14-2
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
14






Configuring

Traffic

Policies
Class
Map

and

Policy

Map

Overview


Optimization
of
HTTP

traffic


Protocol
deep

packet

inspection


Remote
access

using
Secure
Shell

(SSH)

or

Telnet


Secure
Socket

Layer

(SSL)

security

services

between

a

Web

browser

(the

client)

and
the
HTTP
connection
(the

server)


Server
load

balancing


TCP
termination,

normalization,
and
reuse
Related
Topics


Class
Map

and

Policy

Map

Overview,

page
14-2


Configuring
Virtual

Context
Class
Maps,

page
14-6


Configuring
Virtual

Context
Policy
Maps,

page
14-32
Class
Map

and

Policy

Map

Overview
You
classify

inbound

network

traffic

destined

to,

or

passing

through,

the

ACE

based

on

a

series

of

flow
match
criteria

specified

by

a

class

map.

Each

class

map

defines

a

traffic

classification;

that

is,

network
traffic
that

is

of

interest

to

you.

A

policy

map

defines

a

series

of

actions

(functions)

that

you

want

applied
to
a

set


of

cl

assified

i

nbound

traffic.
Class
maps

enable

you

to

classify

network

traffic

based

on

the

following

criteria:


Layer
3

and

Layer

4

traffic

flow

information—Source

or

destination

IP

address,

source

or
destination
port,

virtual

IP

address,

or

IP

protocol


Layer
7
protocol

information—HTTP

cookie,

HTTP

URL,

HTTP

header,
HTTP
content,

FTP
request
commands,

RADIUS,

RDP,

RTSP,

Skinny,

or

SIP
The
policies

that

you

can

configure

depend

on

the

ACE

you

are

configuring.

Ta

b

l

e


14-1

lists

the
available
policies

and

the

ACE

devices

that

support

them.
Ta
b

l

e


14-1
Traffic
Policies

and

ACE

Device

Support
Policy
Map

Type
Description
ACE
Device
ACE
Module
ACE
Appliance
Layer
3/4

Management

Traffic

(First-Match)
Layer
3

and

Layer

4

policy

map

for

network
management
traffic

received

by

the

ACE
X
X
Layer
3/4

Network

Traffic

(First-Match)
Layer
3

and

Layer

4

policy

map

for

traffic
passing
through

the

ACE
X
X
Layer
7

Command

Inspection

-

FTP
(First-Match)
Layer
7

policy

map

for


inspection

of

FTP
commands
X
X
Layer
7

Deep

Packet

Inspection

-

HTTP
(All-Match)
Layer
7

policy

map

for


inspection

of

HTTP
packets
X
X
Layer
7

Deep

Packet

Inspection

-

SIP
(All-Match)
Layer
7

policy

map

for


inspection

of

SIP
packets
X
X
Layer
7

Deep

Packet

Inspection

-

Skinny
Layer
7

policy

map

for


inspection

of

Ski

nny
Client
Control

Protocol

(SCCP)
X
X