Cisco Systems ASA 5585-X Manual De Usuario

The following example drops all IPv6 traffic with the hop-by-hop, destination-option, routing-address, 
and routing type 0 headers:

policy-map type inspect ipv6 ipv6-pm

 parameters

 match header hop-by-hop

  drop

 match header destination-option

  drop

 match header routing-address count gt 0

  drop

 match header routing-type eq 0

  drop

policy-map global_policy

 class class-default

  inspect ipv6 ipv6-pm

!

service-policy global_policy global

This section describes the IM inspection engine. This section includes the following topics:

NetBIOS inspection is enabled by default. The NetBios inspection engine translates IP addresses in the 
NetBios name service (NBNS) packets according to the ASA NAT configuration.

To specify actions when a message violates a parameter, create a NETBIOS inspection policy map. You 
can then apply the inspection policy map when you enable NETBIOS inspection.

To create a NETBIOS inspection policy map, perform the following steps:

(Optional) Add one or more regular expressions for use in traffic matching commands according to the 
general operations configuration guide. See the types of text you can match in the match commands 
described in 

(Optional) Create one or more regular expression class maps to group regular expressions according to 
the general operations configuration guide.

Create a NetBIOS inspection policy map, enter the following command:

ciscoasa(config)# policy-map type inspect netbios policy_map_name

ciscoasa(config-pmap)# 

Where the policy_map_name is the name of the policy map. The CLI enters policy-map configuration 
mode.