Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
678
Views
0
Helpful
4
Replies

ASA v Router

Go to solution
ciscoben2009
Level 1
Level 1

‎11-25-2012 08:19 AM - edited ‎03-11-2019 05:27 PM

Hello everyone

forgive me but i am trying understand the ASA firewalls more i come from a router zone based firewall background but the ASA seem to have less advance firewall?

the ASA seem to reply more on ACLS were the ZBR seems to use the class map for layer 4 inspection

to me the ZBF seems to have been advanced more in the config compared to the ASA

am i missing something ? are the ACLs on a ASA different to the kind on a router do they inspect traffic like the class map?

any info would be great

thanks

Ben

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to ciscoben2009

‎11-25-2012 10:24 AM

Hello Ben,

Yes, it will... That is the whole purpose of a deep packet inspection and stateful firewall as the ASA.

The ASA has already some built-in inspection rules that will allow traffic to return when this traffic is innitiatted on the higher security level interface.

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎11-25-2012 08:54 AM

Hello Ben,

The ACLs are going to be the simple layer 3-4 check but you can use layer 7 inspection in order to perform more advanced and granular inspection with the use of the Modular Policy Framework ( MPF)

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
ciscoben2009
Level 1
Level 1
In response to Julio Carvajal

‎11-25-2012 10:13 AM

will the ASA allow return traffic like a class map would on a router?

the ASA sounds almost like the IOS firewall but needs inspection rules to return traffic does the ASA do this the same way?

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to ciscoben2009

‎11-25-2012 10:24 AM

Hello Ben,

Yes, it will... That is the whole purpose of a deep packet inspection and stateful firewall as the ASA.

The ASA has already some built-in inspection rules that will allow traffic to return when this traffic is innitiatted on the higher security level interface.

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
ciscoben2009
Level 1
Level 1
In response to Julio Carvajal

‎11-25-2012 11:20 AM

ah i see thats great thanks!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card