Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
562
Views
0
Helpful
1
Replies

Multiple service policies on ASA

Colin Higgins
Level 2
Level 2

‎07-25-2014 10:33 AM - edited ‎03-11-2019 09:32 PM

I created a service policy that uses REGEX expressions to limit access to certain websites on my ASA firewall.

 

I then applied this policy to the interface

 

However, the global policy still exists on the firewall (the default), which, by design affects all interfaces.

 

How will these two policies interact? Do they merge when traffic comes in on the interface?

Labels:
0 Helpful
1 Reply 1

nkarthikeyan
Level 7
Level 7

‎07-26-2014 03:11 AM

Hi Colins,

 

When a packet arrives the asa it checks the acl assigned to the interface where the traffic hits..... then it goes and check the xlate table.... then it checks the service policy defined in your firewall...... obviously it will check both the global and locally defined service policies on the interface..... in general global policies will have the inspect statement to enable fast path for certain protocols which doesn't have reverse path or stateful way.... so those are required to be inspected to enable fast path..... so both the service policies will be handled seperately but on the same process sequence..... before it goes out....

 

Regards

Karthik

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card