Cisco Systems ASA Services Module Webcam User Manual


 
2-3
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 2 Configuring Special Actions for Application Inspections (Inspection Policy Map)
Defining Actions in an Inspection Policy Map
Note There are other default inspection policy maps such as _default_esmtp_map. For example, an ESMTP
inspection rule implicitly uses the policy map “_default_esmtp_map.”
Defining Actions in an Inspection Policy Map
When you enable an inspection engine in the service policy, you can also optionally enable actions as
defined in an inspection policy map.
Detailed Steps
Step 1 (Optional) Create an inspection class map. Alternatively, you can identify the traffic directly within the
policy map. See the “Identifying Traffic in an Inspection Class Map” section on page 2-3.
Step 2 (Optional) For policy map types that support regular expressions, create a regular expression. See the
“Configuring Regular Expressions” section on page 20-11 in the general operations configuration guide.
Step 3 Choose Configuration > Firewall > Objects > Inspect Maps .
Step 4 Choose the inspection type you want to configure.
Step 5 Click Add to add a new inspection policy map.
Step 6 Follow the instructions for your inspection type in the inspection chapter.
Identifying Traffic in an Inspection Class Map
This type of class map allows you to match criteria that is specific to an application. For example, for
DNS traffic, you can match the domain name in a DNS query.
A class map groups multiple traffic matches (in a match-all class map), or lets you match any of a list of
matches (in a match-any class map). The difference between creating a class map and defining the traffic
match directly in the inspection policy map is that the class map lets you group multiple match
commands, and you can reuse class maps. For the traffic that you identify in this class map, you can
specify actions such as dropping, resetting, and/or logging the connection in the inspection policy map.
If you want to perform different actions on different types of traffic, you should identify the traffic
directly in the policy map.
Restrictions
Not all applications support inspection class maps.
Detailed Steps
Step 1 Choose Configuration > Firewall > Objects > Class Maps .
Step 2 Choose the inspection type you want to configure.
Step 3 Click Add to add a new inspection class map.