match protocol-enforcement is enabled by default. Issue sh run all to see it.
With regards Kings On Tue, Feb 8, 2011 at 12:16 PM, Kingsley Charles < [email protected]> wrote: > You can either use a new L7 policy map or default DNS policy map. Which > ever is first associated to the global policy will be in effect. > > With regards > Kings > > On Tue, Feb 8, 2011 at 2:35 AM, Pemasiri Devanarayana > <[email protected]>wrote: > >> Hi, >> >> when I want to inspect on id randamization, massage format >> >> 1) should i create new L7 policy-map or use the default policy-map of >> preset_dns_map (policy-map type inspect dns preset_dns_map)..? >> >> 2) if I use different L7 Policy-map I have to remove the existing dns >> inspection which is also inspecting "message-length maximum 512" by default >> and it will also will remove, in that case should i add message lenth max. >> 512 in the new L7 policy-map..? >> >> 3) when I configure match protocol-enforcement, it does not show under >> running configuration. (show running-config policy-map), it's bug or its >> already in inspection by default..? >> >> policy-map type inspect dns PM7-DNS >> parameters >> id-randomization >> policy-map global_policy >> class inspection_default >> inspect ftp >> inspect h323 h225 >> inspect h323 ras >> inspect netbios >> >> Appreciate all expertises' correct solution. >> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
