Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2166
Views
0
Helpful
6
Replies

ASA 5520 Inspection_Default missing

Steve Babcock
Level 1
Level 1

‎04-24-2020 07:00 AM

my ASA 5520 (9.1(7) 32) was reset to defaults

In ASDM, there were no Service Policies (class-map and inspection_default) so I tried to create them with the following

I now have a global-policy and class-default but no inspection_default

 

Not sure what's missing ?

 

This is what that portion of the config looks like

 

class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
policy-map global-policy
class class-default
user-statistics accounting
!
service-policy global-policy global

0 Helpful
6 Replies 6

Sheraz.Salim
VIP
VIP

‎04-24-2020 07:09 AM - edited ‎04-24-2020 07:10 AM

Your config look okay to me.

This is the config i have in my firewall as out of box. you good your config look good. what you want to achieve?

!

policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect icmp error
policy-map type inspect dns migrated_dns_map_2
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection

please do not forget to rate.
0 Helpful

Steve Babcock
Level 1
Level 1
In response to Sheraz.Salim

‎04-24-2020 07:24 AM

ASDM does not show the inspection_default in the Service Policy Rules

only Global; Policy:global-policy

class-default

 

There should be an inspection_default listed there too

 

0 Helpful

Sheraz.Salim
VIP
VIP
In response to Steve Babcock

‎04-24-2020 07:46 AM - edited ‎04-24-2020 07:48 AM

Is this what you mean

traffic.PNG

 

 

traffic2.PNG

please do not forget to rate.
0 Helpful

Steve Babcock
Level 1
Level 1
In response to Sheraz.Salim

‎04-24-2020 07:51 AM

exactly !! :-)

Not sure why it's not there

0 Helpful

Sheraz.Salim
VIP
VIP
In response to Steve Babcock

‎04-24-2020 09:36 AM

ASDM-->Configuration-->Firewall-->Service Policy Rules-->Globale;Policy:golabl_policy-->under here double click "inspection_default" a popup will come up with name "Edit Service Policy Rule" click "Traffic Classification" and check Default Inspection Traffic.

traffic1.PNG

 

taffic2.PNG

 

traffic3.PNG

 

 

please do not forget to rate.
0 Helpful

Steve Babcock
Level 1
Level 1
In response to Sheraz.Salim

‎04-24-2020 11:32 AM

Inspection_Default is not showing in the list

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card