Hi all In ASA, once if we deny the flow for inspection, it never gets inspected back in other policies. In the below configuration, http traffic to 10.20.30.40 is not inspected by the class inspection_default.
Any comments? *HTTP traffic to 10.20.30.40 not inspect under class inspection_default* access-list web extended deny tcp any host 10.20.30.40 eq www access-list web extended permit tcp any any eq www class-map web match access-list web policy-map global_policy class web inspect http class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect http ** With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
