14-5
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
14






Configuring

Traffic

Policies
Class
Map

and

Policy

Map

Overview
The
ACE

supports

flexible

class

map

ordering

within

a

policy

map.

The

ACE

executes

only

the

actions
for
the

first

matching

t

raffic

cl

assification,

so

t

he

order

of

cl

ass

maps

within

a

po

licy

map

is

very
important.
The

policy

lookup

order

is

based

on

the

security

features

of

the

ACE.

The

policy

lookup

order
is
implicit,

irrespective

of

the

order

in

which

you

configure

policies

on

the

interface.
The
policy

lookup

order

of

the

ACE

is

as

follows:
1.
Access
control

(permit

or

de

ny

a

pa

cket)
2.
Permit
or
deny
management

traffic
3.
TCP/UDP
connection

parameters
4.
Load
balancing

based

on

a

virtual

IP

(VIP)
5.
Application
pr

otocol

inspection
6.
Source
NAT
7.
Destination
NAT
The
sequence

in

which

the

ACE

applies

the

actions

for

a

specific

policy

is

independent

of

the

actions
configured
for

a

cl

ass

map

inside

a

policy.
Related
Topics


Class
Map

and

Policy

Map

Overview,

page
14-2


Class
Maps,

page
14-3


Parameter
Maps

and

Their

Use

i

n

Layer

3

and
Layer
4
Policy
Maps,
page
14-5


Configuring
Traffic
Policies,

page
14-1


Configuring
Virtual

Context
Policy
Maps,

page
14-32
Parameter
Maps

and

Their

Use

in

Layer

3

and

Layer

4

Policy

Maps
Parameter
maps

allow

you

to

combine

related

actions

in

a

Layer

3

and

Layer

4

policy

map.

For

example,
an
HTTP

parameter

map

provides

a

means

of

performing

actions

on

traffic

ingressing

an

ACE

interface
based
on

certain

criteria

such

as

HTTP

header

and

cookie

settings,

server

connection

reuse,

action

to

be
taken
when

an

HTTP

header,

cookie,

or

URL

exceeds

a

configured

maximum

length,

and

so

on.
The
ACE

uses

policy

maps

to

combine

class

maps

and

parameter

maps

into

t

raffic

pol

icies

and

to
perform
certain

configured

actions

on

the

traffic

that

matches

the

specified

criteria

in

the

policies.
See
Ta

b

l

e


10-1

for

a

list

of

the

available

parameter

maps

and

the

ACE

devices

that

support

them.
Related
Topics


Configuring
Parameter

Maps,
page
10-1


Class
Map

and

Policy

Map

Overview,

page
14-2


Class
Maps,

page
14-3


Policy
Maps,

page
14-4