Solved: Layer 7 HTTP Policy Map

mahesh18 · ‎07-28-2013

Hi Everyone,

I have this Layer 7 Policy Map which i config using ASDM under inspects

policy-map type inspect http test4

parameters

protocol-violation action drop-connection log

class _default_GoToMyPC-tunnel

drop-connection log

class maps identify the traffic and policy maps tell us what action to take.

Need to know on above config class map which matches the trafic is

class _default_GoToMyPC-tunnel

Regards

Mahesh

Message was edited by: mahesh parmar

Julio Carvajal · ‎08-01-2013

Hello Mahesh,

It's basically null,

You are not maching anything. so nothing will get dropped

Check my blog at http:laguiadelnetworking.com for further information.

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Julio Carvajal · ‎07-28-2013

Hello,

Not sure what you ask..

Do u want to know what the class-map matches or includes?

Do show run class-map _default_GoToMyPC-tunnel

For Networking Posts check my blog at http://www.laguiadelnetworking.com/category/english/

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

mahesh18 · ‎07-29-2013

Hi Julio,

Here i need to confirm what class map matches?

Regards

MAhesh

mahesh18 · ‎07-30-2013

Hi Julio,

When i do

ASA1# sh run class-map _default_GoToMyPC-tunnel

!

ASA1#

Can you tell why the class-map output is empty?

Thanks

Mahesh

Julio Carvajal · ‎07-30-2013

Hello,

Well it does not look like you add it a match statement,

Did you?

Can you share show run class-map type inspect _default_GoToMyPC-tunnel

For Networking Posts check my blog at http://www.laguiadelnetworking.com/category/english/

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

mahesh18 · ‎07-31-2013

Hi julio,

I tried below commands but seems it does not work

ASA1# show run class-map type inspect _default_GoToMyPC-tunnel

^

ERROR: % Invalid input detected at '^' marker.

ASA1# show run class-map type inspect ?

dns Configure a class-map of type DNS

ftp Configure a class-map of type FTP

h323 Configure a class-map of type H323

http Configure a class-map of type HTTP

im Configure a class-map of type IM

rtsp Configure a class-map of type RTSP

scansafe Configure a class-map of type SCANSAFE

sip Configure a class-map of type SIP

ASA1# show run class-map type inspect default_GoToMyPC-tunnel

^

ERROR: % Invalid input detected at '^' marker.

ASA1# show run class-map type inspect_default_GoToMyPC-tunnel

^

ERROR: % Invalid input detected at '^' marker.

ASA1#

Thanks

Mahesh

Julio Carvajal · ‎07-31-2013

Hello,

I missed the HTTP

show run class-map type inspect http _default_GoToMyPC-tunnel

Check my blog at http:laguiadelnetworking.com for further information.

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

mahesh18 · ‎07-31-2013

Hi Julio,

Its here

ASA1# show run class-map type inspect http _default_GoToMyPC-tunnel

!

ASA1#

Julio Carvajal · ‎08-01-2013

Hello Mahesh,

It's basically null,

You are not maching anything. so nothing will get dropped

Check my blog at http:laguiadelnetworking.com for further information.

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

mahesh18 · ‎08-01-2013

Thanks Julio,

Regards

Mahesh