Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1393
Views
10
Helpful
2
Replies

Routing Protocol Inspection Through ASA

Go to solution
Ravi_916
Level 1
Level 1

‎02-01-2020 02:57 PM

do we inspect Routing protocols or routing protocols packets through asa.

By default ASA allows Routing protocol packets but i we want to inspect routing protocols.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Muhammad Awais Khan
Cisco Employee
Cisco Employee

‎02-01-2020 03:24 PM

hi,

 

What you want to achieve with inspection for a Routing Protocol? ASA on a high level do inspection for two reasons, to check the application whether it uses non-standard ports which will also allow to take some actions with protocol inspected and to monitor the state of the session

View solution in original post

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-01-2020 05:17 PM

No.

Here are the protocols eligible for inspection natively on an ASA:

ccielab-asa(config-pmap-c)# inspect ?

mpf-policy-map-class mode commands/options:
  ctiqbe           
  dcerpc           
  diameter         
  dns              
  esmtp            
  ftp              
  gtp              
  h323             
  http             
  icmp             
  ils              
  im               
  ip-options       
  ipsec-pass-thru  
  ipv6             
  lisp             
  m3ua             
  mgcp             
  mmp              
  netbios          
  pptp             
  rsh              
  rtsp             
  scansafe         
  sctp             
  sip              
  skinny           
  snmp             
  sqlnet           
  stun             
  sunrpc           
  tftp             
  vxlan            
  waas             
  xdmcp            
ccielab-asa(config-pmap-c)#

View solution in original post

2 Replies 2

Go to solution
Muhammad Awais Khan
Cisco Employee
Cisco Employee

‎02-01-2020 03:24 PM

hi,

 

What you want to achieve with inspection for a Routing Protocol? ASA on a high level do inspection for two reasons, to check the application whether it uses non-standard ports which will also allow to take some actions with protocol inspected and to monitor the state of the session

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-01-2020 05:17 PM

No.

Here are the protocols eligible for inspection natively on an ASA:

ccielab-asa(config-pmap-c)# inspect ?

mpf-policy-map-class mode commands/options:
  ctiqbe           
  dcerpc           
  diameter         
  dns              
  esmtp            
  ftp              
  gtp              
  h323             
  http             
  icmp             
  ils              
  im               
  ip-options       
  ipsec-pass-thru  
  ipv6             
  lisp             
  m3ua             
  mgcp             
  mmp              
  netbios          
  pptp             
  rsh              
  rtsp             
  scansafe         
  sctp             
  sip              
  skinny           
  snmp             
  sqlnet           
  stun             
  sunrpc           
  tftp             
  vxlan            
  waas             
  xdmcp            
ccielab-asa(config-pmap-c)#
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card