Asa inspection questions

Mary Poppins · ‎07-27-2013

Hi Everybody,

In asa 5505 there is a default dns ispection rule, like this:

policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512

If I know right, the inspection check the data flows whether it is suitable for the rfc-s and other rules.

I would like to ask if I make my own inspection policy, or I added class-maps and actions for the above preset_dns_map, the original inspection behavior (which is check dataflow against the rfc-s) is still available, is it?

My second question: suppose there are more class-map in a policy-map type inspect

policy-map type inspect ftp ftp

class ftp3

log

class ftp2

log

class ftp1

log

if I add parameters for this 'policy-map type inspect ftp ftp', do the parameters concern all the classes (in a different way the parameters refer to the whole policy-map) ?

thank you

Julio Carvajal · ‎07-27-2013

Hello Mary Poppins

Yes, it's still available in fact if you want to get the defaul MPF you do the command " clear configure fixup"

Second question:

Each of the layer 7 you set into the DPI policy will have it's own action (you decide it to be the same but it could be unique)

For Networking Posts check my blog at http://www.laguiadelnetworking.com/category/english/

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Mary Poppins · ‎07-29-2013

thank you for the answre

for the second question: the question itself is not the actions, rather the parameters. For example:

policy-map type inspect ftp ftp

class ftp1

log

class ftp2

log

parameters

So in this case, the parameters modify the behavior of the whole ftp (ftp1-2) inspection, am I right?

or is it possible a configuration lke this? :

policy-map type inspect ftp ftp

class ftp1

log

parameters

class ftp2

log

parameters

Sorry if it is obvious, I'm not a pro