Solved: Default Class-default Inspection

James Davies · ‎10-02-2015

Hi There,

On my ASA, I was looking at how inspection works, as Im not clear. I understand what it now does, but when I look at my running config, the section for policy-map global-policy looks like this:

policy-map global_policy
policy-map global-policy
class class-default
user-statistics accounting

and nothing else? souldnt there be a list of the default inspection protocols? ftp, http etc?

and I notice the policy-map line is there twice?

Rishabh Seth · ‎10-02-2015

Hi James,

To perform inspection you basically select traffic (using ACL and class-map) based on your requirement.

Once you filter traffic you decide what inspections should be applied on the selected traffic (using policy-map).

At the end when you have coupled inspection with selected traffic then you apply this policy-map on an interface or at global level.

The show policy-map will list all the policy maps that you create. ASA has certain inspections enabled by default but that can removed or added.

In your configuration you have deleted contents of default policy-map "global_policy" and created another policy map "global-policy" with class class-default
user-statistics accounting.

The lines in show run policy-map output are not same, you can see the " - " (dash) and " _ " (underscore) in the name.

Hope it helps!!!

Thanks,

R.Seth

Don't forget to mark the answer as correct if it helps in resolving your query!!!

View solution in original post

Rishabh Seth · ‎10-02-2015

Hi James,

To perform inspection you basically select traffic (using ACL and class-map) based on your requirement.

Once you filter traffic you decide what inspections should be applied on the selected traffic (using policy-map).

At the end when you have coupled inspection with selected traffic then you apply this policy-map on an interface or at global level.

The show policy-map will list all the policy maps that you create. ASA has certain inspections enabled by default but that can removed or added.

In your configuration you have deleted contents of default policy-map "global_policy" and created another policy map "global-policy" with class class-default
user-statistics accounting.

The lines in show run policy-map output are not same, you can see the " - " (dash) and " _ " (underscore) in the name.

Hope it helps!!!

Thanks,

R.Seth

Don't forget to mark the answer as correct if it helps in resolving your query!!!

James Davies · ‎10-02-2015

I didnt even notice that! thanks ;) how do I put this back? can I just delete the one I added by mistake by doing "no policy-map global-policy"

Rishabh Seth · ‎10-02-2015

Yes you can delete the policy map using no policy-map <policy- name>. Only the default policy map cannot be deleted.

You can add the inspection to the default-policy. I have a sample output:

policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
class class-default
user-statistics accounting

>> You can add or remove inspection based on your requirement.

Thanks,

R.Seth

James Davies · ‎10-02-2015

Im getting this when I try and remove my one that I created by accident

ERROR: policy-map global-policy is being used and hence cannot be removed.

James Davies · ‎10-02-2015

Got it!

Thanks very much.

no service-policy global-policy global

policy-map global-policy

no class class-default