Filter
Top Products
17-24
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 17 Managing Firewall Inspection Rules
Configuring Protocols and Maps for Inspection
NetBIOS ASA, PIX
7.x+, FWSM
NetBIOS (none) Inspect NetBIOS traffic to
translate IP addresses in the
NetBIOS name service (NBNS)
packets according to the security
appliance NAT configuration. You
can drop packets that violate the
protocol. See Configuring
NetBIOS Maps, page 17-75.
IPSec Pass
Through
ASA, PIX
7.x+
IPsec Pass
Through
(none) Inspect IPSec traffic and control
whether ESP or AH traffic is
allowed. See Configuring IPsec
Pass Through Maps, page 17-74.
DCE/RPC ASA 7.2+,
PIX 7.2+,
FWSM 3.2+
DCE/RPC (none) Inspect traffic based on timeouts
and enforcing the mapper service.
See Configuring DCE/RPC Maps,
page 17-27.
IP options ASA 8.2(2)+ IP Options (none) Allow IP packets that have certain
options configured in the Options
section of the IP header. In routed
mode, packets that contain the
router-alert option are allowed.
Otherwise, if any option is set,
packets are dropped. IP options are
unnecessary for most
communication, but the NOP (no
operation) option might be used
for padding, so you might want to
allow it. See Configuring IP
Options Maps, page 17-68.
IPv6 ASA 8.4(2)+ IPv6 (none) Inspect IPv6 traffic based on the
following types of extension
headers found anywhere in an
IPv6 packet: Hop-by-Hop
Options, Routing (Type 0),
Fragment, Destination Options,
Authentication, and Encapsulating
Security Payload. See Configuring
IPv6 Maps, page 17-70 and IPv6
Policy Maps Add or Edit Match
Condition and Action Dialog
Boxes, page 17-71.
Table 17-10 Configuring Protocols for Deep Inspection in Inspection Rules (Continued)
Protocol Device Types Policy Map
Class Map
(ASA, PIX,
FWSM only)
Description and Match Criteria
Reference