I'm new to comm/firewall-related things. I have a new customer that has an ASA 5505.
This ASA doesn't have any class-map or policy-map statements in its config. From what I've read there is, by default in an ASA 5505, the following configuration...
class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global
The only problem I notice from the missing stuff is that FTP doesn't work (clients from the inside can't access or download files from FTP-servers on the internet). I've managed to solve this with the following configuration...
class-map FTP-traffic match port tcp eq ftp
policy-map FTP-policy class FTP-traffic inspect ftp
service-policy FTP-policy interface outside
My question is should I recreate the default class-map and policy-map? What functionality do they provide... can they introduce any latency or other problems?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...