1-30
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Inspection of Basic Internet Protocols
NetBIOS Inspection
Examples
The following example drops all IPv6 traffic with the hop-by-hop, destination-option, routing-address,
and routing type 0 headers:
policy-map type inspect ipv6 ipv6-pm
parameters
match header hop-by-hop
drop
match header destination-option
drop
match header routing-address count gt 0
drop
match header routing-type eq 0
drop
policy-map global_policy
class class-default
inspect ipv6 ipv6-pm
!
service-policy global_policy global
NetBIOS Inspection
This section describes the IM inspection engine. This section includes the following topics:
• NetBIOS Inspection Overview, page 1-30
• Configuring a NetBIOS Inspection Policy Map for Additional Inspection Control, page 1-30
NetBIOS Inspection Overview
NetBIOS inspection is enabled by default. The NetBios inspection engine translates IP addresses in the
NetBios name service (NBNS) packets according to the ASA NAT configuration.
Configuring a NetBIOS Inspection Policy Map for Additional Inspection
Control
To specify actions when a message violates a parameter, create a NETBIOS inspection policy map. You
can then apply the inspection policy map when you enable NETBIOS inspection.
To create a NETBIOS inspection policy map, perform the following steps:
Step 1 (Optional) Add one or more regular expressions for use in traffic matching commands according to the
“Creating a Regular Expression” section on page 1-14. See the types of text you can match in the match
commands described in Step 3.
Step 2 (Optional) Create one or more regular expression class maps to group regular expressions according to
the “Creating a Regular Expression Class Map” section on page 1-17.
Step 3 Create a NetBIOS inspection policy map, enter the following command:
hostname(config)# policy-map type inspect netbios policy_map_name
hostname(config-pmap)#
To Next Page
Loading...
Need help?
General
