asa5520-Version 8.4(2)- show service-policy is empty

CSCO11932132 · ‎10-15-2013

hello everyone.

I study cisco by GNS3 soft

when i show service-policy，it's empty

asa5520-Version 8.4(2)- show service-policy is empty，why？

ciscoasa# show service-policy

ciscoasa#

ciscoasa# show service-policy global

ciscoasa#

ciscoasa# show run

: Saved

:

ASA Version 8.4(2)

!

hostname ciscoasa

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface GigabitEthernet0

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet1

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet2

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet3

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet4

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet5

shutdown

no nameif

no security-level

no ip address

!

ftp mode passive

pager lines 24

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

telnet timeout 5

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

!

prompt hostname context

call-home

profile CiscoTAC-1

no active

destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

destination address email callhome@cisco.com

destination transport-method http

subscribe-to-alert-group diagnostic

subscribe-to-alert-group environment

subscribe-to-alert-group inventory periodic monthly

subscribe-to-alert-group configuration periodic monthly

subscribe-to-alert-group telemetry periodic daily

crashinfo save disable

Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e

: end

Patrick Moubarak · ‎10-17-2013

I have the same issue; I think it is GNS.

You can restore the default policy from the CLI config guide:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/inspect_overview.html#wp1536127

The default policy configuration includes the following commands:

class-map inspection_default

 match default-inspection-traffic

policy-map type inspect dns preset_dns_map

 parameters

message-length maximum client auto

message-length maximum 512

dns-guard

protocol-enforcement

nat-rewrite

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225 _default_h323_map

  inspect h323 ras _default_h323_map

  inspect ip-options _default_ip_options_map

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny

  inspect esmtp _default_esmtp_map

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip

  inspect xdmcp

Patrick

juantron · ‎10-20-2018

The complete commands are:

class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global