Can someone advise when the Security-Level of an interface is checked during the packet flow? Is this done at the start, e.g part of step 3 in the link provided?
Taken from the page.. I know traffic can't move from a low to high without a specific ACL, but at what point does the ASA check the security level of the incoming interface and destination interface of the packet before deciding if it's allowed or not based on that alone.
Here are the individual steps in detail:
Packet is reached at the ingress interface.
Once the packet reaches the internal buffer of the interface, the input counter of the interface is incremented by one.
Cisco ASA will first verify if this is an existing connection by looking at its internal connection table details. If the packet flow matches an existing connection, then the access-control list (ACL) check is bypassed, and the packet is moved forward.
If packet flow does not match an existing connection, then TCP state is verified. If it is a SYN packet or UDP packet, then the connection counter is incremented by one and the packet is sent for an ACL check. If it is not a SYN packet, the packet is dropped and the event is logged
I can't say for certain, but based on packet tracers I remember I believe it would be dropped during the ACL check and it would say dropped by "implicit rule". So my guess would be Step 4. If you have access to a test system I would recommend testing it with a packet tracer, it might shed some light on it for you.
More people are working remotely, and this increases the risk of security breaches and the difficulty in defending remote workers where they work and securing the devices they use.
Learn about Cisco Remote Secure Worker solutions that verify workers, secu...
ISE Node Terminology
Policy Administration Node
Monitoring & Troubleshooting Node
Policy Services Node
Platform Exchange Grid Node
The single plane of glass for ISE administration and configuration operatio...
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr...
About this Document
Cisco Secure Endpoint (formerly AMP for Endpoints) is a comprehensive Endpoint Security solution designed to function both as a stand-alone tool, and as a part of the architecture of natively integrated Cisco and 3rd par...