class-map type inspect ---> policy-map type inspect ---> policy-map ---> service-policy
class-map---->policy-map---->service-policy
· 正则表达式:regulay expressions
· 组正则表达式:
ciscoasa(config)# regex myregex1 cisco1\.com
ciscoasa(config)# regex myregex2 cisco2\.com
ciscoasa(config)# class-map type regex match-any myclassr
ciscoasa(config-cmap)# match regex myregex1
ciscoasa(config-cmap)# match regex myregex2
ciscoasa# test regex cisco.com "cisco\.com" //测试
ciscoasa(config)# class-map ?
configure mode commands/options:
WORD < 41 char class-map name
type Specifies the type of class-map //type里面定义的用在class类中,policy里面的用法一致
· //http默认的80替换成8080
ciscoasa(config)# class-map http8080
ciscoasa(config-cmap)# match port tcp eq 8080
ciscoasa(config)# policy-map mypolicy
ciscoasa(config-pmap)# class http8080
ciscoasa(config-pmap-c)# inspect http
ciscoasa(config)# service-policy mypolicy interface inside
· //同时检测80和8080
ciscoasa(config)# class-map http8080
ciscoasa(config-cmap)# match port tcp eq 8080
ciscoasa(config)# class-map http80
ciscoasa(config-cmap)# match port tcp eq 80
ciscoasa(config)# policy-map mypolicy
ciscoasa(config-pmap)# class http8080
ciscoasa(config-pmap-c)# inspect http
ciscoasa(config-pmap)# class http80
ciscoasa(config-pmap-c)# inspect http
ciscoasa(config)# service-policy mypolicy interface inside
--------------------------------案例-----------------------------------------
ciscoasa(config)# class-map type inspect http myhttp
ciscoasa(config)# policy-map type inspect http myinpolicy
ciscoasa(config-pmap)# class myhttp
ciscoasa(config-pmap-c)# drop-connection
ciscoasa(config)# policy-map mypolicy
ciscoasa(config-pmap)# class class-default
ciscoasa(config-pmap-c)# inspect http myinpolicy
ciscoasa(config)# service-policy mypolicy interface inside
-----------------------------------------------------------------------------
