Filter
Top Products
24-2
Cisco ASDM User Guide
OL-16647-01
Chapter 24 Configuring Application Layer Protocol Inspection
Inspection Engine Overview
• RADIUS Accounting Inspection, page 24-19
• RSH Inspection, page 24-19
• RTSP Inspection, page 24-19
• SIP Inspection, page 24-21
• Skinny (SCCP) Inspection, page 24-22
• SMTP and Extended SMTP Inspection, page 24-24
• SNMP Inspection, page 24-25
• SQL*Net Inspection, page 24-25
• Sun RPC Inspection, page 24-26
• TFTP Inspection, page 24-28
• XDMCP Inspection, page 24-28
• Service Policy Field Descriptions, page 24-28
• Class Map Field Descriptions, page 24-39
• Inspect Map Field Descriptions, page 24-59
Inspection Engine Overview
This section includes the following topics:
• When to Use Application Protocol Inspection, page 24-2
• Inspection Limitations, page 24-3
• Default Inspection Policy, page 24-3
When to Use Application Protocol Inspection
When a user establishes a connection, the security appliance checks the packet against access lists,
creates an address translation, and creates an entry for the session in the fast path, so that further packets
can bypass time-consuming checks. However, the fast path relies on predictable port numbers and does
not perform address translations inside a packet.
Many protocols open secondary TCP or UDP ports. The initial session on a well-known port is used to
negotiate dynamically assigned port numbers.
Other applications embed an IP address in the packet that needs to match the source address that is
normally translated when it goes through the security appliance.
If you use applications like these, then you need to enable application inspection.
When you enable application inspection for a service that embeds IP addresses, the security appliance
translates embedded addresses and updates any checksum or other fields that are affected by the
translation.
When you enable application inspection for a service that uses dynamically assigned ports, the security
appliance monitors sessions to identify the dynamic port assignments, and permits data exchange on
these ports for the duration of the specific session.