Scribd
Upload
158 views

ASA Part One

The document provides an overview of the key capabilities and configuration options of the Cisco ASA firewall including: - Stateful firewall filtering, VPN termination, intrusion prevention, and content filtering. - Security levels, context modes (single or multiple), and firewall modes (routed or transparent) which determine how traffic is filtered between interfaces. - Support for routing protocols, ACLs, application inspection, QoS, NAT, high availability, and system management.

Uploaded by

Ratnesh Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
158 views

ASA Part One

The document provides an overview of the key capabilities and configuration options of the Cisco ASA firewall including: - Stateful firewall filtering, VPN termination, intrusion prevention, and content filtering. - Security levels, context modes (single or multiple), and firewall modes (routed or transparent) which determine how traffic is filtered between interfaces. - Support for routing protocols, ACLs, application inspection, QoS, NAT, high availability, and system management.

Uploaded by

Ratnesh Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 9

ASA Agenda: Overview

Device Initialization
Routing Protocols
ACLs & Object Groups
MPF and Application Inspection
Quality of Service
NAT
Transparent firewall
Multiple Context mode
High Availability
System Management

ASA Overview
Stateful Firewall Filtering
- Supports Application Aware Inspection
VPN Termination
- Supports both IPsec and SSL VPNs
Intrusion Prevention System (IPS)
- IPS 5.x on Advanced Inspection and
Prevention(AIP)
Security Service Module (SSM)
Content Filtering (Virus,spy-ware, spam
etc)
- Content Security and control (CSC)
Security Service Module(SSM)

ASA Stateful firewall Filtering


Track traffic that moves from trusted network to the
untrusted network
- E.g Inside to Outside interface
Create an entry in the state table for the traffic flow
- E.g TCP port 80 HTTP session from Client A to server
B
Track traffic that tries to enter from the untrusted
network to the trusted network
- If an entry exits in the state table, permit it
E.g the return HTTP flow from sever B to Client A
If no entry exists in the state table , deny it
E.g NMAP port scan from the outside network

ASA Security Levels


ASA classifies the levels of "trust" of an interface
by its
security-levels
- Range of 0 - 100
100 is the most trusted interface
- Assigned to interface "inside" by default
0 is the most untrusted interface
- Assigned to all other interface by default

ASA Security Levels


Traffic from higher to lower security levels
- permit by default
- E.g Inside to Outside
Traffic from lower to higher security levels
- permit if state already exists
- Deny if no state by default
- E.g Outside to Inside
Traffic between interfaces of same security
- Deny by default
- Exception with same-security-traffic permit
{inter-interface | intra-interface}

ASA Context Mode


ASA supports two different context modes of
operation
- Single context mode
- Multiple context mode ( Virtual firewalls)
Single Context Mode
- Shared Configuration for all interfaces, security
policies, routing
table , administrations etc.
Multiple Context Mode
- Separate configuration, interfaces, policies per
virtual context
- Allows for multiple virtual firewall for managed
services or policy separation.

ASA Firewall Modes


ASA supports two different firewall modes of
operation
- Routed firewall
- Transparent firewall
Routed Firewall
- Interfaces are in different subnets and different
VLANS
- Traffic is routed between interfaces :means the
need for static or dynamic routing protocols
Transparent firewall
- Interfaces are in the same subnet but different
VLANS
- Traffic is bridged between interfaces

ASA Context Modes & Firewall


Modes
Context Modes and firewall Modes can run
in any combination
- Single Context Mode Routed Firewall
- Single Context Mode Transparent Firewall
- Multiple Context Mode Routed Firewall
- Multiple Context Mode Transparent Firewall

ASA VPN Termination


Supports both IPsec and SSL VPN Termination
- IPsec with AH, ESP , ESP over UDP and TCP
- SSL over TCP
Supports both LAN to LAN and Remote Access VPNs
- IPsec LAN to LAN
. AKA site to site
- IPsec Remote Access
. AKA Easy VPN Server / Client
- SSL Remote Access
. Clientless VPN (WebVPN)
. Anyconnect SSL VPN Client

You might also like