1 Reply Latest reply: Mar 5, 2011 5:20 AM by Paul Stewart - CCIE Security RSS

    ASA default inspection

    vikram parmar

      Hi  All,

        Does an ASA inspect all TCP/UDP by default and only for ICMP we need to add the inspection rule? Or it just inspects the protocols listed in the defualt inspection list here. I'm pretty sure it inspects http,rdp etc,. which is not here in this list. So what does this list actually indicate. Also, the inspect-dns policy map...does it only inspect dns packets less than 512B?

      Also what do we mean by "default-inspection-traffic" ?



      class-map inspection_default
      match default-inspection-traffic
      policy-map type inspect dns preset_dns_map
        message-length maximum 512
      policy-map global_policy
      class inspection_default
        inspect dns preset_dns_map
        inspect ftp
        inspect h323 h225
        inspect h323 ras
        inspect rsh
        inspect rtsp
        inspect esmtp
        inspect sqlnet
        inspect skinny
        inspect sunrpc
        inspect xdmcp
        inspect sip
        inspect netbios
        inspect tftp
      service-policy global_policy global