PIX operation

rajeshiyer — Mon, 11 Mar 2019 15:17:41 GMT

I read the info ( see attachment )in Cisco book "Cisco ASA , PIX,FSWM Firewall handbook , 2nd Edition by David Hucaby"

that for outbound operation , xlate happens before ACL (2nd line in attachemnt ). Moreover ACL uses translated IP rather than its local ones.

I think it has to be :

Packet from Inside to Outside :

ACL --> Routing --> NAT

Packet from Outside to Inside :

ACL --> NAT --> Routing

Correct me if I'm wrong.

Re: PIX operation

r.malviya — Mon, 13 Apr 2009 17:49:21 GMT

Hi Rajesh ,

As per my understanding in case on ACL or Nat comes in ASA is , if the traffic initiate from inside network & want's to communicate to outside server(Internet) which 1st thing need is to be permit by ACL . If ACL Permit's the traffic then only it will forward the traffic otherwise will drop . After completing its looking for Global IP which he will get from the NAT , then it will route the packet .

In Case of Connection from outside to inside ,give you an example .

If your web server which is located inside segment & source is a Host which reside behind the Outside segment(Internet) wants to access the server , then in this case the Host(Internet) attempt to connect to webserver(Inside) on public ip which he get it through Static NAT . Then ASA Check the ACL if permit then forward the Packet & After coming to Nat interface it will unwrap the packet & transfer the packet to its original Local Ip address .

I hope it will useable for you .

Please rate it ......

Regards

Ritesh Malviya

topic PIX operation in Network Security

PIX operation

Re: PIX operation