11-23-2015 10:35 AM - edited 03-11-2019 11:56 PM
Hi All,
what about inspection,suppose we made two policy and apply on the same interface .
Q.A)one of two policy will work?
access-list 101 permit ip host 1.1.1.1 host 2.2.2.2
class-map drop_class
match access-list 101
policy-map drop_policy
class drop_class
drop
access-list 101 permit ip host 1.1.1.1 host 2.2.2.2
class-map drop_class
match access-list 101
policy-map drop_policy
class drop_class
inspect
Regards
Arshad Ayub
Solved! Go to Solution.
11-23-2015 10:44 AM
Hi Arshad,
As per my understanding the ASA should evaluate the service policy in top to down fashion and stop evaluation after hitting the matching rule.
You can also use show service policy flowcommand to check the service policy that will be evaluated for specific traffic.
Refer this link for syntax: http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/S/cmdref3/s12.html#pgfId-1336197
Hope it helps.
Thanks,
Rishabh Seth
11-23-2015 10:44 AM
Hi Arshad,
As per my understanding the ASA should evaluate the service policy in top to down fashion and stop evaluation after hitting the matching rule.
You can also use show service policy flowcommand to check the service policy that will be evaluated for specific traffic.
Refer this link for syntax: http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/S/cmdref3/s12.html#pgfId-1336197
Hope it helps.
Thanks,
Rishabh Seth
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide