Solved: asa application inspection

carl_townshend · ‎09-27-2012

Hi all

By default the asa does a default application inspection for certain traffic.

is this inspection only looking for certain port number changes and other embedded ip addresses? I gather it doesnt look for anonimalies etc ?

cheers

Karsten Iwen · ‎09-27-2012

The answer depends on the protocol you are looking for. Most of the default-inspections just make the protocol work (FTP, Voice-inspections and so on). But some of them look into the packets to make the connection more secure (ESMTP).

Here is some more info on the application-layer inspections:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/inspect_overview.html#wp1435177

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

Karsten Iwen · ‎09-27-2012

The answer depends on the protocol you are looking for. Most of the default-inspections just make the protocol work (FTP, Voice-inspections and so on). But some of them look into the packets to make the connection more secure (ESMTP).

Here is some more info on the application-layer inspections:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/inspect_overview.html#wp1435177

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.