What is ASP?

Ravi_916 · ‎03-09-2020

What is ASP in ASA?

How it works.

Router forward Traffic based on CEF.

then How ASA Forward traffic?

Sheraz.Salim · ‎03-09-2020

What is the Accelerated Security Path ?

The Accelerated Security Path (ASP) on the ASA appliance comprises of 2 components; The Fast Path and The Session Management Path. In addition to the Accelerated Security Paths there is also the Control Plane Path which is also covered below.

The Session Management Path

When a new connection reaches the ASA gateway the first packet is sent to the “Session Management Path”. This path is responsible for

* Performing the access list checks
* Performing route lookups
* Allocating NAT translations (xlates)
* Establishing sessions in the "fast path"

The Fast Path

If the connection is already established, the security appliance does not need to re-check packets and the packets are sent to the Fast Path. The Fast Path is responsible for the following tasks:

* IP checksum verification
* Session lookup
* TCP sequence number check
* NAT translations based on existing sessions
* Layer 3 and Layer 4 header adjustments

For UDP or other connectionless protocols, the security appliance creates connection state information so that it can also use the fast path.

Some established session packets must continue to go through the session management path or the control plane path. Generally packets that require HTTP packet inspection or content filtering will go through to the session management. Packets that go through the control plane path include the control packets for protocols that require Layer 7 inspection. But Data packets for protocols that require Layer 7 inspection can still go through the Fast Path.

The Control Plane Path

Some packets which require adjustments or changes to be made to the packets headers at a Layer 7 level. Or Layer 7 inspection engines which are required for dynamic port based protocols such as FTP and H.323 etc are passed to the Control Plane Path.

How do I Debug ASP Drops ?

There are 3 main ways to confirm whether your ASA appliance has dropped packets at the ASP stage. These are:

1. Viewing the ASP statistics
2. Viewing the ASA Logs
3. Running an ASP Drop packet capture

Viewing the ASP statistics

In order to view the ASP drop statistics you can run the command “sh asp drop”.

asa-firewall# sh asp drop
Frame drop:
Invalid TCP Length (invalid-tcp-hdr-length) 20
First TCP packet not SYN (tcp-not-syn) 902518
Bad TCP flags (bad-tcp-flags) 39
Last clearing: 19:45:39 UTC Jan 18 2010 by user
Flow drop:
NAT failed (nat-failed) 218
Inspection failure (inspect-fail) 29170
SSL received close alert (ssl-received-close-alert) 4

Last clearing: 19:45:39 UTC Jan 18 2010 by user

This will give you an overview view of the type of drops being encountered. But does not provided the necessary information to isolate and troubleshoot particular hosts.

You can also clear these counters using the clear asp drop command.

Viewing the ASA Logs

Via your Syslog server you will be able to view the logs showing the dropped connections. This will provide the reason along with the source and destination addresses. An example is shown below for an MSS Excedded ASP drop,

%ASA-4-419001: Dropping TCP packet from outside:192.168.9.2/80 to inside:192.168.9.30/1025, reason: MSS exceeded, MSS 460, data 1440

Running an ASP drop packet capture

This is in my opinion the most concise and efficient way of troubleshooting your ASP dropped traffic.
To enable a packet capture on all traffic for all asp-drop types use the following command :

asa-firewall# capture asp-drop type asp-drop all

To then see your buffer for the asp-drop capture run the following command. You can see from the highlighted sections the reason for the drop.

asa-firewall# sh capture asp-drop

2 packets captured
1: 15:15:00.682154 197.2.1.29.2616 > 87.200.42.101.443: S 1239395083:1239395083(0) win 65535 <mss 1260,nop,nop,sackOK> Drop-reason: (acl-drop) Flow is denied by configured rule
4: 15:15:00.750830 10.70.0.162.3812 > 168.252.3.41.15: S 3523756300:3523756300(0) win 65535 <mss 1360,nop,nop,sackOK> Drop-reason: (rpf-violated) Reverse-path verify failed

reference from https://www.fir3net.com/Firewalls/Cisco/what-is-asp-and-how-to-troubleshoot-asp-drops-on-an-asa.html

please do not forget to rate.

haiderh8798 · ‎09-27-2023

ASP can refer to several different things depending on the context. Here are some common meanings:

Active Server Pages (ASP): Active Server Pages is a server-side scripting technology developed by Microsoft for creating dynamic and interactive web pages. It allows you to embed scripts (usually written in VBScript or JavaScript) within HTML pages to generate dynamic content.
Average Selling Price (ASP): In business and economics, ASP refers to the average price at which a particular product or service is sold over a specific period. It is often used to analyze pricing trends and revenue generation in various industries.
Application Service Provider (ASP): An Application Service Provider is a company that delivers software applications and related services over the internet or through a network. Customers can access and use these applications on a subscription or pay-as-you-go basis.
Atypical Small Acinar Proliferation (ASP): In the medical field, ASP can also stand for "Atypical Small Acinar Proliferation." It's a term used in the context of prostate biopsies to describe small clusters of abnormal cells that may or may not indicate prostate cancer.
Association of Surfing Professionals (ASP): The Association of Surfing Professionals was the former name of the World Surf League (WSL), the governing body for professional surfers and surfing competitions.

The meaning of "ASP" can vary widely depending on the domain or industry in which it is used, so it's important to consider the context to determine its specific meaning.

haiderh8798 · ‎09-27-2023

Certainly, here's some more information on the different meanings of "ASP":

Active Server Pages (ASP):
- Active Server Pages (ASP) is a server-side scripting technology developed by Microsoft. It allows web developers to create dynamic and interactive web pages.
- ASP pages contain scripts (usually written in VBScript or JavaScript) that are executed on the web server before the web page is sent to the user's browser.
- ASP.NET is a later iteration of ASP, and it's commonly used for web application development on the Microsoft platform.
Average Selling Price (ASP):
- Average Selling Price (ASP) is a metric used by businesses to analyze their pricing strategy and track revenue trends.
- It's calculated by dividing the total revenue generated from the sales of a product or service by the total number of units sold during a specific period.
- ASP can be useful for understanding how changes in pricing impact overall revenue and profitability.
Application Service Provider (ASP):
- An Application Service Provider (ASP) is a company that hosts and delivers software applications and related services to customers over the internet or a network.
- Customers access these applications remotely, typically on a subscription or pay-as-you-go basis, without needing to install or maintain the software locally.
- ASPs are commonly used for software-as-a-service (SaaS) offerings.
Atypical Small Acinar Proliferation (ASP):
- In the field of pathology, Atypical Small Acinar Proliferation (ASP) refers to a condition found in prostate biopsies.
- ASP is characterized by small clusters of cells in the prostate that have certain irregularities but do not definitively indicate prostate cancer.
- When ASP is identified in a biopsy, further evaluation or follow-up may be necessary to determine if cancer is present.
Association of Surfing Professionals (ASP):
- The Association of Surfing Professionals (ASP) was the former name of the World Surf League (WSL), which is the primary governing body for professional surfing competitions around the world.
- The WSL organizes and sanctions various surfing events, including the Championship Tour, which features the world's top surfers competing at renowned surf breaks.

These are the key meanings of "ASP" in different contexts. Depending on the industry or subject matter, you may encounter variations or additional meanings related to this abbreviation.