Configuration for IM inspection:-
class-map type inspect im match-all imservices_class match service conference file-transfer games webcam match protocol msn-im yahoo-im match ip-address 10.1.1.0 255.255.255.0 ! policy-map type inspect im imservices_policy parameters class imservices_class reset log ! policy-map global_policy class inspection_default inspect im imservices_policyNote: Multiple L7 class-maps can be configured and referenced under a single L7 policy-map.
Verification;
ASA-FW# show service-policy inspect im Global policy: Service-policy: global_policy Class-map: inspection_default Inspect: im imservices_policy, packet 0, drop 0, reset-drop 0 tcp-proxy: bytes in buffer 0, bytes dropped 0 class imservices_class reset log, packet 0
Matches that can be made for an IM application (yahoo or msn) under a L7 class-map or L7 policy-map;
ASA-FW(config-pmap)# match ? mpf-policy-map mode commands/options: filename Match filename from IM file transfer service ip-address Match client IP address for IM application or service login-name Match client login-name from IM service not Negate this match result peer-ip-address Match peer (client/server) IP add for IM application or service peer-login-name Match client peer login name from IM service protocol Match an Instant Messenger Protocol service Match an Instant Messenger Service version Match version from IM file transfer service
Bookmark to follow my CCIE Security v4 journey -> https://networkology.net/tag/ccie
Advertisements
