Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

24-60

Cisco ASDM User Guide

OL-16647-01

Chapter 24 Configuring Application Layer Protocol Inspection

Inspect Map Field Descriptions

• DNS Inspect Map, page 24-64

• ESMTP Inspect Map, page 24-71

• FTP Inspect Map, page 24-79

• GTP Inspect Map, page 24-84

• H.323 Inspect Map, page 24-89

• HTTP Inspect Map, page 24-95

• Instant Messaging (IM) Inspect Map, page 24-103

• IPSec Pass Through Inspect Map, page 24-106

• MGCP Inspect Map, page 24-109

• NetBIOS Inspect Map, page 24-112

• RTSP Inspect Map, page 24-113

• SCCP (Skinny) Inspect Map, page 24-115

• SIP Inspect Map, page 24-120

• SNMP Inspect Map, page 24-126

The algorithm the security appliance uses for stateful application inspection ensures the security of

applications and services. Some applications require special handling, and specific application

inspection engines are provided for this purpose. Applications that require special application inspection

engines are those that embed IP addressing information in the user data packet or open secondary

channels on dynamically assigned ports.

Application inspection engines work with NAT to help identify the location of embedded addressing

information. This allows NAT to translate these embedded addresses and to update any checksum or

other fields that are affected by the translation.

Each application inspection engine also monitors sessions to determine the port numbers for secondary

channels. Many protocols open secondary TCP or UDP ports to improve performance. The initial session

on a well-known port is used to negotiate dynamically assigned port numbers. The application inspection

engine monitors these sessions, identifies the dynamic port assignments, and permits data exchange on

these ports for the duration of the specific session.

In addition, stateful application inspection audits the validity of the commands and responses within the

protocol being inspected. The security appliance helps to prevent attacks by verifying that traffic

conforms to the RFC specifications for each protocol that is inspected.

The Inspect Maps feature lets you create inspect maps for specific protocol inspection engines. You use

an inspect map to store the configuration for a protocol inspection engine. You then enable the

configuration settings in the inspect map by associating the map with a specific type of traffic using a

global security policy or a security policy for a specific interface.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems OL-16647-01 Network Router User Manual