Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 311

    Page 311 11-37 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols HTTP Inspection Method—Specifies to match on a request method: bcopy, bdelete, bmove, bpropfind, bproppatch, connect, copy, delete, edit, get, getattribute, getattributenames, getproperties, head, index, lock, mkcol, mkdir, move, notify, options, poll, post, propfind, proppatch, put, revadd, revlabel, revlog, revnum, save, search, setattribute, startrev, stoprev, subscribe,... 
     
11-37
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  HTTP Inspection
Method—Specifies to match on a request method: bcopy, bdelete, bmove, bpropfind, 
bproppatch, connect, copy, delete, edit, get, getattribute, getattributenames, getproperties, head, 
index, lock, mkcol, mkdir, move, notify, options, poll, post, propfind, proppatch, put, revadd, 
revlabel, revlog, revnum, save, search, setattribute, startrev, stoprev, subscribe,...

    Page 312

    Page 312 11-38 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols HTTP Inspection Regular Expression—Lists the defined regular expressions to match. Manage—Opens the Manage Regular Expressions dialog box, which lets you configure regular expressions. Greater Than Count—Enter the maximum number of header fields. –Response Header Field Length—Applies the regular expression match to the header of the response with field length greater than... 
     
11-38
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  HTTP Inspection
Regular Expression—Lists the defined regular expressions to match.
Manage—Opens the Manage Regular Expressions dialog box, which lets you configure regular 
expressions.
Greater Than Count—Enter the maximum number of header fields.
–Response Header Field Length—Applies the regular expression match to the header of the 
response with field length greater than...

    Page 313

    Page 313 11-39 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols ICMP Inspection –H323 Traffic Class—Specifies the HTTP traffic class match. –Manage—Opens the Manage HTTP Class Maps dialog box to add, edit, or delete HTTP Class Maps. Action—Drop connection, reset, or log. Log—Enable or disable. ICMP Inspection The ICMP inspection engine allows ICMP traffic to have a “session” so it can be inspected like TCP and UDP traffic. Without the... 
     
11-39
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  ICMP Inspection
–H323 Traffic Class—Specifies the HTTP traffic class match.
–Manage—Opens the Manage HTTP Class Maps dialog box to add, edit, or delete HTTP Class 
Maps.
Action—Drop connection, reset, or log.
Log—Enable or disable.
ICMP Inspection
The ICMP inspection engine allows ICMP traffic to have a “session” so it can be inspected like TCP and 
UDP traffic. Without the...

    Page 314

    Page 314 11-40 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols Instant Messaging Inspection IM Inspection Overview The IM inspect engine lets you apply fine grained controls on the IM application to control the network usage and stop leakage of confidential data, propagation of worms, and other threats to the corporate network. Adding a Class Map for IM Inspection Use the Add Service Policy Rule Wizard - Rule Actions dialog box to... 
     
11-40
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  Instant Messaging Inspection
IM Inspection Overview
The IM inspect engine lets you apply fine grained controls on the IM application to control the network 
usage and stop leakage of confidential data, propagation of worms, and other threats to the corporate 
network. 
Adding a Class Map for IM Inspection
Use the Add Service Policy Rule Wizard - Rule Actions dialog box to...

    Page 315

    Page 315 11-41 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols IP Options Inspection Source IP Address—Select to match the source IP address of the IM message. In the Value fields, enter the IP address and netmask of the message source. Destination IP Address—Select to match the destination IP address of the IM message. In the Value fields, enter the IP address and netmask of the message destination. Filename—Select to match the... 
     
11-41
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  IP Options Inspection
Source IP Address—Select to match the source IP address of the IM message. In the Value fields, 
enter the IP address and netmask of the message source.
Destination IP Address—Select to match the destination IP address of the IM message. In the Value 
fields, enter the IP address and netmask of the message destination. 
Filename—Select to match the...

    Page 316

    Page 316 11-42 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols IP Options Inspection End of Options List (EOOL) or IP Option 0—This option, which contains just a single zero byte, appears at the end of all options to mark the end of a list of options. This might not coincide with the end of the header according to the header length. No Operation (NOP) or IP Option 1—The Options field in the IP header can contain zero, one, or more... 
     
11-42
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  IP Options Inspection
End of Options List (EOOL) or IP Option 0—This option, which contains just a single zero byte, 
appears at the end of all options to mark the end of a list of options. This might not coincide with 
the end of the header according to the header length. 
No Operation (NOP) or IP Option 1—The Options field in the IP header can contain zero, one, or 
more...

    Page 317

    Page 317 11-43 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols IP Options Inspection Click the Use the default IP-Options inspection map radio button to use the default IP Options map. The default map drops packets containing all the inspected IP options, namely End of Options List (EOOL), No Operation (NOP), and Router Alert (RTRALT). Click the Select an IP-Options inspect map for fine control over inspection radio button to select a... 
     
11-43
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  IP Options Inspection
Click the Use the default IP-Options inspection map radio button to use the default IP Options 
map. The default map drops packets containing all the inspected IP options, namely End of Options 
List (EOOL), No Operation (NOP), and Router Alert (RTRALT).
Click the Select an IP-Options inspect map for fine control over inspection radio button to select 
a...

    Page 318

    Page 318 11-44 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols IP Options Inspection The Select IP-Options Inspect Map dialog box lets you select or create a new IP Options inspection map. Use this inspection map to control whether the ASA drops, passes, or clears IP packets containing the following IP options—End of Options List, No Operations, and Router Alert. Fields Use the default IP-Options inspection map—Specifies to use the... 
     
11-44
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  IP Options Inspection
The Select IP-Options Inspect Map dialog box lets you select or create a new IP Options inspection map. Use this 
inspection map to control whether the ASA drops, passes, or clears IP packets containing the following IP 
options—End of Options List, No Operations, and Router Alert. 
Fields
Use the default IP-Options inspection map—Specifies to use the...

    Page 319

    Page 319 11-45 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols IPsec Pass Through Inspection –Allow packets with the No Operation (NOP) option The Options field in the IP header can contain zero, one, or more options, which makes the total length of the field variable. However, the IP header must be a multiple of 32 bits. If the number of bits of all options is not a multiple of 32 bits, the NOP option is used as “internal padding” to... 
     
11-45
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  IPsec Pass Through Inspection
–Allow packets with the No Operation (NOP) option
The Options field in the IP header can contain zero, one, or more options, which makes the total 
length of the field variable. However, the IP header must be a multiple of 32 bits. If the number of 
bits of all options is not a multiple of 32 bits, the NOP option is used as “internal padding” to...

    Page 320

    Page 320 11-46 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols IPsec Pass Through Inspection Select IPsec-Pass-Thru Map The Select IPsec-Pass-Thru Map dialog box is accessible as follows: Add/Edit Service Policy Rule Wizard > Rule Actions > Protocol Inspection Tab > Select IPsec-Pass-Thru Map The Select IPsec-Pass-Thru dialog box lets you select or create a new IPsec map. An IPsec map lets you change the configuration values used for... 
     
11-46
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  IPsec Pass Through Inspection
Select IPsec-Pass-Thru Map
The Select IPsec-Pass-Thru Map dialog box is accessible as follows:
Add/Edit Service Policy Rule Wizard > Rule Actions > Protocol Inspection Tab > 
Select IPsec-Pass-Thru Map
The Select IPsec-Pass-Thru dialog box lets you select or create a new IPsec map. An IPsec map lets you 
change the configuration values used for...
    Start reading Cisco Asdm 7 User Guide
    All Cisco manuals