You can use tunnel content inspection to enforce Security, DoS
Protection, and QoS policies on traffic in these types of tunnels
and on traffic nested within another cleartext tunnel (for example,
Null Encrypted IPSec inside a GRE tunnel).
Create a Tunnel Inspection policy that, when matching an incoming
packet, determines which tunnel protocols in the packet the firewall will
inspect and that specifies the conditions under which the firewall
drops or continues to process the packet. You can view tunnel inspection logs
and tunnel activity in the ACC to verify that tunneled traffic complies
with your corporate security and usage policies.
The firewall supports tunnel content inspection on Ethernet interfaces
and subinterfaces, AE interfaces, VLAN interfaces, and VPN and LSVPN
tunnels. The feature is supported in Layer 3, Layer 2, virtual wire,
and tap deployments. Tunnel content inspection works on shared gateways
and on virtual system-to-virtual system communications.
What do you want
What are the fields available to create
a Tunnel Inspection policy?