Hi Mohammed,
perfect, thanks! That various class/policy/service map types could get
a little bit confusing ;)
Cheers
Simon
Am 27.09.2009 um 15:33 schrieb Mohammed Gazzaz:
Hi Simon,
You need to
- create a L3 class-map and policy-map and
- attach the L7 policy-map to the L3 policy-map (just like what we
are doing with ASA)
Here is an example
class-map type inspect smtp match-any testc
match data-length gt 4000
policy-map type inspect smtp testp
class type inspect smtp testc
reset
class-map type inspect match-all smtp_test
match protocol smtp
policy-map type inspect policy_outin
class type inspect smtp_test
inspect
service-policy smtp testp
Regards,
Mohammed Gazzaz
> From: [email protected]
> Date: Sun, 27 Sep 2009 15:16:04 -0700
> To: [email protected]
> Subject: [OSL | CCIE_Security] ZBF: protocol inspection class/
policy/service maps.
>
> Hi,
> I am a little bit confused about applying an protocol inspection
> policy-map to the service policy. If I want to filter emails above
an
> defined size (as stated in the Cisco doucmentation), I have to do:
>
> 1. define a class-map type smtp
> 2. define a policy-map type smtp
> reset, log, whatever
> 3. how do I apply this policy? I could attach e.g. a parameter-map
to
> my service-policy. But where is the smtp policy-map applied?
>
> TIA!
>
> Regards
> Simon
>
> _______________________________________________
> For more information regarding industry leading CCIE Lab training,
please visit www.ipexpert.com
check out the rest of the Windows Live™. More than mail–Windows
Live™ goes way beyond your inbox. More than messages
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
