Cisco Systems ASA 5580 Manual De Usuario

See the 

.

You use Modular Policy Framework commands to configure the ASA to divert traffic to the CSC SSM. 

Before configuring the ASA to divert traffic to the CSC SSM, see 

 which introduces Modular Policy Framework concepts 

and common commands.

To configure the ASA to divert traffic to the CSC SSM, perform the following steps:

ciscoasa(config)# access-list extended

Creates an ACL that matches the traffic you want 
scanned by the CSC SSM. Create as many ACEs as 
are needed to match all the traffic. For example, to 
specify FTP, HTTP/HTTPS, POP3, and SMTP 
traffic, you need four ACEs. For guidance on 
identifying the traffic that you want to scan, see the 

.

ciscoasa(config)# class-map class_map_name

Creates a class map to identify the traffic that should 
be diverted to the CSC SSM. The class_map_name 
argument is the name of the traffic class. When you 
enter the class-map command, the CLI enters class 
map configuration mode.

ciscoasa(config-cmap)# match access-list acl-name

Identifies the traffic to be scanned with the ACL that 
you created in Step 1. The acl-name argument is the 
name of the ACL. 

ciscoasa(config-cmap)# policy-map policy_map_name

Creates a policy map or modify an existing policy 
map that you want to use to send traffic to the CSC 
SSM. The policy_map_name argument is the name 
of the policy map. When you enter the policy-map 
command, the CLI enters policy map configuration 
mode.

 class_map_name

ciscoasa(config-pmap)# class class_map_name

Specifies the class map, created in Step 2, that 
identifies the traffic to be scanned. The 
class_map_name argument is the name of the class 
map that you created in Step 2. The CLI enters the 
policy map class configuration mode.