10-22
Cisco ASA Series Firewall CLI Configuration Guide
Chapter10 Configuring Inspection of Basic Internet Protocols
Instant Messaging Inspection
Where the regex regex_na me argument is the regular expression you created in Step1. The class
regex_class_name is the regular expression class map you created in Step2.
f. (Optional) To match the destination login name of the IM message, enter the following command:
ciscoasa(config-cmap)# match [not] peer-login-name regex {class class_name |
regex_name}
Where the regex regex_na me argument is the regular expression you created in Step1. The class
regex_class_name is the regular expression class map you created in Step2.
g. (Optional) To match the source IP address of the IM message, enter the following command:
ciscoasa(config-cmap)# match [not] ip-address ip_address ip_address_mask
Where the ip_address and the ip_address_mask is the IP address and netmask of the message source.
h. (Optional) To match the destination IP address of the IM message, enter the following command:
ciscoasa(config-cmap)# match [not] peer-ip-address ip_address ip_address_mask
Where the ip_address and the ip_address_mask is the IP address and netmask of the message
destination.
i. (Optional) To match the version of the IM message, enter the following command:
ciscoasa(config-cmap)# match [not] version regex {class class_name | regex_name}
Where the regex regex_na me argument is the regular expression you created in Step1. The class
regex_class_name is the regular expression class map you created in Step2.
j. (Optional) To match the filename of the IM message, enter the following command:
ciscoasa(config-cmap)# match [not] filename regex {class class_name | regex_name}
Where the regex regex_na me argument is the regular expression you created in Step1. The class
regex_class_name is the regular expression class map you created in Step2.
Note Not supported using MSN IM protocol.
Step4 Create an IM inspection policy map, enter the following command:
ciscoasa(config)# policy-map type inspect im policy_map_name
ciscoasa(config-pmap)#
Where the policy_map_name is the name of the policy map. The CLI enters policy-map configuration
mode.
Step5 (Optional) To add a description to the policy map, enter the following command:
ciscoasa(config-pmap)# description string
Step6 Specify the traffic on which you want to perform actions using one of the following methods:
Specify the IM class map that you created in Step3 by entering the following command:
ciscoasa(config-pmap)# class class_map_name
ciscoasa(config-pmap-c)#
Specify traffic directly in the policy map using one of the match commands described in Step3. If
you use a match not command, then any traffic that does not match the criterion in the match not
command has the action applied.