topic The ASA firewall will first in Network Security

ACL or Routing first

mahesh18 — Tue, 12 Mar 2019 06:15:05 GMT

Hi everyone,

I am trying to check routing for traffic flow from source to destination.

When traffic is hitting the firewall say interface inside then i do sh run route

i noticed firewall has no static route to destination subnet.

So in this case will firewall create any log message?

So need to know when traffic is coming from inside interface of firewall and say it has to go to destination subnet 10.10.10.1 on port 445 and there is

no routing in place for 10.10.10.1 Will firewall check routing first or ACL?

Regards

Mahesh

Hi MaheshI am very open to

Mark Mc Nicholas — Fri, 10 Jul 2015 21:22:56 GMT

I think this document may answer your question

http://www.cisco.com/image/gif/paws/113396/asa-packet-flow-00.pdf

The ASA firewall will first

Marius Gunnerud — Sat, 11 Jul 2015 18:09:41 GMT

The ASA firewall will first check to see if there already is a connection for the traffic in the state table, If there is no existing connection it will then check the ACL, then routing table.

If you want to see the packet flow through the ASA you could do a packet-tracer which will show you exactly the flow of a packet...with the exception of the checking the state table.

Please remember to select a correct answer and rate helpful posts

Many thanksRegardsMahesh

mahesh18 — Mon, 13 Jul 2015 14:19:35 GMT

Many thanks

Regards

Mahesh