42-9
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter42 Getting Started with Application Layer Protocol Inspection
Configuring Application Layer Protocol Inspection
Table42-2 Protocol Keywords
Keywords Notes
ctiqbe
dcerpc [map_name] If you added a DCERPC inspection policy map according to
“Configuring a DCERPC Inspection Policy Map for
Additional Inspection Control” section on page 46-2,
identify the map name in this command.
dns [map_name]
[dynamic-filter-snoop]
If you added a DNS inspection policy map according to
“Configuring a DNS Inspection Policy Map for Additional
Inspection Control” section on page43-7, identify the map
name in this command. The default DNS inspection policy
map name is “preset_dns_map.” The default inspection
policy map sets the maximum DNS packet length to 512
bytes.
To enable DNS snooping for the Botnet Traffic Filter, enter
the dynamic-filter-snoop keyword. See the “Enabling DNS
Snooping” section on page55-10 for more information.
esmtp [map_name] If you added an ESMTP inspection policy map according to
“Configuring an ESMTP Inspection Policy Map for
Additional Inspection Control” section on page 43-32,
identify the map name in this command.
ftp [strict [map_name]] Use the strict keyword to increase the security of protected
networks by preventing web browsers from sending
embedded commands in FTP requests. See the “Using the
strict Option” section on page43-11 for more information.
If you added an FTP inspection policy map according to
“Configuring an FTP Inspection Policy Map for Additional
Inspection Control” section on page43-12, identify the map
name in this command.
gtp [map_name] If you added a GTP inspection policy map according to the
“Configuring a GTP Inspection Policy Map for Additional
Inspection Control” section on page46-4, identify the map
name in this command.
h323 h225 [map_name] If you added an H323 inspection policy map according to
“Configuring an H.323 Inspection Policy Map for
Additional Inspection Control” section on page 44-6,
identify the map name in this command.
h323 ras [map_name] If you added an H323 inspection policy map according to
“Configuring an H.323 Inspection Policy Map for
Additional Inspection Control” section on page 44-6,
identify the map name in this command.
http [map_name] If you added an HTTP inspection policy map according to
the “Configuring an HTTP Inspection Policy Map for
Additional Inspection Control” section on page 43-17,
identify the map name in this command.
icmp