14-6
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
14






Configuring

Traffic

Policies
Configuring
Virtual

Context

Class

Maps
Protocol
Inspection

Overview
Certain
applications

require

special

handling

of

the

data

portion

of

a

packet

as

the

packets

pass

through
the
ACE.

Application

protocol

inspection

helps

to

verify

the

protocol

behavior

and

identify

unwanted

or
malicious
traffic

passing

through

the

ACE.

Based

on

the

specifications

of

the

traffic

policy,

the

ACE
accepts
or

rejects

t

he

packets

to

ensure

the

secure

use

of

a

pplications

and

ser

vices.
For
information

about

application

protocol

inspection

as

configured

and

performed

by

the

ACE,

see

the
related
topics.
Related
Topics


Configuring
Virtual

Context
Policy
Maps,

page
14-32


Setting
Match

Conditions

for

Layer

7

FTP

Command

Inspection

Class

Maps,

page
14-22


Setting
Policy
Map
Rules
and

Actions

for
Layer
7

HTTP

Deep

Packet

Inspection,

page
14-51


Setting
Policy

Map

Rules

and
Actions
for
Layer
7
SIP

Deep

Packet

Inspection,

page
14-68
Configuring
Virtual

Context

Class

Maps
You
can

cr

eate

a

class

map

t

o

classify

th

e

t

raffic

received

and

transmitted

by

th

e

ACE.

For

more
information
about

cl

ass

maps,

see

t

he

“Class

Maps”

section

on

page

14-3 .
Note
To
delete
a

class

map

from

a

c

ontext,
the
cl

ass

map

must

no

longer

be

in
use.
To
delete
multiple

cl

ass
maps,
none

of

the

class

maps

must

be

in

use.

If

you

attempt

to

delete

multiple

class

maps

and

one

of

the
class
maps

is

still

i

n

use,

none

of

th

e

class

maps

ar

e

deleted

and

a

message

ap

pears

stating

th

at

one

of
the
class

maps

is

in

use.

Remove

the

class

map

that

is

still

in

use

from

your

selection,

then

click

Delete.
The
selected

class

maps

are

removed.
Procedure
Step
1
Choose
Config
>

Devices

>

context

>

Expert

>

Class

Maps.
The
Class

Maps

table

appears.
Step
2
In
the

Class
Maps
table,
click
Add
to
add
a

new

class

map,

or

choose

an

existing
class
map

and

click
Edit
to

modify

it.
Step
3
(Optional)
Enter

a

class

map
identifier
number.
The
Name

field

contains

an

automatically

incremented

number

for

the

class

map.

You

can

leave

the
number
as

i

t

is

or

enter

a

different,

uni

que

number.
Step
4
In
the

Class

Map

Type

field,
choose
the

type

of
class
map

that

you

are

creating.
The
t

ypes

that

ar

e

available

depend

on

the

ACE

that

you

ar

e

configuring.

Ta

b

l

e


14-2

lists

the

available
class
map

types

and

the

ACE

devices

that

support

them.