Packet Procesing In Cisco Asa
Páginas: 2 (346 palabras)
Publicado: 1 de octubre de 2012
Packet Processing in Cisco ASA
Depending on the incoming interface (direction of traffic), the ASA processes
the operations in a different order. The following list shows the order of operationsthe
ASA goes through upon receiving a packet from an inside interface destined to a host on the outside interface:
• • Received Packet from Interface: Inside.
• • Flow Lookup:Does this packet belong to an existing flow entry?
• • Route Lookup: Perform a longest prefix match route lookup for the destination IP address in the packet against the information heldwithin the ASA’s routing table.
• • Access List: Check the packet against any access lists configured on the incoming path.
• • IP Options (MPF): Check the packet against MPFconfigured policies (QoS, embryonic limits, and so on).
• • VPN Crypto Match?: Is this packet destined for a host through a VPN tunnel?
• • NAT: Perform NAT translation against thefields in the packet based on any configured NAT rules.
• • NAT Host Limit: Is this packet subject to any limits imposed that might cause it to be discarded (for example, half-openconnections)?
• • IP Options (MPF): Check the packet against MPF configured policies (QoS, embryonic limits, and so on).
• • Flow Creation: If this packet is a new flow, create a newflow entry for it here.
• • Send Packet Out of Interface: Outside.
• The following is the order of operations taken by the ASA upon receiving a packet on the outside interface destined fora host connected to a network on the inside interface:
• • Received Packet from Interface: Outside.
• • Flow Lookup
• • Route Lookup
• • Access List
• •IP Options (MPF)
• • VPN Crypto Match?
• • NAT (RPF): Is the best path in the routing table toward the source IP address in the packet through the interface in which it came into...
Depending on the incoming interface (direction of traffic), the ASA processes
the operations in a different order. The following list shows the order of operationsthe
ASA goes through upon receiving a packet from an inside interface destined to a host on the outside interface:
• • Received Packet from Interface: Inside.
• • Flow Lookup:Does this packet belong to an existing flow entry?
• • Route Lookup: Perform a longest prefix match route lookup for the destination IP address in the packet against the information heldwithin the ASA’s routing table.
• • Access List: Check the packet against any access lists configured on the incoming path.
• • IP Options (MPF): Check the packet against MPFconfigured policies (QoS, embryonic limits, and so on).
• • VPN Crypto Match?: Is this packet destined for a host through a VPN tunnel?
• • NAT: Perform NAT translation against thefields in the packet based on any configured NAT rules.
• • NAT Host Limit: Is this packet subject to any limits imposed that might cause it to be discarded (for example, half-openconnections)?
• • IP Options (MPF): Check the packet against MPF configured policies (QoS, embryonic limits, and so on).
• • Flow Creation: If this packet is a new flow, create a newflow entry for it here.
• • Send Packet Out of Interface: Outside.
• The following is the order of operations taken by the ASA upon receiving a packet on the outside interface destined fora host connected to a network on the inside interface:
• • Received Packet from Interface: Outside.
• • Flow Lookup
• • Route Lookup
• • Access List
• •IP Options (MPF)
• • VPN Crypto Match?
• • NAT (RPF): Is the best path in the routing table toward the source IP address in the packet through the interface in which it came into...
Leer documento completo
Regístrate para leer el documento completo.