Cisco Systems and the ASA Services Module Manual De Usuario

Modular Policy Framework lets you configure special actions for many application inspections. When 
you enable an inspection engine in the Layer 3/4 policy map, you can also optionally enable actions as 
defined in an inspection policy map. When the inspection policy map matches traffic within the Layer 
3/4 class map for which you have defined an inspection action, then that subset of traffic will be acted 
upon as specified (for example, dropped or rate-limited).

This chapter includes the following sections:

See the 

 for a list of 

applications that support inspection policy maps.

An inspection policy map consists of one or more of the following elements. The exact options available 
for an inspection policy map depends on the application.

Traffic matching command—You can define a traffic matching command directly in the inspection 
policy map to match application traffic to criteria specific to the application, such as a URL string, 
for which you then enable actions.

Some traffic matching commands can specify regular expressions to match text inside a packet. 
Be sure to create and test the regular expressions before you configure the policy map, either 
singly or grouped together in a regular expression class map.

Inspection class map—An inspection class map includes multiple traffic matching commands. You 
then identify the class map in the policy map and enable actions for the class map as a whole. The 
difference between creating a class map and defining the traffic match directly in the inspection