https://community.cisco.com/t5/network-security/protocols-allowed-to-pass-asa/m-p/2054711#M408336 <P>Hi Everyone,</P><P></P><P>Need to know how can we tell from sh run config that what protocols are allowed means ASA is not doing any inspection</P><P>on them or we can say it is not blocking -&nbsp;&nbsp;&nbsp; when traffic passes through the ASA?</P><P></P><P>Also is there any command which we can use from CLI to check this?</P><P></P><P>Thanks</P><P></P><P>Mahesh</P> Tue, 12 Mar 2019 00:13:37 GMT mahesh18 2019-03-12T00:13:37Z https://community.cisco.com/t5/network-security/protocols-allowed-to-pass-asa/m-p/2054711#M408336 <P>Hi Everyone,</P><P></P><P>Need to know how can we tell from sh run config that what protocols are allowed means ASA is not doing any inspection</P><P>on them or we can say it is not blocking -&nbsp;&nbsp;&nbsp; when traffic passes through the ASA?</P><P></P><P>Also is there any command which we can use from CLI to check this?</P><P></P><P>Thanks</P><P></P><P>Mahesh</P> Tue, 12 Mar 2019 00:13:37 GMT https://community.cisco.com/t5/network-security/protocols-allowed-to-pass-asa/m-p/2054711#M408336 mahesh18 2019-03-12T00:13:37Z https://community.cisco.com/t5/network-security/protocols-allowed-to-pass-asa/m-p/2054712#M408337 <HTML><HEAD></HEAD><BODY><P>Hello Mahesh,</P><P></P><P>You have different options</P><P>Run a packet-tracer will definelty let you know all the traffic rules that a particular flow takes.</P><P></P><P>packet-tracer input interface_name_if tcp/udp source_ip source_port destination_ip destination_port</P><P></P><P></P><P>Or just by checking inspection policies, ACL's, Nat rules.</P></BODY></HTML> Wed, 24 Oct 2012 20:57:18 GMT https://community.cisco.com/t5/network-security/protocols-allowed-to-pass-asa/m-p/2054712#M408337 Julio Carvajal 2012-10-24T20:57:18Z https://community.cisco.com/t5/network-security/protocols-allowed-to-pass-asa/m-p/2054713#M408338 <HTML><HEAD></HEAD><BODY><P> Hi Julio,</P><P></P><P>If sh run shows following configuration</P><P></P><P>case1</P><P></P><P>policy-map global_policy</P><P>class inspection_default</P><P>&nbsp; inspect icmp ***************************************</P><P>service-policy global_policy global</P><P></P><P>Does inspect icmp&nbsp; here means that allow icmp if ping is sourced from inside of the network?</P><P>Need to know the exact purpose of inspect command in ASA config???</P><P></P><P>policy-map global_policy&nbsp; ---&nbsp; does it mean that it applies&nbsp; to whole ASA&nbsp; traffic ?</P><P></P><P>******************************************************************************************************************</P><P>service-policy global_policy global ----Purpose of this command?</P><P></P><P>Thanks</P><P>Mahesh</P></BODY></HTML> Wed, 24 Oct 2012 21:19:21 GMT https://community.cisco.com/t5/network-security/protocols-allowed-to-pass-asa/m-p/2054713#M408338 mahesh18 2012-10-24T21:19:21Z https://community.cisco.com/t5/network-security/protocols-allowed-to-pass-asa/m-p/2054714#M408339 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>That means that if ICMP connection&nbsp; is allowed on 'X" interface the returning traffic will be allowed because of the inspection ( session will be on the connection table of the ASA)</P><P></P><P>policy-map global_policy&nbsp; ---&nbsp; does it mean that it applies&nbsp; to whole ASA&nbsp; traffic ?</P><P>No, that is just the name of the policy.</P><P></P><P>The command that defines where to set this up is the service-policy and ofcourse a global means all over the interfaces.</P><P></P><P>Regards,</P></BODY></HTML> Wed, 24 Oct 2012 21:39:21 GMT https://community.cisco.com/t5/network-security/protocols-allowed-to-pass-asa/m-p/2054714#M408339 Julio Carvajal 2012-10-24T21:39:21Z https://community.cisco.com/t5/network-security/protocols-allowed-to-pass-asa/m-p/2054715#M408340 <HTML><HEAD></HEAD><BODY><P>Hi Julio,</P><P></P><P>Many Thanks again</P><P></P><P>Regards</P><P>Mahesh</P></BODY></HTML> Thu, 25 Oct 2012 02:12:31 GMT https://community.cisco.com/t5/network-security/protocols-allowed-to-pass-asa/m-p/2054715#M408340 mahesh18 2012-10-25T02:12:31Z