04-19-2010 11:50 AM - edited 03-10-2019 04:57 AM
I am in the process of updating my device to 8.2(2) . In the release notes it mentions to make sure that you do not have the following incomplete lines:
- policy-map global_policy
- service-policy global_policy global
Below is a copy of my config. I just want to make sure that I am reading this correctly. I do not believe I have any incomplete service policies. I have made the lines in question bold. Thank you.
!
class-map type regex match-any DomainBlockList
match regex domainlist1
class-map type inspect http match-all BlockDomainsClass
match request header host regex class DomainBlockList
class-map IPS_CLASS
match any
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect http http_inspection_policy
parameters
class BlockDomainsClass
reset log
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 2048
policy-map global_policy - line in question
class inspection_default
inspect dns migrated_dns_map_1
inspect h323 h225
inspect netbios
inspect rsh
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
inspect ftp
inspect h323 ras
inspect http http_inspection_policy
policy-map IPS_POLICY
class IPS_CLASS
ips inline fail-open
!
service-policy global_policy global - line in question
service-policy IPS_POLICY interface outside
prompt hostname context
Cryptochecksum:9678c3xd399320688fyyu741823
: end
asa5500#
asa5500#
Solved! Go to Solution.
04-19-2010 11:58 AM
Hi,
You have the default global_policy applied globally with the service policy. (they are not incomplete).
You can modify these policy, or create new policies and apply them globally to the service policy or to specific interfaces.
You can check more information about the inspection on the ASA here:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/inspect_overview.html
Federico.
04-19-2010 11:58 AM
Hi,
You have the default global_policy applied globally with the service policy. (they are not incomplete).
You can modify these policy, or create new policies and apply them globally to the service policy or to specific interfaces.
You can check more information about the inspection on the ASA here:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/inspect_overview.html
Federico.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: