Cisco Systems and the ASA Services Module Manual De Usuario
1-21
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 1 Configuring a Service Policy Using the Modular Policy Framework
Configuration Examples for Modular Policy Framework
ciscoasa(config)# service-policy policy_serverB interface inside
ciscoasa(config)# service-policy policy_serverA interface outside
Applying Inspection to HTTP Traffic with NAT
In this example, the Host on the inside network has two addresses: one is the real IP address 192.168.1.1,
and the other is a mapped IP address used on the outside network, 209.165.200.225. You must use the
real IP address in the ACL in the class map. If you applied it to the outside interface, you would also use
the real address.
and the other is a mapped IP address used on the outside network, 209.165.200.225. You must use the
real IP address in the ACL in the class map. If you applied it to the outside interface, you would also use
the real address.
Figure 1-4
HTTP Inspection with NAT
See the following commands for this example:
ciscoasa(config)# object network obj-192.168.1.1
ciscoasa(config-network-object)# host 192.168.1.1
ciscoasa(config-network-object)# nat (VM1,outside) static 209.165.200.225
ciscoasa(config)# access-list http_client extended permit tcp host 192.168.1.1 any eq 80
ciscoasa(config)# class-map http_client
ciscoasa(config-cmap)# match access-list http_client
ciscoasa(config)# policy-map http_client
ciscoasa(config-pmap)# class http_client
ciscoasa(config-pmap-c)# inspect http
ciscoasa(config)# service-policy http_client interface inside
inside
outside
Host
Real IP: 192.168.1.1
Mapped IP: 209.165.200.225
Server
209.165.201.1
port 80
insp.
Security
appliance
14
3
416