33-4
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter33 Configuring Special Actions for Application Insp ections (Inspection Policy Map)
Defining Actions in an Inspection Policy Map
Detailed Steps
Command Purpose
Step1 (Optional)
Create an inspection class map.
See the “Identifying Traffic in an Inspection Class Map” section
on page 33-6. Alternatively, you can identify the traffic directly
within the policy map.
Step2 policy-map type inspect application
policy_map_name
Example:
hostname(config)# policy-map type inspect
http http_policy
Creates the inspection policy map. See the “Configuring
Application Layer Protocol Inspection” section on page42-6 for
a list of applications that support inspection policy maps.
The policy_map_name argument is the name of the policy map up
to 40 characters in length. All types of policy maps use the same
name space, so you cannot reuse a name already used by another
type of policy map. The CLI enters policy-map configuration
mode.
Step3 Specify the traffic on which you want to perform actions using one of the following methods:
class class_map_name
Example:
hostname(config-pmap)# class http_traffic
hostname(config-pmap-c)#
Specifies the inspection class map that you created in the
“Identifying Traffic in an Inspection Class Map” section on
page 33-6.
Not all applications support inspection class maps.
Specify traffic directly in the policy map using
one of the match commands described for each
application in the inspection chapter.
Example:
hostname(config-pmap)# match req-resp
content-type mismatch
hostname(config-pmap-c)#
If you use a match not command, then any traffic that matches
the criterion in the match not command does not have the action
applied.