Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

22-5

Cisco ASDM User Guide

OL-16647-01

Chapter 22 Configuring Service Policy Rules

Service Policy Overview

p. SIP

q. Skinny

r. SMTP

s. SNMP

t. SQL*Net

u. TFTP

v. XDMCP

w. DCERPC

x. Instant Messaging

Note RADIUS accounting is not listed because it is the only inspection allowed on management

traffic. WAAS is not listed because it can be configured along with other inspections for the

same traffic.

5. IPS

6. QoS output policing

7. QoS standard priority queue

8. QoS traffic shaping, hierarchical priority queue

Incompatibility of Certain Feature Actions

Some features are not compatible with each other for the same traffic. For example, most inspections

should not be combined with another inspection, so the security appliance only applies one inspection

if you configure multiple inspections for the same traffic. In this case, the feature that is applied is the

higher priority feature in the list in the “Order in Which Multiple Feature Actions within a Rule are

Applied” section on page 22-4.

For information about compatibility of each feature, see the chapter or section for your feature.

Note The Default Inspection Traffic traffic classification, which is used in the default global policy, is a special

shortcut to match the default ports for all inspections. When used in a rule, this traffic classification

ensures that the correct inspection is applied to each packet, based on the destination port of the traffic.

For example, when UDP traffic for port 69 reaches the security appliance, then the security appliance

applies the TFTP inspection; when TCP traffic for port 21 arrives, then the security appliance applies

the FTP inspection. So in this case only, you can configure multiple inspections for the same rule.

Normally, the security appliance does not use the port number to determine the inspection applied, thus

giving you the flexibility to apply inspections to non-standard ports, for example.

Feature Matching Guidelines for Multiple Service Policies

For TCP and UDP traffic (and ICMP when you enable stateful ICMP inspection), service policies

operate on traffic flows, and not just individual packets. If traffic is part of an existing connection that

matches a feature in a policy on one interface, that traffic flow cannot also match the same feature in a

policy on another interface; only the first policy is used.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems OL-16647-01 Network Router User Manual