Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5500X Global/Default Policy

I've set up several ASA's in the past and I always see the global policy is in place by default but when setting up a new 5525x I noticed there is no global policy by default. When did this change?

5 REPLIES
VIP Green

if you issue the show run all

if you issue the show run all policy or just show run all do you see the global policy then?

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
New Member

Listed below is what I am

Listed below is what I am seeing. I added ICMP and ICMP error for troubleshooting purposes in the future.

 

!
policy-map type inspect rtsp _default_rtsp_map
 description Default RTSP policymap
 parameters
policy-map type inspect h323 _default_h323_map
 description Default H.323 policymap
 parameters
  no rtp-conformance
policy-map outside-policy
 class sec_sccp
  inspect skinny phone-proxy gtri_phone_proxy
 class sec_sip
  inspect sip phone-proxy gtri_phone_proxy
 class cucum_tftp
  police input 192000 1500
  police output 192000 1500
 class class-default
policy-map type inspect sip _default_sip_map
 description Default SIP policymap
 parameters
  im
  no ip-address-privacy
  traffic-non-sip
  no rtp-conformance
policy-map global-policy
 class global-class
  inspect icmp
  inspect icmp error
 class class-default
policy-map type inspect dns _default_dns_map
 description Default DNS policy-map
 parameters
  no message-length maximum client
  no message-length maximum
  no message-length maximum server
  dns-guard
  protocol-enforcement
  nat-rewrite
  no id-randomization
  no id-mismatch
  no tsig enforced
policy-map type inspect ipsec-pass-thru _default_ipsec_passthru_map
 description Default IPSEC-PASS-THRU policy-map
 parameters
  esp per-client-max 0 timeout 0:10:00
policy-map type inspect esmtp _default_esmtp_map
 description Default ESMTP policy-map
 parameters
  mask-banner
  no mail-relay
  no special-character
  no allow-tls
 match cmd line length gt 512
  drop-connection log
 match cmd RCPT count gt 100
  drop-connection log
 match body line length gt 998
  log
 match header line length gt 998
  drop-connection log
 match sender-address length gt 320
  drop-connection log
 match MIME filename length gt 255
  drop-connection log
 match ehlo-reply-parameter others
  mask
policy-map type inspect ip-options _default_ip_options_map
 description Default IP-OPTIONS policy-map
 parameters
  router-alert action allow

 

VIP Green

Hmmm. Is this a brand new

Hmmm. Is this a brand new shipped from Cisco ASA? or refurbished?  I am really uncertain if it has been removed or not...

--

Please remember to rate and select a correct answer
New Member

These are brand new. Seemed a

These are brand new. Seemed a little strange to me but I am just going to add in the default policy manually.

VIP Green

It has been a little while

It has been a little while since I have had hands on with an ASA5500-X so I can't remember if the default policy was missing there also.  Perhaps someone else knows if it has been removed or not.

Sorry I can't be of much more help

--

Please remember to rate and select a correct answer
41
Views
0
Helpful
5
Replies
CreatePlease login to create content