32-21
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter32 Configuring a Service Policy Using the Modular Policy Framework
Feature History for Service Policies
hostname(config)# service-policy policy_serverB interface inside
hostname(config)# service-policy policy_serverA interface outside

Applying Inspection to HTTP Traffic with NAT

In this example, the Host on the inside network has two addresses: one is the real IP address 192.168.1.1,
and the other is a mapped IP address used on the outside network, 209.165.200.225. Because the policy
is applied to the inside interface, where the real address is used, then you must use the real IP address in
the access list in the class map. If you applied it to the outside interface, you would use the mapped
address.
Figure32-4 HTTP Inspection with NAT
See the following commands for this example:
hostname(config)# static (inside,outside) 209.165.200.225 192.168.1.1
hostname(config)# access-list http_client extended permit tcp host 192.168.1.1 any eq 80
hostname(config)# class-map http_client
hostname(config-cmap)# match access-list http_client
hostname(config)# policy-map http_client
hostname(config-pmap)# class http_client
hostname(config-pmap-c)# inspect http
hostname(config)# service-policy http_client interface inside
Feature History for Service Policies
Table32-3 lists the release history for this feature.
inside outside
Host
Real IP: 192.168.1.1
Mapped IP: 209.165.200.225
Server
209.165.201.1
port 80
insp.
Security
appliance
143416
Table32-3 Feature History for Service Policies
Feature Name Releases Feature Information
Modular Policy Framework 7.0(1) Modular Policy Framework was introduced.
Management class map for use with RADIUS
accounting traffic
7.2(1) The management class map was introduced for use with
RADIUS accounting traffic. The following commands were
introduced: class-map type management, and inspect
radius-accounting.