Bruno,
The ASA has the defaults on: policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp When changing any of the defaults, like FTP in my case, you have to remove class inspection_default with the no command, add the new class for the FTP policy and then put the class inspection_default back. Regards Johan From: Bruno [mailto:[email protected]] Sent: 19 January 2011 04:06 PM To: Johan Bornman Cc: Vybhav Ramachandran; OSL Security Subject: Re: [OSL | CCIE_Security] class inspection default Shouldn`t you do "no service-policy global_policy global" first, then remove the class under global_policy? Not sure if I got the issue here On Wed, Jan 19, 2011 at 9:20 AM, Johan Bornman <[email protected]> wrote: Tacack, I will lab it up again tonight. Thanks Johan From: Vybhav Ramachandran [mailto:[email protected]] Sent: 19 January 2011 10:58 AM To: Johan Bornman Cc: OSL Security Subject: Re: [OSL | CCIE_Security] class inspection default Hello Johan, I only get the problem that the class is under use when i try to delete the class-map or policy-map. I do not get any error when removing the class from under the policy-map configuration? Cheers, TacACK _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com -- Bruno Fagioli (by Jaunty Jackalope) Cisco Security Professional
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
