Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
360
Views
0
Helpful
5
Replies

ASA 5500X Global/Default Policy

Matthew
Level 1
Level 1

‎09-16-2014 11:39 AM - edited ‎03-11-2019 09:45 PM

I've set up several ASA's in the past and I always see the global policy is in place by default but when setting up a new 5525x I noticed there is no global policy by default. When did this change?

Labels:
0 Helpful
5 Replies 5

Marius Gunnerud
VIP
VIP

‎09-16-2014 11:58 AM

if you issue the show run all policy or just show run all do you see the global policy then?

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Matthew
Level 1
Level 1
In response to Marius Gunnerud

‎09-16-2014 12:03 PM

Listed below is what I am seeing. I added ICMP and ICMP error for troubleshooting purposes in the future.

 

!
policy-map type inspect rtsp _default_rtsp_map
 description Default RTSP policymap
 parameters
policy-map type inspect h323 _default_h323_map
 description Default H.323 policymap
 parameters
  no rtp-conformance
policy-map outside-policy
 class sec_sccp
  inspect skinny phone-proxy gtri_phone_proxy
 class sec_sip
  inspect sip phone-proxy gtri_phone_proxy
 class cucum_tftp
  police input 192000 1500
  police output 192000 1500
 class class-default
policy-map type inspect sip _default_sip_map
 description Default SIP policymap
 parameters
  im
  no ip-address-privacy
  traffic-non-sip
  no rtp-conformance
policy-map global-policy
 class global-class
  inspect icmp
  inspect icmp error
 class class-default
policy-map type inspect dns _default_dns_map
 description Default DNS policy-map
 parameters
  no message-length maximum client
  no message-length maximum
  no message-length maximum server
  dns-guard
  protocol-enforcement
  nat-rewrite
  no id-randomization
  no id-mismatch
  no tsig enforced
policy-map type inspect ipsec-pass-thru _default_ipsec_passthru_map
 description Default IPSEC-PASS-THRU policy-map
 parameters
  esp per-client-max 0 timeout 0:10:00
policy-map type inspect esmtp _default_esmtp_map
 description Default ESMTP policy-map
 parameters
  mask-banner
  no mail-relay
  no special-character
  no allow-tls
 match cmd line length gt 512
  drop-connection log
 match cmd RCPT count gt 100
  drop-connection log
 match body line length gt 998
  log
 match header line length gt 998
  drop-connection log
 match sender-address length gt 320
  drop-connection log
 match MIME filename length gt 255
  drop-connection log
 match ehlo-reply-parameter others
  mask
policy-map type inspect ip-options _default_ip_options_map
 description Default IP-OPTIONS policy-map
 parameters
  router-alert action allow

 

0 Helpful

Marius Gunnerud
VIP
VIP
In response to Matthew

‎09-16-2014 12:31 PM

Hmmm. Is this a brand new shipped from Cisco ASA? or refurbished?  I am really uncertain if it has been removed or not...

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Matthew
Level 1
Level 1
In response to Marius Gunnerud

‎09-16-2014 12:34 PM

These are brand new. Seemed a little strange to me but I am just going to add in the default policy manually.

0 Helpful

Marius Gunnerud
VIP
VIP
In response to Matthew

‎09-17-2014 12:09 AM

It has been a little while since I have had hands on with an ASA5500-X so I can't remember if the default policy was missing there also.  Perhaps someone else knows if it has been removed or not.

Sorry I can't be of much more help

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card