Thursday , 27 October 2016

An Overview of Cisco ASA Order of Operation

An Overview of Cisco ASA Order of Operation :-

In every network devices there is packet order of operations. means how particular devices is dealing with packets.In order to troubleshoot network devices problem you have to understand the How packet is flowing in the devices. In this article, i am going to show you How Cisco ASA is dealing with Packets.


1. Packet is received from the wire

2. Packet hits the ingress interface. Input counters are incremented.

3. Does this packet have an existing connection?

If yes. Move ahead to Inspection check.

If no. If packet is TCP-SYN or UDP packet, proceed to ACL check. Else drop packet.

4. Packet is processed by inbound access-list.

If it matches a statement in ACL hit count will increment with matching rule.

Else it will drop the packet.

5. NAT rules process packet. Notes regarding NAT rules:

In post 8.3 nat control is turned off on the ASA and cannot be turned on.

Pre 8.3 if nat control was on and a packet did not match an XLATE it was dropped.

A route lookup is conducted only to determine egress interface to match NAT rules

After translation takes place, the connection is created

6. Packet is processed by any inspect rules.

CSC Module: Packet is processed by CSC module if firewall has it

CX Module: Packet is processed by CX module if firewall has it

7. Packet gets the IP address translated in the header. The port is also translated if the translation is a PAT. New checksums are created for packet.

IPSM: If IPS module is installed the packet is then passed to the module.

8. Packet is virtually forwarded to egress interface. Egress interface is determined first by translation rules if known else L3 route lookup takes place.

9. L2  Address lookup. An ARP lookup is conducted at this stage.

10. Packet is transmitted and put on wire. Interface counters go up.

Hope you like my post.An Overview of Cisco ASA Order of Operation. Please share with others.

Related Post :-

An Introduction to Cisco ASA Firewall

Basic Cisco Router Configuration Commands

Basic Configuration required to access Internet through Cisco Router

An Introduction to Routers

An introduction to information security

An Introduction to Virtual Private Network ( VPN)

An Introduction to Ethernet Cabling

An Introduction to IPSec Protocol

An Introduction to Cisco ASA Security Levels Concept

Use Facebook to Comment on this Post

About Syed Balal Rumy

A 27 year Tech Geek and a blogger from India ( Bihar ) , live in New Delhi. I am MCITP , CEHv8 , CCNA , CCNA Security , CCNP Security , Security + and CCSA certified. Loves to write tech articles based on my real experiences.

Powered by