Cisco Systems ASA 5585-X Manual De Usuario

There are other default inspection policy maps such as _default_esmtp_map. For example, inspect 
esmtp implicitly uses the policy map “_default_esmtp_map.” All the default policy maps can be shown 
by using the show running-config all policy-map command.

When you enable an inspection engine in the Layer 3/4 policy map, you can also optionally enable 
actions as defined in an inspection policy map.

(Optional)

Create an inspection class map.

See the 

.

Alternatively, you can identify the traffic directly within the 
policy map.

(Optional)

Create a regular expression.

For policy map types that support regular expressions, see the 
general operations configuration guide.

application 

ciscoasa(config)# policy-map type inspect 

http http_policy

Creates the inspection policy map. See the 

list of applications that support inspection policy maps.

The policy_map_name argument is the name of the policy map up 
to 40 characters in length. All types of policy maps use the same 
name space, so you cannot reuse a name already used by another 
type of policy map. The CLI enters policy-map configuration 
mode.

Specify the traffic on which you want to perform actions using one of the following methods:

 class_map_name

ciscoasa(config-pmap)# class http_traffic

ciscoasa(config-pmap-c)# 

Specifies the inspection class map that you created in the 

.

Not all applications support inspection class maps.

Specify traffic directly in the policy map using 
one of the match commands described for each 
application in the inspection chapter.

ciscoasa(config-pmap)# match req-resp 

content-type mismatch

ciscoasa(config-pmap-c)# 

If you use a match not command, then any traffic that matches the 
criterion in the match not command does not have the action 
applied.

For policy map types that support regular expressions, see the 
general operations configuration guide.