24-70
Cisco ASDM User Guide
OL-16647-01
Chapter 24 Configuring Application Layer Protocol Inspection
Inspect Map Field Descriptions
–
DNS Class Field Value—Specifies to match either a DNS class field value or a DNS class field
range.
Value—Lets you enter an arbitrary value between 0 and 65535 to match.
Range—Lets you enter a range match. Both values between 0 and 65535.
• Question Criterion Values—Specifies to match on the DNS question section.
• Resource Record Criterion Values—Specifies to match on the DNS resource record section.
–
Resource Record— Lists the sections to match.
Additional—DNS additional resource record
Answer—DNS answer resource record
Authority—DNS authority resource record
• Domain Name Criterion Values—Specifies to match on DNS domain name.
–
Regular Expression—Lists the defined regular expressions to match.
–
Manage—Opens the Manage Regular Expressions dialog box, which lets you configure regular
expressions.
–
Regular Expression Class—Lists the defined regular expression classes to match.
–
Manage—Opens the Manage Regular Expression Class dialog box, which lets you configure
regular expression class maps.
• Multiple Matches—Specifies multiple matches for the DNS inspection.
–
DNS Traffic Class—Specifies the DNS traffic class match.
–
Manage—Opens the Manage DNS Class Maps dialog box to add, edit, or delete DNS Class
Maps.
• Actions—Primary action and log settings.
–
Primary Action—Mask, drop packet, drop connection, none.
–
Log—Enable or disable.
–
Enforce TSIG—Do not enforce, drop packet, log, drop packet and log.
Modes
The following table shows the modes in which this feature is available:
Manage Class Maps
The Manage Class Map dialog box lets you configure class maps for inspection.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• • • •—