Viewing the Policy Map Configuration
To display all policy map configurations, a security administrator can use the show run
policy-map command. The output from this command will display all policy maps, the class
maps assigned to them, and each action applied to the class maps, as illustrated in Example 8-4.
Assigning Policies to an Interface
For interfaces to be activated, you need to assign policies to them. An interface is defined as
any physical interface or as a logical interface that can be defined by the nameif command.
Additionally, you can apply a policy to the global interface. To assign a policy to an interface,
use the service-policy command. The service-policy command assigns a policy map to a
Table 8-5 set connection Command Options
Command Parameter Description
conn-max The maximum number of simultaneous TCP and UDP connections
that are allowed.
embryonic-conn-max The maximum number of half-open TCP connections associated with
a policy map.
random-sequence-number Enables or disables TCP sequence number randomization. This
option should be used when multiple Security Appliances are placed
inline with each other, with one appliance performing the sequence
number randomization.
Example 8-4 show run policy-map Command Output
ASAfirewall(config)# show run policy-map
policy-map outside1
class http1
police 64000 1000
class internet
IPS inline fail-close
class vpn1
set connection conn-max 256
embryonic-conn-max 25
ASAfirewall(config)#