ASA Packet Flow PDF

Uploaded by

Narendra Pattanayak

0% found this document useful (0 votes)

219 views3 pages

Original Title

ASA packet flow.pdf

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

219 views3 pages

ASA Packet Flow PDF

Uploaded by

Narendra Pattanayak

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 3

Search inside document

4/28/2017 ASA8.

2:PacketFlowthroughanASAFirewallCisco

CiscoASAPacketProcessAlgorithm

HereisadiagramofhowtheCiscoASAprocessesthepacketthatit
receives:

Herearetheindividualstepsindetail:
1. Thepacketisreachedattheingressinterface.
2. Oncethepacketreachestheinternalbufferoftheinterface,theinput
counteroftheinterfaceisincrementedbyone.
3. CiscoASAfirstlooksatitsinternalconnectiontabledetailsinorderto
verifyifthisisacurrentconnection.Ifthepacketflowmatchesa
currentconnection,thentheAccessControlList(ACL)checkis
bypassedandthepacketismovedforward.
Ifpacketflowdoesnotmatchacurrentconnection,thentheTCPstate
isverified.IfitisaSYNpacketorUDP(UserDatagramProtocol)
packet,thentheconnectioncounterisincrementedbyoneandthe
packetissentforanACLcheck.IfitisnotaSYNpacket,thepacketis
droppedandtheeventislogged.
4. ThepacketisprocessedaspertheinterfaceACLs.Itisverifiedin
sequentialorderoftheACLentriesandifitmatchesanyoftheACL
entries,itmovesforward.Otherwise,thepacketisdroppedandthe
informationislogged.TheACLhitcountisincrementedbyonewhen
thepacketmatchestheACLentry.
5. Thepacketisverifiedforthetranslationrules.Ifapacketpasses
throughthischeck,thenaconnectionentryiscreatedforthisflowand
thepacketmovesforward.Otherwise,thepacketisdroppedandthe
informationislogged.
6. ThepacketissubjectedtoanInspectionCheck.Thisinspection
http://www.cisco.com/c/en/us/support/docs/security/asa5500xseriesnextgenerationfirewalls/113396asapacketflow00.html 1/3
4/28/2017 ASA8.2:PacketFlowthroughanASAFirewallCisco
6. ThepacketissubjectedtoanInspectionCheck.Thisinspection
verifieswhetherornotthisspecificpacketflowisincompliancewith
theprotocol.CiscoASAhasabuiltininspectionenginethatinspects
eachconnectionasperitspredefinedsetofapplicationlevel
functionality.Ifitpassedtheinspection,itismovedforward.Otherwise,
thepacketisdroppedandtheinformationislogged.
AdditionalsecuritycheckswillbeimplementedifaContentSecurity
(CSC)moduleisinvolved.
7. TheIPheaderinformationistranslatedaspertheNetworkAddress
Translation/PortAddressTranslation(NAT/PAT)ruleandchecksums
areupdatedaccordingly.ThepacketisforwardedtoAdvanced
InspectionandPreventionSecurityServicesModule(AIPSSM)for
IPSrelatedsecuritycheckswhentheAIPmoduleisinvolved.
8. Thepacketisforwardedtotheegressinterfacebasedonthe
translationrules.Ifnoegressinterfaceisspecifiedinthetranslation
rule,thenthedestinationinterfaceisdecidedbasedontheglobalroute
lookup.
9. Ontheegressinterface,theinterfaceroutelookupisperformed.
Remember,theegressinterfaceisdeterminedbythetranslationrule
thattakesthepriority.
10. OnceaLayer3routehasbeenfoundandthenexthopidentified,
Layer2resolutionisperformed.TheLayer2rewriteoftheMAC
headerhappensatthisstage.
11. Thepacketistransmittedonthewire,andinterfacecountersincrement
ontheegressinterface.

ExplanationofNAT

RefertothesedocumentsformoredetailsontheorderofNAT
operation:
CiscoASASoftwareVersion8.2andearlier
http://www.cisco.com/c/en/us/support/docs/security/asa5500xseriesnextgenerationfirewalls/113396asapacketflow00.html 2/3
4/28/2017 ASA8.2:PacketFlowthroughanASAFirewallCisco

CiscoASASoftwareVersion8.3andlater

ShowCommands

Herearesomeusefulcommandsthathelptrackthepacketflowdetails
atdifferentstagesintheprocess:
showinterface
showconn
showaccesslist
showxlate
showservicepolicyinspect
showrunstatic
showrunnat
showrunglobal
shownat
showroute
showarp

http://www.cisco.com/c/en/us/support/docs/security/asa5500xseriesnextgenerationfirewalls/113396asapacketflow00.html 3/3

The Compete Ccna 200-301 Study Guide: Network Engineering Edition
From Everand
The Compete Ccna 200-301 Study Guide: Network Engineering Edition
Joe Spoto
Rating: 5 out of 5 stars
5/5 (4)
Microwave NEC Whitepaper PDF
Document10 pages
Microwave NEC Whitepaper PDF
tauraimukumba
No ratings yet
Microwave NEC Whitepaper PDF
Document10 pages
Microwave NEC Whitepaper PDF
tauraimukumba
No ratings yet
Microwave NEC Whitepaper PDF
Document10 pages
Microwave NEC Whitepaper PDF
tauraimukumba
No ratings yet
A Practical Guide Wireshark Forensics
From Everand
A Practical Guide Wireshark Forensics
alasdair gilchrist
Rating: 5 out of 5 stars
5/5 (4)
CCNA Interview Questions You'll Most Likely Be Asked
From Everand
CCNA Interview Questions You'll Most Likely Be Asked
Vibrant Publishers
No ratings yet
Unity 400
Document61 pages
Unity 400
Aitonix Scan
No ratings yet
Cheat-Sheet For Troubleshooting On Cisco 3750 Switches.
Document2 pages
Cheat-Sheet For Troubleshooting On Cisco 3750 Switches.
Narendra Pattanayak
No ratings yet
Using Oracle Cloud Infrastructure Goldengate
Document86 pages
Using Oracle Cloud Infrastructure Goldengate
Rafi
No ratings yet
Lab 02.6.2 - Using Wireshark
Document11 pages
Lab 02.6.2 - Using Wireshark
magandaako123
No ratings yet
FortiGate Troubleshooting IPsec Connectivity
Document10 pages
FortiGate Troubleshooting IPsec Connectivity
khaled
No ratings yet
Paloalto - Packet Flow
Document11 pages
Paloalto - Packet Flow
Orang E Dan
100% (1)
Mind Map: Project Management Professional
Document5 pages
Mind Map: Project Management Professional
MondherBelaid
100% (1)
Mind Map: Project Management Professional
Document5 pages
Mind Map: Project Management Professional
MondherBelaid
100% (1)
Packet-Flow in The Firewall - A Day in The Life of A Packet
Document6 pages
Packet-Flow in The Firewall - A Day in The Life of A Packet
Ganapareddy
0% (1)
Complete Lab Manual For CCNP PDF
Document315 pages
Complete Lab Manual For CCNP PDF
toto161616
100% (2)
Palo Alto Student Manual - c3226cb5 595e 49e0 B5a9 Acb7d1f067bf
Document229 pages
Palo Alto Student Manual - c3226cb5 595e 49e0 B5a9 Acb7d1f067bf
leo123
No ratings yet
Atlas Copco Open Protocol 1.6
Document224 pages
Atlas Copco Open Protocol 1.6
Cesar Chacon
No ratings yet
Traintools PC Communication Engineering: Publication Um5532 (1.0.0)
Document78 pages
Traintools PC Communication Engineering: Publication Um5532 (1.0.0)
Nawel Oran
100% (1)
5-Network Security Applications - Email, IPSEC
Document59 pages
5-Network Security Applications - Email, IPSEC
ep230842
100% (1)
Fundamentos de Seguridad de la Red
From Everand
Fundamentos de Seguridad de la Red
NUMA EDITORIAL
No ratings yet
Empowerment Technologies: Quarter 1 - Module 2
Document28 pages
Empowerment Technologies: Quarter 1 - Module 2
Bernadette Falceso
100% (5)
Long Term Evolution (LTE) : 4G Mobile Broadband
Document16 pages
Long Term Evolution (LTE) : 4G Mobile Broadband
Narendra Pattanayak
No ratings yet
ASA Packet Flow
Document3 pages
ASA Packet Flow
Narendra Pattanayak
No ratings yet
ASA 8.2: Packet Flow Through An ASA Firewall
Document4 pages
ASA 8.2: Packet Flow Through An ASA Firewall
aditya bhoyarkar
No ratings yet
Asa Packet Flow 00
Document5 pages
Asa Packet Flow 00
Sushant Debnath
No ratings yet
Background Information: Cisco ASA Packet Process Algorithm
Document4 pages
Background Information: Cisco ASA Packet Process Algorithm
Rakesh Rakee
No ratings yet
Firewall Interview Questions Asa
Document3 pages
Firewall Interview Questions Asa
Rakesh Rakee
0% (1)
Firewall
Document116 pages
Firewall
Tabarez Ahmed
No ratings yet
Switching Vs Routing Presentation: Julia Vuong and Travis Anderson
Document25 pages
Switching Vs Routing Presentation: Julia Vuong and Travis Anderson
Kabilan Tamilvanan
No ratings yet
CCNA Security Final Exam
Document5 pages
CCNA Security Final Exam
myropie
No ratings yet
Day in The Life of A Packet: PAN-OS Packet Flow Sequence PAN-OS 6.1
Document14 pages
Day in The Life of A Packet: PAN-OS Packet Flow Sequence PAN-OS 6.1
zdrkqaii
No ratings yet
Assignment 01 Wireshark
Document9 pages
Assignment 01 Wireshark
Arslan Azhar
No ratings yet
Firewall Concepts
Document3 pages
Firewall Concepts
Bhuvnesh Purohit
No ratings yet
1628
Document14 pages
1628
Adeel Ahmad
No ratings yet
CISCO Asa Troubleshoot Throughput 00
Document4 pages
CISCO Asa Troubleshoot Throughput 00
Sankarsan Adhikari
No ratings yet
Cut-Through and Store-and-Forward Ethernet Switching For Low-Latency Environments
Document13 pages
Cut-Through and Store-and-Forward Ethernet Switching For Low-Latency Environments
Chakravarthi Chittajallu
No ratings yet
Packet Flow in RouterOS - RouterOS - MikroTik Documentation
Document23 pages
Packet Flow in RouterOS - RouterOS - MikroTik Documentation
Bayu Romadi
No ratings yet
Congestion in Data Networks
Document11 pages
Congestion in Data Networks
MiM1990
No ratings yet
Network & Cyber Security - module3-IPSECURITY - Part2
Document12 pages
Network & Cyber Security - module3-IPSECURITY - Part2
Sushil Lamsal
No ratings yet
Blue Tooth Security Implemented Using VHDL
Document11 pages
Blue Tooth Security Implemented Using VHDL
api-26871643
No ratings yet
Switching Types
Document4 pages
Switching Types
Shiva Ʋŋique
No ratings yet
1 Fundamental Characteristics of SDN: 1.1 Plane Separation
Document9 pages
1 Fundamental Characteristics of SDN: 1.1 Plane Separation
Zain Alabeeden Alareji
No ratings yet
PDF 24
Document6 pages
PDF 24
Raul Cespedes Ichazo
No ratings yet
Lab Assignment For Chapter 1: 1.1 Packet Sniffing
Document9 pages
Lab Assignment For Chapter 1: 1.1 Packet Sniffing
Juan Carlos Rios
No ratings yet
Qualnet Frequetly Asked Questions
Document2 pages
Qualnet Frequetly Asked Questions
Rishi Krishnan
No ratings yet
Chapter 2
Document47 pages
Chapter 2
papi
No ratings yet
Troubleshoot High Cpu IP Input
Document6 pages
Troubleshoot High Cpu IP Input
janaksundhar85
No ratings yet
What Algorithms Does ESP Use To Protect Information?
Document8 pages
What Algorithms Does ESP Use To Protect Information?
Vedant pople
No ratings yet
Pengertian Dan Penjelasan Data Link Layer The Last Notes
Document10 pages
Pengertian Dan Penjelasan Data Link Layer The Last Notes
Farid Akram
No ratings yet
Packet Life in Linux
Document19 pages
Packet Life in Linux
shanbhagdhiraj
No ratings yet
Quality of Service On The Cisco Catalyst 4500 Supervisor Engine 6-E
Document19 pages
Quality of Service On The Cisco Catalyst 4500 Supervisor Engine 6-E
Gilles de Paimpol
No ratings yet
Cisco ASA Oversubscription-Interface Errors Troubleshooting PDF
Document19 pages
Cisco ASA Oversubscription-Interface Errors Troubleshooting PDF
masterone1810
No ratings yet
CS PPT-3
Document32 pages
CS PPT-3
noreply.myworkspace
No ratings yet
CN Unit III
Document34 pages
CN Unit III
selvakanmani.cse s
No ratings yet
21bce2676 VL2023240503020 Ast02
Document18 pages
21bce2676 VL2023240503020 Ast02
sudheshna palle
No ratings yet
Checkpoint Flow PDF
Document13 pages
Checkpoint Flow PDF
KannanZenithRider
No ratings yet
100 Cisco
Document93 pages
100 Cisco
ulugbek
No ratings yet
Troubleshooting SK19423
Document2 pages
Troubleshooting SK19423
shuggyb
No ratings yet
Distributed Cache Updating For The Dynamic Source Routing Protocol
Document5 pages
Distributed Cache Updating For The Dynamic Source Routing Protocol
Radhika Mysore
No ratings yet
CISCO Security QuestionsBank Mohawk College
Document8 pages
CISCO Security QuestionsBank Mohawk College
Don D
No ratings yet
Evaluation of NOC Using Tightly Coupled Router Architecture: Bharati B. Sayankar, Pankaj Agrawal
Document5 pages
Evaluation of NOC Using Tightly Coupled Router Architecture: Bharati B. Sayankar, Pankaj Agrawal
IOSRjournal
No ratings yet
Wire Shark
Document11 pages
Wire Shark
Anis Farhana Aliman
No ratings yet
Bilal Real Time LAb 4
Document16 pages
Bilal Real Time LAb 4
Muhammad Younas
No ratings yet
Path of A Packet in The Linux Kernel Stack: Ashwin Kumar Chimata
Document19 pages
Path of A Packet in The Linux Kernel Stack: Ashwin Kumar Chimata
sk
No ratings yet
Computer Networks Assignment - Lpu
Document6 pages
Computer Networks Assignment - Lpu
Hitesh Sahani
100% (1)
Sba5s1a-1 D Handout
Document4 pages
Sba5s1a-1 D Handout
Meo Map
No ratings yet
Configuring SPAN On Cisco Catalyst Switches - Monitor & Capture Network Traffic - Packets
Document5 pages
Configuring SPAN On Cisco Catalyst Switches - Monitor & Capture Network Traffic - Packets
Pranav Gupta
No ratings yet
CS PPT-3
Document27 pages
CS PPT-3
lalar80000
No ratings yet
En Route v7 Ch05
Document65 pages
En Route v7 Ch05
Santiago Jimenez
No ratings yet
Lab 2.6.2: Using Wireshark™ To View Protocol Data Units: Learning Objectives
Document14 pages
Lab 2.6.2: Using Wireshark™ To View Protocol Data Units: Learning Objectives
lulu126
100% (5)
Sequence Error Detection: Application Note
Document9 pages
Sequence Error Detection: Application Note
Jadson Costa
No ratings yet
High-speed Serial Buses in Embedded Systems
From Everand
High-speed Serial Buses in Embedded Systems
Feng Zhang
No ratings yet
Network Security
From Everand
Network Security
André Perez
No ratings yet
SDM
Document20 pages
SDM
Narendra Pattanayak
No ratings yet
NCERT Class 10 Scince Chapter 1 Chemical Reactions and Equations MCQ's
Document4 pages
NCERT Class 10 Scince Chapter 1 Chemical Reactions and Equations MCQ's
Narendra Pattanayak
No ratings yet
Lte G9
Document14 pages
Lte G9
Narendra Pattanayak
No ratings yet
Sukanya Samriddhi Vs PPF
Document1 page
Sukanya Samriddhi Vs PPF
Narendra Pattanayak
No ratings yet
MCQ Chemical Reaction1
Document4 pages
MCQ Chemical Reaction1
Narendra Pattanayak
No ratings yet
Control Command For Microwave Link Acknowledgment and Its Troubleshooting Strategy
Document3 pages
Control Command For Microwave Link Acknowledgment and Its Troubleshooting Strategy
Narendra Pattanayak
No ratings yet
Internet Engineering Course: Network Design
Document26 pages
Internet Engineering Course: Network Design
Narendra Pattanayak
No ratings yet
F5 App Traffic MGMT
Document69 pages
F5 App Traffic MGMT
adityanandwani
No ratings yet
Top 100 Networking Interview Questions & Answers
Document16 pages
Top 100 Networking Interview Questions & Answers
Narendra Pattanayak
No ratings yet
QNS SW
Document2 pages
QNS SW
Narendra Pattanayak
No ratings yet
Aruba in Ten Minutes
Document7 pages
Aruba in Ten Minutes
Narendra Pattanayak
No ratings yet
E1 Tester
Document12 pages
E1 Tester
Narendra Pattanayak
No ratings yet
Ee101 DGTL 5
Document150 pages
Ee101 DGTL 5
Narendra Pattanayak
No ratings yet
Aruba in Ten Minutes
Document7 pages
Aruba in Ten Minutes
Narendra Pattanayak
No ratings yet
Advanced-Security-WB-V I November 13, 2010
Document694 pages
Advanced-Security-WB-V I November 13, 2010
Narendra Pattanayak
No ratings yet
Chapter 4: Cabling: What Is Network Cabling?
Document6 pages
Chapter 4: Cabling: What Is Network Cabling?
Narendra Pattanayak
No ratings yet
Careers - Netcon Technologies
Document2 pages
Careers - Netcon Technologies
Narendra Pattanayak
No ratings yet
3.2.2.4 Lab - Troubleshooting EtherChannel
Document7 pages
3.2.2.4 Lab - Troubleshooting EtherChannel
okirere
No ratings yet
Troubleshooting Basics
Document9 pages
Troubleshooting Basics
Narendra Pattanayak
No ratings yet
OSPF Neighbor Problems Explained - Cisco
Document7 pages
OSPF Neighbor Problems Explained - Cisco
Narendra Pattanayak
No ratings yet
How To Resolve EIGRP Issues
Document1 page
How To Resolve EIGRP Issues
Narendra Pattanayak
No ratings yet
E111002-Project Final Proposal
Document6 pages
E111002-Project Final Proposal
Reema Mubarak
No ratings yet
Lab 6
Document5 pages
Lab 6
Nuran Amirxanov
No ratings yet
Data Comm and Comp Networking Lecture Note
Document35 pages
Data Comm and Comp Networking Lecture Note
Mikiyas Getasew
No ratings yet
Lecture No.12 Ms. Sara Fareed: Information Communication and Technology (ICT)
Document23 pages
Lecture No.12 Ms. Sara Fareed: Information Communication and Technology (ICT)
Haidar
No ratings yet
2022 Streaming Summit Netflix
Document100 pages
2022 Streaming Summit Netflix
MInh Thanh
No ratings yet
11 Steps To Secure Your Asterisk PBX
Document3 pages
11 Steps To Secure Your Asterisk PBX
Jie Yin
No ratings yet
Installalling IPFire
Document25 pages
Installalling IPFire
polizei1564
No ratings yet
Dashboard in Exce
Document26 pages
Dashboard in Exce
Jobaer
No ratings yet
Cisco: Exam Questions 700-765
Document7 pages
Cisco: Exam Questions 700-765
Thiago Andrade Leite
No ratings yet
ITC Theory Assignment 1.BBA-1A
Document3 pages
ITC Theory Assignment 1.BBA-1A
Atif Kiani
No ratings yet
LSS Tools and Services Overview
Document23 pages
LSS Tools and Services Overview
Nawel Oran
No ratings yet
U2 - M3 - Security Mechanisms
Document37 pages
U2 - M3 - Security Mechanisms
GarvitJain
No ratings yet
Practical:12: 2ceit509 Mobile Application Development
Document8 pages
Practical:12: 2ceit509 Mobile Application Development
DIVYESH PATEL
No ratings yet
The HttpOnly Flag - Protecting Cookies Against XSS - Acunetix
Document7 pages
The HttpOnly Flag - Protecting Cookies Against XSS - Acunetix
anindya
No ratings yet
Quiz 1 Explanation - Chapter 1 - Introduction To Accounting Software
Document8 pages
Quiz 1 Explanation - Chapter 1 - Introduction To Accounting Software
Jamaica David
100% (1)
Tic Tac Toe
Document17 pages
Tic Tac Toe
Rishabh Tripathi
No ratings yet
Digital System Design With VHDL and Fpga Controller Based Pulse Width Modulation
Document10 pages
Digital System Design With VHDL and Fpga Controller Based Pulse Width Modulation
Ahmed Kazmi
No ratings yet
Ssdsddssdds
Document3 pages
Ssdsddssdds
nesti
No ratings yet
Install Sophos Central Endpoint
Document9 pages
Install Sophos Central Endpoint
nageshwar reddy
No ratings yet
As ICT Relational Databases
Document16 pages
As ICT Relational Databases
blessing
No ratings yet
MIL Q1 M3 Evolution-of-Media
Document31 pages
MIL Q1 M3 Evolution-of-Media
Jose Marie C Avila
No ratings yet
Unit 3
Document98 pages
Unit 3
Mayank Ghimire
No ratings yet
SNMP Agent: GSM - Signal
Document2 pages
SNMP Agent: GSM - Signal
Arun Kumar
No ratings yet
Unit Wise Question Bank
Document6 pages
Unit Wise Question Bank
Pratik Nalgire
No ratings yet