Creating policies on the ASA
In this section, we are going to take a look at how to create and apply policies on the ASA.
Modular Policy Framework
The Modular Policy Framework (MPF) is used to identify which traffic to inspect or to apply an action. To apply the MPF within the ASA, the traffic type needs to be inspected first by the ASA using a Class Map. Then, an action has to be applied, such as whether to permit or deny using a Policy Map. Last, we need to tell the ASA where to apply the policy using a Service Map.
Creating a policy
To create a policy on the ASA, there are two methods: the ASDM or the CLI.
Example 1 – Inspecting FTP traffic from Outside to DMZ (using the CLI)
Observing the following topology, there are three zones: Inside, Outside, and DMZ. Assuming the server on the DMZ is an FTP server, we would like to inspect the traffic flow through the DMZ interface:
To get started with the configurations, we can use the following steps:
- Create an Extended ACL to filter the FTP traffic...
