Hi all When we have situations where we need apply policies globally to the ASA, then sometimes there is necessity where we need to remove the "class inspection_default", place our class-map with action and after that we add "class inspection_default". This seems to very important. If not placed properly, then your MPF won't work properly.
policy-map global_policy *class httptraffic inspect http http_inspection_policy* class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect http inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp My understanding is that when you need have specify traffic flow to be handled by MPF, then that should at the top. Can some please any other situations, where we would be place our class-maps above "class inspection_default". In the Cisco docs > ASA > Configuration Examples and Notes, I see that they just apply the class map under "policy-map global_policy" without removing class inspection_default and hence that will come below http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a008009487d.shtml - Handling BGP With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
