Please enable JavaScript.
Coggle requires JavaScript to display documents.
SCOR-350-701 ASA - Coggle Diagram
SCOR-350-701 ASA
NAT
Inside Local Address
Inside Global Address
Outside local Address
Outside Global Address
Static NAT
Dynamic NAT
Dyamic PAT
Distinguished by Source Port
Potentially 65536 hosts
Source Port 16 Bits
Static PAT
NAT Table
Manural NAt (First Section)
Auto NAT (second section)
Statuc Rules First
Dynamic Rules Second
Manual NAT after auto NAT (third section)
Create Network Objects
High Availability
Interface Security Levels
Device Fail Over Modes
Interface Fail OVer
Ether Channel
Max 48 with 16 interfaces per group
Redundant Interface
LAN vs Stateful Fail over Interface
Cluster Groups
Connection info shared to only 1
Roles
One Director
One Backup Director
One Control Unit
Forwarder
Roles Chosen per connection
CLuster Priority1-100
Interfaces
Spanned EtherChannel L2
Individual L3
Stateless and Stateful
ACL
Uses Standard Subnets
Global ACLS
Apply to only incoming traffic
outboudn filtering requires interface ACL
Modular Policy Framework
Class Map
WhichTraffic?
Policy Map
Where to Apply?
Service Policy
What Policy?
Actions
L5 -7
Drop / Reset / Log
DCD
Useful commands
show conn address 209.165.202.3 detail
show xlate
show nat
Modes
Routed
Default Mode
L3 Device
Routing Protocols
RIP
OSPF
EIGRP
BGP
Data movement
Internal Host network request
ASA receives packet
ASA checks for active session
Forwards is active session
If new, checks Route table
Finds egress interface
Is packet allowed out that interface?
Higher to lower Sec level allowed by default
NAT if configured
Next hop IP?
Send out interface
Web server responds
ASA receives
Asa checks active sessions
ASA forwards, as it is an active session
Check routing table
Asa forwards packet
Transparent
L2 Device
Behaves like switch
Secure Transparent Bridging
Uses MAC addresses
No Network Re-addressing required
Configuration
Change mode from routed to transaparent
Create a bridge group
BVI per Bridge Group
Configure IP Address
Similar to VLAN
Logical group of interfaces
some shared functions
Syslog Server
AAA server
Features not supported
DHCp Relay
DDNS
Dynamic Routing Protocols
Mluticast Ip Routing
QoS
VPn Termination
DHCp v6
Cisco UC
Assign all interfaces to Bridge Group
Management Interface
Some features not available
DHCP Relay
DDNS
IGP/EGP
Multicast IP Routing
QoS
VPN Termination
only for mgt traffic
Cisco Unified Communications
DHCP v6
Data Movement
Internal Host requests web page
ASA receives packet
Source MAC address added to table
Checks security policy
Is packet allowed?
azs
Bridge
Objects and Object GRoups
Network Objects
Network Object Groups
Service Object Groups
Access Rules
NAT Rules
Service Objects
Security Contexts
Convert to multiple context mode
not supported in 5506-X
Different context config files