What is the first configuration step when using Cisco ASDM to configure a new Layer 3/4
inspection policy on the Cisco ASA?
A.
Create a new class map.
B.
Create a new policy map and apply actions to the traffic classes.
C.
Create a new service policy rule.
D.
Create the ACLs to be referenced by any of the new class maps.
E.
Disable the default global inspection policy.
F.
Create a new firewall access rule.
Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/user/guide/svcrules.html#wp116199
5
Default Global Policy
By default, the configuration includes a policy that matches all default application inspection traffic
and applies certain inspections to the traffic on all interfaces (a global policy). Not all inspections
are enabled by default.
You can only apply one global policy, so if you want to alter the global policy, you need to either
edit the default policy or disable it and apply a new one. (An interface policy overrides the globalpolicy.)
Service policies provide a consistent and flexible way to configure security appliance features. For
example, you can use a service policy to create a timeout configuration that is specific to a
particular TCP application, as opposed to one that applies to all TCP applications.
Configuring a service policy consists of adding one or more service policy rules per interface or for
the global policy. For each rule, you identify the following elements:
1. Identify the interface to which you want to apply the rule, or identify the global policy.
2. Identify the traffic to which you want to apply actions. You can identify Layer 3 and 4 through
traffic.
3. Apply actions to the traffic class. You can apply multiple actions for each traffic class.