Solved: asa application inspection

carl_townshend · ‎09-27-2012

Hi all

By default the asa does a default application inspection for certain traffic.

is this inspection only looking for certain port number changes and other embedded ip addresses? I gather it doesnt look for anonimalies etc ?

cheers

Karsten Iwen · ‎09-27-2012

The answer depends on the protocol you are looking for. Most of the default-inspections just make the protocol work (FTP, Voice-inspections and so on). But some of them look into the packets to make the connection more secure (ESMTP).

Here is some more info on the application-layer inspections:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/inspect_overview.html#wp1435177

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

Karsten Iwen · ‎09-27-2012

The answer depends on the protocol you are looking for. Most of the default-inspections just make the protocol work (FTP, Voice-inspections and so on). But some of them look into the packets to make the connection more secure (ESMTP).

Here is some more info on the application-layer inspections:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/inspect_overview.html#wp1435177

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni