Hello,
I wanted to verify that IPsec traffic terminating on an ASA will be Inspected.
I am trying to inspect all SSH traffic that traverses my ASA. The inspection should change the TCP timeout from the default value to 48 hours. I want to make sure that both IPsec and non-ipsec traffic is inspected. Will the following config work?:
access-list cmap-ssh extended permit tcp any any eq ssh
!
class-map match-ssh
match access-list cmap-ssh
!
policy-map global_policy
class match-ssh
set connection timeout tcp 48:00:00
!
service-policy global_policy global
Thanks!!!
Lee