17-68
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 17 Managing Firewall Inspection Rules
Configuring Protocols and Maps for Inspection
Field Reference
Configuring IP Options Maps
Use the Add and Edit IP Options Map dialog boxes to define maps for the inspection of the options in
an IP packet header on ASA 8.2(2)+ devices. The options field provides for control functions that are
required in some situations but unnecessary for most common communications.
Table17-39 Add and Edit IM Map (IOS) Dialog Boxes
Element Description
Name The name of the policy object. A maximum of 40 characters is allowed.
Description A description of the policy object. A maximum of 200 characters is
allowed.
Service Tabs
The tabs represent different IM service providers. The settings available on each tab are identical. You
must configure the settings separately for each service provider. The descriptions of the following
fields apply to each of the services: Yahoo!, MSN, and AOL.
Text Chat How you want the text chat service to be handled, for example, allowed,
denied, logged, or some combination.
Other Services How you want services other than text chat to be handled, for example,
allowed, denied, logged, or some combination. IOS software
recognizes all services other than text chat, such as voice-chat,
video-chat, file sharing and transferring, and gaming as a single group.
Permit Servers The servers from which to permit traffic. Accepted formats are IP
addresses, IP ranges, and hostnames separated by commas.
Deny Servers The servers from which to deny traffic. Accepted formats are IP
addresses, IP ranges, and hostnames separated by commas.
Alert Whether you want to enable or disable alerts. The default is to use the
default inspection settings.
Audit Whether you want to enable or disable an audit trail. The default is to
use the default inspection settings.
Timeout A timeout for the service. You can use the default inspection settings,
or you can elect to specify a timeout. If you select Specify Timeout,
enter the timeout value in seconds.
Category The category assigned to the object. Categories help you organize and
identify rules and objects. See Using Category Objects, page 6-12.
Allow Value Override per
Device
Overrides
Edit button
Whether to allow the object definition to be changed at the device level.
For more information, see Allowing a Policy Object to Be Overridden,
page 6-18 and Understanding Policy Object Overrides for Individual
Devices, page 6-17.
If you allow device overrides, you can click the Edit button to create,
edit, and view the overrides. The Overrides field indicates the number
of devices that have overrides for this object.