Cisco Cisco ASA 5525-X Adaptive Security Appliance - No Payload Encryption 기술 매뉴얼
21
XML Examples for the Cisco Application Centric Infrastructure Security Device Package, Version 1.2(7)
Intrusion Prevention System
</vnsAbsFolder>
</vnsAbsDevCfg>
<vnsAbsFuncCfg>
<vnsAbsFolder key="NATPolicy" name="PolicyA">
<vnsAbsCfgRel key="nat_list_name" name="nat_listA" targetName="ListA"/>
</vnsAbsFolder>
</vnsAbsFuncCfg>
</vnsAbsNode>
</vnsAbsGraph>
</fvTenant>
</polUni>
Intrusion Prevention System
This XML example sets up the Intrusion Prevention System (IPS) feature. The example shows how to
match traffic to a previously created access list, ACL1, and enables IPS as inline and fail-open. Also
included is IPS on internal and global interfaces.
match traffic to a previously created access list, ACL1, and enables IPS as inline and fail-open. Also
included is IPS on internal and global interfaces.
ASA Configuration
class-map ips_internalIf
match access-list ACL1
policy-map internalIf
class ips_internalIf
ips inline fail-open
service-policy internalIf interface internalIf
XML Example
<polUni>
<fvTenant name="tenant1">
<vnsAbsGraph name = "WebGraph">
<vnsAbsNode name = "FW1">
<vnsAbsDevCfg>
<vnsAbsFolder key="Interface" name="internalIf">
<vnsAbsFolder key="ServicePolicy" name="IPS-Policy">
<vnsAbsParam key="ServicePolicyState" name="PolicyState" value="enable"/>
<vnsAbsFolder key="IPS" name="IPS">
<vnsAbsCfgRel key="TrafficSelection" name="TrafficSelect" targetName="ACL1"/>
<vnsAbsFolder key="IPSSettings" name="IPSSettingsA">
<vnsAbsParam key="operate_mode" name="operate_mode" value="inline"/>
<vnsAbsParam key="fail_mode" name="fail_mode" value="fail-open"/>
</vnsAbsFolder>
</vnsAbsFolder>
</vnsAbsFolder>
</vnsAbsFolder>
</vnsAbsDevCfg>
</vnsAbsNode>
</vnsAbsGraph>
</fvTenant>
</polUni>