Default class maps – Cisco ASA 5505 User Manual

Page 646

32-8

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 32 Configuring a Service Policy Using the Modular Policy Framework

Default Settings

•

DNS inspection for the maximum message length of 512 bytes

•

FTP

•

H323 (H225)

•

H323 (RAS)

•

RSH

•

RTSP

•

ESMTP

•

SQLnet

•

Skinny (SCCP)

•

SunRPC

•

XDMCP

•

SIP

•

NetBios

•

TFTP

•

IP Options

The default policy configuration includes the following commands:

class-map inspection_default

match default-inspection-traffic

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect ip-options

service-policy global_policy global

Note

See the

“Incompatibility of Certain Feature Actions” section on page 32-5

for more information about

the special match default-inspection-traffic command used in the default class map.

Default Class Maps

The configuration includes a default Layer 3/4 class map that the ASA uses in the default global policy
called default-inspection-traffic; it matches the default inspection traffic. This class, which is used in the
default global policy, is a special shortcut to match the default ports for all inspections. When used in a

This manual is related to the following products:

ASA 5585-X ASA 5555-X ASA 5545-X ASA 5525-X ASA 5515-X ASA 5512-X ASA 5580 ASA 5550 ASA 5540 ASA 5520 ASA 5510 ASA 5500 Series