Class maps and policy maps generated by SDM

Class maps and policy maps generated by SDM

by Cyrus Lok on Sunday, March 7, 2010 at 10:34pm

R0#sh class-map type inspect
Class Map type inspect match-all sdm-insp-traffic (id 2)
Match class-map sdm-cls-insp-traffic

Class Map type inspect match-any SDM-Voice-permit (id 9)
Match protocol h323
Match protocol skinny
Match protocol sip

Class Map type inspect match-any SDM-Voice (id 7)
Match protocol h323

Class Map type inspect match-any sdm-cls-icmp-access (id 3)
Match protocol icmp
Match protocol tcp
Match protocol udp

Class Map type inspect match-any sdm-cls-insp-traffic (id 1)
Match protocol cuseeme
Match protocol dns
Match protocol ftp
Match protocol h323
Match protocol https
Match protocol icmp
Match protocol imap
Match protocol pop3
Match protocol netshow
Match protocol shell
Match protocol realmedia
Match protocol rtsp
Match protocol smtp extended
Match protocol sql-net
Match protocol streamworks
Match protocol tftp
Match protocol vdolive
Match protocol tcp
Match protocol udp

Class Map type inspect match-all sdm-dmz-traffic (id 8)
Match access-group name dmz-traffic
Match class-map sdm-dmz-protocols

Class Map type inspect match-all sdm-icmp-access (id 4)
Match class-map sdm-cls-icmp-access

Class Map type inspect match-all sdm-invalid-src (id 10)
Match access-group 100

Class Map type inspect match-any sdm-dmz-protocols (id 5)
Match protocol smtp

Class Map type inspect match-all sdm-protocol-http (id 6)
Match protocol http

R0#sh policy-map type inspect
Policy Map type inspect sdm-permit-icmpreply
Class sdm-icmp-access
Inspect
Class SDM-Voice
Inspect
Class class-default
Pass

Policy Map type inspect sdm-inspect
Class sdm-invalid-src
Drop log
Class sdm-insp-traffic
Inspect
Class sdm-protocol-http
Inspect
Class class-default

Policy Map type inspect sdm-permit
Class SDM-Voice
Inspect
Class class-default
Drop log

Policy Map type inspect sdm-permit-dmzservice
Class sdm-dmz-traffic
Inspect
Class SDM-Voice-permit
Inspect
Class class-default
Pass

R0#sh class-map class-default
Class Map match-any class-default (id 0)
Match any

R0#sh class-map type inspect sdm-invalid-src
Class Map type inspect match-all sdm-invalid-src (id 10)
Match access-group 100

R0#sh access-list 100
Extended IP access list 100
10 permit ip host 255.255.255.255 any
20 permit ip 127.0.0.0 0.255.255.255 any
30 permit ip 192.168.47.0 0.0.0.255 any
40 permit ip 10.1.1.0 0.0.0.3 any

Advertisements
This entry was posted in Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s