type management class_map_name
The name “class-default” is reserved. All types of class maps use the same name space, so you cannot
reuse a name already used by another type of class map. The CLI enters class-map configuration mode.
Example:
hostname(config)# class-map management all_udp
Step 2 (Optional) Add a description to the class map.
description string
Example:
hostname(config-cmap)# description All UDP traffic
Step 3 Match traffic using one of the following commands.
match access-list access_list_name—Matches traffic specified by an extended ACL. If the ASA is
operating in transparent firewall mode, you can use an EtherType ACL.
hostname(config-cmap)# match access-list udp
match port {tcp | udp} {eq port_num | range port_num port_num}—Matches TCP or UDP
destination ports, either a single port or a contiguous range of ports. For applications that use
multiple, non-contiguous ports, use the match access-list command and define an ACE to match
each port.
hostname(config-cmap)# match tcp eq 80

Table of Contents

Other manuals for Cisco ASA Series

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Mount And Connect
Mount And Connect12 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA Series and is the answer not in the manual?

Cisco ASA Series Specifications

General IconGeneral
BrandCisco
ModelASA Series
CategoryNetwork Hardware
LanguageEnglish

Related product manuals