Notice that none of the ASA or FWSM inspection engine configuration commands accepts a port number. For application inspection engines that are more advanced, refer to the section of this chapter referenced in the table. Table 7-7 lists the command syntax to configure each type of inspection engine for ASA, FWSM, and PIX 6.3 platforms. In releases prior to ASA 7.0(1), the fixup command configures application inspection and default port numbers. Table 7-7: Configuring Application Layer Inspection EnginesįWSM and ASA (releases 7.0 or later) use the inspect command. You can configure any of the supported application layer inspection engines by using the configuration command syntax listed in Table 7-7. Inspect: icmp, packet 76800, drop 13628, reset-drop 0 Inspect: icmp error, packet 0, drop 0, reset-drop 0 Inspect: tftp, packet 0, drop 0, reset-drop 0
Inspect: netbios, packet 27, drop 0, reset-drop 0 Inspect: sip, packet 0, drop 0, reset-drop 0 Inspect: xdmcp, packet 0, drop 0, reset-drop 0 Inspect: sunrpc, packet 0, drop 0, reset-drop 0 Inspect: skinny, packet 0, drop 0, reset-drop 0 Inspect: sqlnet, packet 0, drop 0, reset-drop 0
Inspect: esmtp, packet 28, drop 0, reset-drop 0 Inspect: rtsp, packet 0, drop 0, reset-drop 0 Inspect: rsh, packet 0, drop 0, reset-drop 0 Inspect: h323 ras, packet 0, drop 0, reset-drop 0 Inspect: h323 h225, packet 0, drop 0, reset-drop 0 Inspect: ftp, packet 39, drop 0, reset-drop 0 Inspect: dns maximum-length 512, packet 10, drop 0, reset-drop 0 Table 7-6: Application Inspection: Applications and Ports Supported