Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
463
Views
0
Helpful
2
Replies

PIX v7 application inspection, class-maps, and ACL's

sgoldman
Level 1
Level 1

‎02-15-2006 11:28 AM - edited ‎02-21-2020 12:42 AM

What's the relationship between inbound interface acl's and application inspection?

Do the acl's get processed before the class-map statement creates the traffic class for the inspect command?

0 Helpful
2 Replies 2

varakantam
Level 1
Level 1

‎02-15-2006 12:06 PM

a) ACL's are processed before anything else, so that mean even before Class commands

b) Class commands coupled with service-policy command to do extended deep inspection

a) Use class-map to identify traffic

b) Use it in policy-map to apply inspection

c) apply to an interface to make it effective

0 Helpful

sgoldman
Level 1
Level 1
In response to varakantam

‎02-16-2006 07:44 AM

Thanks so much for your answer. It makes sense and is in line with some documentation I saw regarding routers and CBAC. I couldn't find anything explicit for the PIX, though.

There's just one more thing that, perhaps, you could confirm for me. I assume that you only have to permit the base protocol port, such as, 5060 for sip. Then the inspection engine dynamically adds the appropriate pinholes to the inbound acl to permit the media streams. Is that correct?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card