Filter
Top Products
10-30
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 10 Configuring Inspection of Basic Internet Protocols
NetBIOS Inspection
Examples
The following example drops all IPv6 traffic with the hop-by-hop, destination-option, routing-address,
and routing type 0 headers:
policy-map type inspect ipv6 ipv6-pm
parameters
match header hop-by-hop
drop
match header destination-option
drop
match header routing-address count gt 0
drop
match header routing-type eq 0
drop
policy-map global_policy
class class-default
inspect ipv6 ipv6-pm
!
service-policy global_policy global
NetBIOS Inspection
This section describes the IM inspection engine. This section includes the following topics:
• NetBIOS Inspection Overview, page 10-30
• Configuring a NetBIOS Inspection Policy Map for Additional Inspection Control, page 10-30
NetBIOS Inspection Overview
NetBIOS inspection is enabled by default. The NetBios inspection engine translates IP addresses in the
NetBios name service (NBNS) packets according to the ASA NAT configuration.
Configuring a NetBIOS Inspection Policy Map for Additional Inspection Control
To specify actions when a message violates a parameter, create a NETBIOS inspection policy map. You
can then apply the inspection policy map when you enable NETBIOS inspection.
To create a NETBIOS inspection policy map, perform the following steps:
Step 1 (Optional) Add one or more regular expressions for use in traffic matching commands according to the
general operations configuration guide. See the types of text you can match in the match commands
described in Step 3.
Step 2 (Optional) Create one or more regular expression class maps to group regular expressions according to
the general operations configuration guide.
Step 3 Create a NetBIOS inspection policy map, enter the following command:
ciscoasa(config)# policy-map type inspect netbios policy_map_name
ciscoasa(config-pmap)#
Where the policy_map_name is the name of the policy map. The CLI enters policy-map configuration
mode.