Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 331

    Page 331 11-57 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols SMTP and Extended SMTP Inspection –Action—Shows the action if the match condition is met. –Log—Shows the log state. –Add—Opens the Add ESMTP Inspect dialog box to add an ESMTP inspection. –Edit—Opens the Edit ESMTP Inspect dialog box to edit an ESMTP inspection. –Delete—Deletes an ESMTP inspection. –Move Up—Moves an inspection up in the list. –Move Down—Moves an inspection... 
     
11-57
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  SMTP and Extended SMTP Inspection
–Action—Shows the action if the match condition is met.
–Log—Shows the log state.
–Add—Opens the Add ESMTP Inspect dialog box to add an ESMTP inspection.
–Edit—Opens the Edit ESMTP Inspect dialog box to edit an ESMTP inspection.
–Delete—Deletes an ESMTP inspection.
–Move Up—Moves an inspection up in the list.
–Move Down—Moves an inspection...

    Page 332

    Page 332 11-58 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols SMTP and Extended SMTP Inspection Body Line Length Criterion Values—Specifies the value details for body line length match. –Greater Than Length—Body line length in bytes. –Action—Reset, drop connection, log. –Log—Enable or disable. Commands Criterion Values—Specifies the value details for command match. –Available Commands Table: AU T H DATA EHLO ETRN HELO HELP MAIL NOOP... 
     
11-58
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  SMTP and Extended SMTP Inspection
Body Line Length Criterion Values—Specifies the value details for body line length match.
–Greater Than Length—Body line length in bytes.
–Action—Reset, drop connection, log.
–Log—Enable or disable.
Commands Criterion Values—Specifies the value details for command match.
–Available Commands Table:
AU T H
DATA
EHLO
ETRN
HELO
HELP
MAIL
NOOP...

    Page 333

    Page 333 11-59 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols SMTP and Extended SMTP Inspection 8bitmime auth binarymime checkpoint dsn ecode etrn others pipelining size vrfy –Add—Adds the selected parameter from the Available Parameters table to the Selected Parameters table. –Remove—Removes the selected command from the Selected Commands table. –Action—Reset, Drop Connection, Mask, Log. –Log—Enable or disable. Header Length Criterion... 
     
11-59
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  SMTP and Extended SMTP Inspection
8bitmime
auth
binarymime
checkpoint
dsn
ecode
etrn
others
pipelining
size
vrfy
–Add—Adds the selected parameter from the Available Parameters table to the Selected 
Parameters table.
–Remove—Removes the selected command from the Selected Commands table.
–Action—Reset, Drop Connection, Mask, Log.
–Log—Enable or disable.
Header Length Criterion...

    Page 334

    Page 334 11-60 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols TFTP Inspection MIME Filename Length Criterion Values—Specifies the value details for MIME filename length match. –Greater Than Length—MIME filename length in bytes. –Action—Reset, Drop Connection, Log. –Log—Enable or disable. MIME Encoding Criterion Values—Specifies the value details for MIME encoding match. –Available Encodings table 7bit 8bit base64 binary others... 
     
11-60
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  TFTP Inspection
MIME Filename Length Criterion Values—Specifies the value details for MIME filename length 
match.
–Greater Than Length—MIME filename length in bytes.
–Action—Reset, Drop Connection, Log.
–Log—Enable or disable.
MIME Encoding Criterion Values—Specifies the value details for MIME encoding match.
–Available Encodings table
7bit
8bit
base64
binary
others...

    Page 335

    Page 335 11-61 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols TFTP Inspection The ASA inspects TFTP traffic and dynamically creates connections and translations, if necessary, to permit file transfer between a TFTP client and server. Specifically, the inspection engine inspects TFTP read request (RRQ), write request (WRQ), and error notification (ERROR). A dynamic secondary channel and a PAT translation, if necessary, are allocated on... 
     
11-61
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  TFTP Inspection
The ASA inspects TFTP traffic and dynamically creates connections and translations, if necessary, to 
permit file transfer between a TFTP client and server. Specifically, the inspection engine inspects TFTP 
read request (RRQ), write request (WRQ), and error notification (ERROR).
A dynamic secondary channel and a PAT translation, if necessary, are allocated on...

    Page 336

    Page 336 11-62 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 11 Configuring Inspection of Basic Internet Protocols TFTP Inspection 
     
11-62
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 11      Configuring Inspection of Basic Internet Protocols
  TFTP Inspection

    Page 337

    Page 337 CH A P T E R 12-1 Cisco ASA Series Firewall ASDM Configuration Guide 12 Configuring Inspection for Voice and Video Protocols This chapter describes how to configure application layer protocol inspection. Inspection engines are required for services that embed IP addressing information in the user data packet or that open secondary channels on dynamically assigned ports. These protocols require the ASA to do a deep packet inspection instead of passing the packet through the fast path. As a result,... 
    CH A P T E R
 
12-1
Cisco ASA Series Firewall ASDM Configuration Guide
 
12
Configuring Inspection for Voice and Video 
Protocols
This chapter describes how to configure application layer protocol inspection. Inspection engines are 
required for services that embed IP addressing information in the user data packet or that open secondary 
channels on dynamically assigned ports. These protocols require the ASA to do a deep packet inspection 
instead of passing the packet through the fast path. As a result,...

    Page 338

    Page 338 12-2 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 12 Configuring Inspection for Voice and Video Protocols H.323 Inspection Limitations and Restrictions The following summarizes limitations that apply when using CTIQBE application inspection: CTIQBE application inspection does not support configurations with the alias command. Stateful failover of CTIQBE calls is not supported. Debugging CTIQBE inspection may delay message transmission, which may have a performance impact in a... 
     
12-2
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 12      Configuring Inspection for Voice and Video Protocols
  H.323 Inspection
Limitations and Restrictions
The following summarizes limitations that apply when using CTIQBE application inspection:
CTIQBE application inspection does not support configurations with the alias command.
Stateful failover of CTIQBE calls is not supported.
Debugging CTIQBE inspection may delay message transmission, which may have a performance 
impact in a...

    Page 339

    Page 339 12-3 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 12 Configuring Inspection for Voice and Video Protocols H.323 Inspection H.323 Inspection Overview H.323 inspection provides support for H.323 compliant applications such as Cisco CallManager and VocalTec Gatekeeper. H.323 is a suite of protocols defined by the International Telecommunication Union for multimedia conferences over LANs. The ASA supports H.323 through Version 6, including H.323 v3 feature Multiple Calls on One... 
     
12-3
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 12      Configuring Inspection for Voice and Video Protocols
  H.323 Inspection
H.323 Inspection Overview
H.323 inspection provides support for H.323 compliant applications such as Cisco CallManager and 
VocalTec Gatekeeper. H.323 is a suite of protocols defined by the International Telecommunication 
Union for multimedia conferences over LANs. The ASA supports H.323 through Version 6, including 
H.323 v3 feature Multiple Calls on One...

    Page 340

    Page 340 12-4 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 12 Configuring Inspection for Voice and Video Protocols H.323 Inspection After inspecting the H.225 messages, the ASA opens the H.245 channel and then inspects traffic sent over the H.245 channel as well. All H.245 messages passing through the ASA undergo H.245 application inspection, which translates embedded IP addresses and opens the media channels negotiated in H.245 messages. The H.323 ITU standard requires that a TPKT... 
     
12-4
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 12      Configuring Inspection for Voice and Video Protocols
  H.323 Inspection
After inspecting the H.225 messages, the ASA opens the H.245 channel and then inspects traffic sent 
over the H.245 channel as well. All H.245 messages passing through the ASA undergo H.245 application 
inspection, which translates embedded IP addresses and opens the media channels negotiated in H.245 
messages.
The H.323 ITU standard requires that a TPKT...
    Start reading Cisco Asdm 7 User Guide
    All Cisco manuals