Cisco ASA 5505 User Manual

Page 873

42-9

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 42 Getting Started with Application Layer Protocol Inspection

Configuring Application Layer Protocol Inspection

Table 42-2

Protocol Keywords

Keywords

Notes

ctiqbe

—

dcerpc [map_name]

If you added a DCERPC inspection policy map according to

“Configuring a DCERPC Inspection Policy Map for
Additional Inspection Control” section on page 46-2

identify the map name in this command.

dns [map_name]
[dynamic-filter-snoop]

If you added a DNS inspection policy map according to

“Configuring a DNS Inspection Policy Map for Additional
Inspection Control” section on page 43-7

, identify the map

name in this command. The default DNS inspection policy
map name is “preset_dns_map.” The default inspection
policy map sets the maximum DNS packet length to 512
bytes.

To enable DNS snooping for the Botnet Traffic Filter, enter
the dynamic-filter-snoop keyword. See the

“Enabling DNS

Snooping” section on page 55-10

for more information.

esmtp [map_name]

If you added an ESMTP inspection policy map according to

“Configuring an ESMTP Inspection Policy Map for
Additional Inspection Control” section on page 43-32

identify the map name in this command.

ftp [strict [map_name]]

Use the strict keyword to increase the security of protected
networks by preventing web browsers from sending
embedded commands in FTP requests. See the

“Using the

strict Option” section on page 43-11

for more information.

If you added an FTP inspection policy map according to

“Configuring an FTP Inspection Policy Map for Additional
Inspection Control” section on page 43-12

, identify the map

name in this command.

gtp [map_name]

If you added a GTP inspection policy map according to the

“Configuring a GTP Inspection Policy Map for Additional
Inspection Control” section on page 46-4

, identify the map

name in this command.