LAB Question Intro - Scenario - Topo This is a Hot Area - select the correct areas to click on --------------------------------------------------------------------------------------------------------------------------------Instructions This

item contains a simulation task. Refer to the scenario and topology before you start. When you are ready, open the Topology window and click the required device to open the GUI window on a virtual terminal. Scroll to view all parts of the Cisco ASDM screens. Scenario Click the PC icon to launch Cisco ASDM. You have access to a Cisco ASA 5505 via Cisco ASDM. Use Cisco ASDM to edit the Cisco ASA 5505 configurations to enable Advanced HTTP Application inspection by completing the following tasks: 1. Enable HTTP inspection globally on the Cisco ASA 2. Create a new HTTP inspect Map named: http-inspect-map to: A. Enable the dropping of any HTTP connections that encounter HTTP protocol violations B. Enable the dropping and logging of any HTTP connections when the content type in the HTTP response does not match one of the MIME types in the accept filed of the HTTP request Note: In the simulation, you will not be able to test the HTTP inspection policy after you complete your configuration. Not all Cisco ASDM screens are fully functional. After you complete the configuration, you do not need to save the running configuration to the start-up config, you will not be able to test the HTTP inspection policy that is created after you complete your configuration. Also not all the ASDM screens are filly functional.

--------------------------------------------------------------------------------------------------------------------------------Answer: Here are step by Step Configuration:

Click Edit

Select the Rule Actions tab, check HTTP.

** This satisfies part 1 of the question to Enables HTTP inspection globally on the Cisco ASA. Click the configure button next to the right of HTTP and click on radio button to the left of Select an HTTP inspect map for fine control over inspection.

Enter http-inspect-map in the name field of the HTTP inspect map. ** This satisfies part 2 of the question to Create a new Inspect Map named: http-inspect-map. Click the Details button

In the details window the Check for protocol violations is selected and the action Drop Connection is also selected by default. ** This satisfies part 2a of the question to Enable the dropping of any HTTP connections that encounter HTTP protocol violations. Click the Inspections tab in the Add HTTP Inspect Map window.

Click Add

The default settings of the Add HTTP Inspect window are - Single match

- Match type: Match - Criterion: Request/Response Content type mismatch - Actions: Drop Connection - Log: Enable ** This satisfies part 2b of the question to Enable the dropping and logging of any HTTP connections when the content type in the HTTP response does not match one of the MIME types in the accept field of the HTTP request.

**************************************************************************************************** ******************************* ACTUAL TESTS answer is to select no-match NOT MATCH **************************************************************************************************** *******************************
Click OK.

Click OK

Click OK

Click OK

Click Apply If the Preview commands has been configured on the ASDM preferences the following window will appear showing the CLI commands that will be applied to the ASA.

Click Send

Select File > Exit

Click Save

Click Yes