EasyManuals Logo
Home>Cisco>Network Hardware>ASA Series

Cisco ASA Series Configuration Guide

Cisco ASA Series
428 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #250 background imageLoading...
Page #250 background image
11-16
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 11 Service Policy Using the Modular Policy Framework
Configure Service Policies
Define Actions (Layer 3/4 Policy Map)
After you configure Layer 3/4 class maps to identify traffic, use a Layer 3/4 policy map to associate
actions to those classes.
Tip The maximum number of policy maps is 64, but you can only apply one policy map per interface.
Procedure
Step 1 Add the policy map: policy-map policy_map_name
Where policy_map_name argument is the name of the policy map, up to 40 characters in length. All types
of policy maps use the same name space, so you cannot reuse a name already used by another type of
policy map. The CLI enters policy-map configuration mode.
Example:
hostname(config)# policy-map global_policy
Step 2 Specify a previously configured Layer 3/4 class map: class class_map_name
Where the class_map_name is the name of the class map.
See Identify Traffic (Layer 3/4 Class Maps), page 11-13 to add a class map.
Example:
hostname(config-pmap)# class all-http
Step 3 Specify one or more actions for this class map.
See Features Configured with Service Policies, page 11-4.
Note If there is no match default-inspection-traffic command in a class map, then at most one
inspect command is allowed to be configured under the class.
Step 4 Repeat the process for each class map you want to include in this policy map.
Examples
The following is an example of a policy-map command for a connection policy. It limits the number of
connections allowed to the web server 10.1.1.1:
hostname(config)# access-list http-server permit tcp any host 10.1.1.1
hostname(config)# class-map http-server
hostname(config-cmap)# match access-list http-server
hostname(config)# policy-map global-policy
hostname(config-pmap)# description This policy map defines a policy concerning connection
to http server.
hostname(config-pmap)# class http-server
hostname(config-pmap-c)# set connection conn-max 256
The following example shows how multi-match works in a policy map:
hostname(config)# class-map inspection_default
hostname(config-cmap)# match default-inspection-traffic
hostname(config)# class-map http_traffic
hostname(config-cmap)# match port tcp eq 80

Table of Contents

Other manuals for Cisco ASA Series

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Mount And Connect
Mount And Connect12 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA Series and is the answer not in the manual?

Cisco ASA Series Specifications

General IconGeneral
BrandCisco
ModelASA Series
CategoryNetwork Hardware
LanguageEnglish

Related product manuals