Thursday, June 16, 2011

Cisco ASA order of operations



1. FLOW-LOOKUP- This will check for existing connections. I a connection exists, the flow is automatically allowed

2. ROUTE-LOOKUP - This is the inbound route lookup which includes reverse patch, if enabled.

3. Inbound ACCESS-LIST- Checks for an interface ACL

4. CONN-SETTINGS - Application layer checks (Class maps)

5. IP-OPTIONS- RFC 791

6. NAT

7. Outbound ACCESS-LIST (if an outbound access list exists on the egress interface).

9.FLOW-CREATION

10.ROUTE LOOKUP - Destination route lookup

No comments:

Post a Comment