Sunday, 12 April 2015

Cisco ASA Fundamentals

Class Maps: Identifies the traffic for example by: protocols, access-lists etc. For example:

access-list ICMP_ACCESSLIST extended permit icmp any any
class-map ICMP_TRAFFIC
match access-list ICMP_ACCESSLIST

Policy Maps: Tell you what to do with the traffic e.g. PASS, DROP, INSPECT, LOG. For example:

policy-map ALLOW_ICMP
description xAllow ICMP Trafficx
police input 100000

Service Policy: Applied to a zone pair to do actions like control traffic flow between different zone pairs:

service-policy ALLOW_ICMP interface inside

So we have identified the traffic firstly, applied a rate limit on the traffic and then applied this policy to an interface / zone.

Zone Pairs: Traffic flow is between two zones, an explicit rule must be in place to allow traffic between the different zones. They are uni-

directional. For example: Inside Zone to Outside Zone.

Interface Security Levels: From 0 to 100 - indcates how trusted traffic from that interface is:

- 100 Indicates flow can go to all other interfaces freely.
- 0 Indicates that all traffic origniating from the interface is untrusted.

Interfaces with a higher security-level than others can freely access them - although by default interfaces with the same security-level are

unable to access each other.


Post a Comment