32-10
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter32 Configuring a Service Policy Using the Modular Polic y Framework
Task Flows for Configuring Service Policies
You can create a self-contained inspection policy map that identifies the traffic directly with match
commands, or you can create an inspection class map for reuse or for more complicated matching. See
the “Defining Actions in an Inspection Policy Map” section on page 33-2 and the “Identifying Traffic in
an Inspection Class Map” section on page33-6.
Step3 Create a regular expression—If you want to match text with a regular expression within inspected
packets, you can create a regular expression or a group of regular expressions (a regular expression class
map). Then, when you define the traffic to match for the inspection policy map, you can call on an
existing regular expression.
For example, you might want to drop all HTTP requests with a URL including the text “example.com.”
See the “Creating a Regular Expression” section on page 13-12 and the “Creating a Regular Expression
Class Map” section on page13-15.
Step4 Define the actions you want to perform and determine on which interfaces you want to apply the policy
map—Define the actions you want to perform on each Layer 3/4 class map by creating a Layer 3/4 policy
map. Then, determine on which interfaces you want to apply the policy map using a service policy.
Inspection Class Map/
Match Commands
Inspection Policy Map Actions
241507
Regular Expression Statement/
Regular Expression Class Map
Inspection Class Map/
Match Commands
Inspection Policy Map Actions
241509