When using a “inspect policy map” you need to add it to a “standard policy-map” to allow you to add it to the service policy.
For each policy map there would be a class map, the inspect would match the FTP command, and then use the classmap “inspection-default” in the standard policy map.
Running Config
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map type inspect ftp FTPPOL
parameters
class FTPCLASS
reset log
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect sip
inspect xdmcp
policy-map FTPPOLICY2
class inspection_default
inspect ftp strict FTPPOL
!
service-policy global_policy global
Rick Donato is a Network Automation Architect/Evangelist and the founder of Packet Coders.
Latest posts by Rick Donato (see all)
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become an IT Security expert?
Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial