turning off all inspection --- ASA 5540

For troubleshooting purposes, I'd like to make my ASA 5540 7.2 completely wide open, no inspection, no ACL etc.  Allowing everything via ACL is no problem.    But i'm curious about turning off the default packet inspection.   Am I right that a 'no service-policy global_policy global' is all I need?

class-map inspection_default
 match default-inspection-traffic!
policy-map type inspect dns preset_dns_map
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect xdmcp
  inspect pptp
  inspect sip
  inspect tftp
service-policy global_policy global
Who is Participating?
batry_boyConnect With a Mentor Commented:
>>Is this just defaut behavior for an ASA and not something I'm going to turn off?

Yes, that is correct.  You're not going to be able to make the ASA behave like a true router because it isn't one.  There are just some things that cannot be disabled in the code.
Yep, if your intent is to disable all of the inspection services.
stielincAuthor Commented:
is there anything else I need to do to make the box wide open, essentially makiing it just a router?

Reason I ask is when I view the real time logging via the ASDM, even after removing the service policy, I see alot of messages indicating builds and teardowns of various TCP UDP and ICMP flows.  To me this indicates the box is still doing some kind of 'inspection'.  Is this just defaut behavior for an ASA and not something I'm going to turn off?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.