Contents
xxxi
Cisco ASA 5500 Series Configuration Guide using the CLI
Adding and Enrolling Users 41-36
Renewing Users 41-38
Restoring Users 41-39
Removing Users 41-39
Revoking Certificates 41-40
Maintaining the Local CA Certificate Database 41-40
Rolling Over Local CA Certificates 41-40
Archiving the Local CA Server Certificate and Keypair 41-41
Monitoring Digital Certificates 41-41
Feature History for Certificate Management 41-43
PART
10 Configuring Application Inspection
CHAPTER
42 Getting Started with Application Layer Protocol Inspection 42-1
Information about Application Layer Protocol Inspection 42-1
How Inspection Engines Work 42-1
When to Use Application Protocol Inspection 42-2
Guidelines and Limitations 42-3
Default Settings 42-4
Configuring Application Layer Protocol Inspection 42-6
CHAPTER
43 Configuring Inspection of Basic Internet Protocols 43-1
DNS Inspection 43-1
How DNS Application Inspection Works 43-2
How DNS Rewrite Works 43-2
Configuring DNS Rewrite 43-3
Configuring DNS Rewrite with Two NAT Zones 43-4
Overview of DNS Rewrite with Three NAT Zones 43-4
Configuring DNS Rewrite with Three NAT Zones 43-6
Configuring a DNS Inspection Policy Map for Additional Inspection Control 43-7
Verifying and Monitoring DNS Inspection 43-10
FTP Inspection 43-11
FTP Inspection Overview 43-11
Using the strict Option 43-11
Configuring an FTP Inspection Policy Map for Additional Inspection Control 43-12
Verifying and Monitoring FTP Inspection 43-16
HTTP Inspection 43-16
HTTP Inspection Overview 43-16