Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA Inspection with IPsec

Hello,

I wanted to verify that IPsec traffic terminating on an ASA will be Inspected.

I am trying to inspect all SSH traffic that traverses my ASA. The inspection should change the TCP timeout from the default value to 48 hours. I want to make sure that both IPsec and non-ipsec traffic is inspected. Will the following config work?:

access-list cmap-ssh extended permit tcp any any eq ssh

!

class-map match-ssh

match access-list cmap-ssh

!

policy-map global_policy

class match-ssh

set connection timeout tcp 48:00:00

!

service-policy global_policy global

Thanks!!!

Lee

1 REPLY

Re: ASA Inspection with IPsec

..

194
Views
0
Helpful
1
Replies
CreatePlease login to create content