Friday, May 15, 2009

ASA Order of Operation

This is the complete ASA Order of Operation in Routed Mode:
  • Virtual Firewall Classification
  • Layer 2 validation
  • Layer 3 validation
  • IP packet security checks
  • Fragmented IP traffic handling
  • INPUT L2 ACL - Unlike L3/4 ACL, L2 ACL is per packet
  • Packet capture
  • Flow look-up - If Fails, Continue; If Success, jump to Input QoS
  • Additional packet security checks
  • NAT untranslate
  • RPF Checks
  • Input Route lookup
  • Addtional packet security checks (thru the box only)
  • Crypto checks
  • ACL Check
  • WCCP Redirection
  • TCP Intercept
  • IP Options permit check
  • Validate IPSec SPI
  • Flow Creation
  • Global Classification
  • Input QOS
  • IPSec Tunnel Procesing
  • TCP Intercept Processing
  • TCP Security Engine
  • IP Option Processing
  • NP Inspect Engine Processing (ICMP/DNS/RTP/RTCP)
  • DNS Guard
  • Pinhole Processing
  • Multicast processing
  • CSC Module Processing (optional)
  • Inspection Engine Processing/AAA punts/IPsec over TCP punts
  • IPSec NAT-T Processing
  • Decrypt
  • Address Update and Checksum Adjustments
  • TCP Security Engine
  • IPS - AIP Module processing (optional)
  • Adjacency Look-up if necessary
  • Output QOS
  • Encrypt
  • Fragment
  • Output Capture
  • Output L2 ACL
  • Queue processing and Transmit
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)