Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6388
Views
5
Helpful
3
Replies

No class inspection_default on 5505?

Colin Higgins
Level 2
Level 2

‎05-10-2012 07:13 AM - edited ‎03-11-2019 04:05 PM

I was under the impression that all Cisco ASA firewalls shipped with a default inspection policy.

Example

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect ip-options

  inspect http

  inspect ipsec-pass-thru

However, looking at a 5505 I have here, there is NO default inspection policy defined. If I try to add

policy-map global_policy

class inspection_default

It tells me there is no class inspection_default

can I build this myself? Why is it missing (I have two other ASA 5505s here that also do not have it). What would I do to rebuild it?

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Colin Higgins
Level 2
Level 2

‎05-10-2012 07:47 AM

Ah, nevermind: figured out what the issue was

you need the

class-map inspection_default
 match default-inspection-traffic
0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to Colin Higgins

‎05-10-2012 08:55 AM

Hello Collin,

When there is no inspection default, you can also add "Clear config fixup" and the default policy will appear.

Mike

Mike

ziggitarrius
Level 1
Level 1

‎04-23-2014 12:16 PM

clear config fixup is a nifty trick.

 

Thank you!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card