06-30-2020 12:59 AM
What do each of these terminologies mean? Object Network, Mpf(modular policy framework), embryonic
What does this command do? set connection per-client-max "" per-client-embryonic ""
Why is inspection disabled for ICMP & Traceroute by default in ASA?
What's the differenxce between show nat & show xlate?
I wish to give me an example of NAT that shows translated ip in the following command: show user
Thanks
Solved! Go to Solution.
06-30-2020 04:56 AM
Most of your queries are related to Learning and most of them arleady well documented. ( also if you taking any training you should explore with your instructor for better understanding and practice it in Lab).
I have some notes for you where i have pulled from notes, which help you. (some may be old way back many many years back).
What do each of these terminologies mean? Object Network, Mpf(modular policy framework), embryonic
Object Network -
Network is used to select IP addresses and/or network addresses.
Mpf -
The Cisco ASA Modular Policy Framework (MPF) allows flexible policies to be created to serve a wide range of needs. The outbound traffic can be classified according to user name, user group, source, or destination. The destination aspect can be further classified into three broad categories:
Approved traffic: Traffic from known safe websites is approved by corporate policy.
VPN traffic: Traffic flows through a site-to-site VPN tunnel.
Traffic redirected to Cisco Cloud Web Security: Traffic is sent to Cisco Cloud Web Security for precise web policy control, including URL filtering, antivirus scanning, web content-scanning ScanSafe scanlets, and web application visibility and control.
The traffic classification criteria can also be mixed and matched (for example, a group of users such as guests, vendors, or interns can be selected for Cisco Cloud Web Security inspection).
embryonic
embryonic connection is also known as a half open connection. It means a SYN is a received, a SYN-ACK was sent back to the source, and we are waiting for the ACK back from the source. A lot of these indicates a DOS, or misconfiguration or another type of attack
What does this command do? set connection per-client-max "" per-client-embryonic ""
where the conn-max n argument sets the maximum number of simultaneous TCP and/or UDP connections that are allowed, between 0 and 65535.
The embryonic-conn-max n argument sets the maximum number of simultaneous embryonic connections allowed, between 0 and 65535.
The per-client-embryonic-max n argument sets the maximum number of simultaneous embryonic connections allowed per client, between 0 and 65535.
The per-client-max n argument sets the maximum number of simultaneous connections allowed per client, between 0 and 65535.
Why is inspection disabled for ICMP & Traceroute by default in ASA?
On the ASA, ICMP is handled differently than TCP or UDP. By default, the ASA does not track an ICMP session, making it stateless. Being stateless, a return ICMP packet (such as an echo-reply) is not automatically allowed through the ASA, and will be dropped unless an ACL specifically allows it.
What's the differenxce between show nat & show xlate?
show nat command can be used in order to understand which NAT rules are hit by new connections
show xlate table which you can view and this is a record of all NAT translations done by the firewall/Router.
I wish to give me an example of NAT that shows translated ip in the following command: show user
- you can find many exmaples on Google - it is good to learn by practicing yourself so you understand better.
06-30-2020 04:56 AM
Most of your queries are related to Learning and most of them arleady well documented. ( also if you taking any training you should explore with your instructor for better understanding and practice it in Lab).
I have some notes for you where i have pulled from notes, which help you. (some may be old way back many many years back).
What do each of these terminologies mean? Object Network, Mpf(modular policy framework), embryonic
Object Network -
Network is used to select IP addresses and/or network addresses.
Mpf -
The Cisco ASA Modular Policy Framework (MPF) allows flexible policies to be created to serve a wide range of needs. The outbound traffic can be classified according to user name, user group, source, or destination. The destination aspect can be further classified into three broad categories:
Approved traffic: Traffic from known safe websites is approved by corporate policy.
VPN traffic: Traffic flows through a site-to-site VPN tunnel.
Traffic redirected to Cisco Cloud Web Security: Traffic is sent to Cisco Cloud Web Security for precise web policy control, including URL filtering, antivirus scanning, web content-scanning ScanSafe scanlets, and web application visibility and control.
The traffic classification criteria can also be mixed and matched (for example, a group of users such as guests, vendors, or interns can be selected for Cisco Cloud Web Security inspection).
embryonic
embryonic connection is also known as a half open connection. It means a SYN is a received, a SYN-ACK was sent back to the source, and we are waiting for the ACK back from the source. A lot of these indicates a DOS, or misconfiguration or another type of attack
What does this command do? set connection per-client-max "" per-client-embryonic ""
where the conn-max n argument sets the maximum number of simultaneous TCP and/or UDP connections that are allowed, between 0 and 65535.
The embryonic-conn-max n argument sets the maximum number of simultaneous embryonic connections allowed, between 0 and 65535.
The per-client-embryonic-max n argument sets the maximum number of simultaneous embryonic connections allowed per client, between 0 and 65535.
The per-client-max n argument sets the maximum number of simultaneous connections allowed per client, between 0 and 65535.
Why is inspection disabled for ICMP & Traceroute by default in ASA?
On the ASA, ICMP is handled differently than TCP or UDP. By default, the ASA does not track an ICMP session, making it stateless. Being stateless, a return ICMP packet (such as an echo-reply) is not automatically allowed through the ASA, and will be dropped unless an ACL specifically allows it.
What's the differenxce between show nat & show xlate?
show nat command can be used in order to understand which NAT rules are hit by new connections
show xlate table which you can view and this is a record of all NAT translations done by the firewall/Router.
I wish to give me an example of NAT that shows translated ip in the following command: show user
- you can find many exmaples on Google - it is good to learn by practicing yourself so you understand better.
07-03-2020 09:08 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide