11-8
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 11 Configuring Inspection of Basic Internet Protocols
DNS Inspection
Step 3 You can configure DNS inspections using the following methods:
• Single Match—Match a single criterion, and identify the action for the match.
• Multiple matches—Match multiple criteria by creating an inspection class map.
The difference between creating a class map and defining the traffic match directly in the inspection
policy map is that the class map lets you create more complex match criteria, and you can reuse class
maps. If you want different actions for each criteria, use the single match option; you can only set one
action for the entire class map.
You can add multiple class maps and single matches in the same policy map.
Actions for each Single Match, or for a Multiple match class map include:
• Primary Action:
–
Mask
–
Drop Packet
–
Drop Connection
–
None
• Log:
–
Enable
–
Disable