====================
Packet Flow Sequence
====================
PIX/ASA - Inside (Higher Sec_Lev) to Outside (Lower SEC_Level)
Eg. Type - [Sub-Type] - Description
1. FLOW-LOOKUP - [] - Check for existing connections, if none found create a
new connection.
2. ROUTE-LOOKUP - [input] - Initial Checking (Reverse Path Check, etc.)
3. ACCESS-LIST - [log] - ACL Lookup
4. CONN-SETTINGS - [] - class-map, policy-map, service-policy
5. IP-OPTIONS - [] -
6. NAT - [] - xlate
7. NAT - [host-limits] -
8. IP-OPTIONS - [] -
9. FLOW-CREATION - [] - If everything passes up until this point a connection
is created.
10. ROUTE-LOOKUP - [output and adjacency] -
Much thanks to Joshua Walton for forwarding this info over to me - handy reference:
====================
Packet Flow Sequence
====================
PIX/ASA - Inside (Higher Sec_Lev) to Outside (Lower SEC_Level)
Eg. Type - [Sub-Type] - Description
1. FLOW-LOOKUP - [] - Check for existing connections, if none found create a
new connection.
2. ROUTE-LOOKUP - [input] - Initial Checking (Reverse Path Check, etc.)
3. ACCESS-LIST - [log] - ACL Lookup
4. CONN-SETTINGS - [] - class-map, policy-map, service-policy
5. IP-OPTIONS - [] -
6. NAT - [] - xlate
7. NAT - [host-limits] -
8. IP-OPTIONS - [] -
9. FLOW-CREATION - [] - If everything passes up until this point a connection
is created.
10. ROUTE-LOOKUP - [output and adjacency] -
PIX/ASA - VPN - Inside (Higher Sec_Lev) to Outside (Lower SEC_Level)
Eg. Type - [Sub-Type] - Description
1. FLOW-LOOKUP - [] - Check for existing connections, if none found
create a
new connection.
2. ROUTE-LOOKUP - [input] - Initial Checking (Reverse Path Check, etc.)
3. ACCESS-LIST - [log] - ACL Lookup
4. CONN-SETTINGS - [] - class-map, policy-map, service-policy
5. IP-OPTIONS - [] -
6. NAT - [] - xlate
7. NAT - [host-limits] -
8. VPN - [encrypt] -
9. VPN - [ipsec-tunnel-flow] -
10. IP-OPTIONS - [] -
11. FLOW-CREATION - [] - If everything passes up until this point a
connection
is created.
12. FLOW-LOOKUP - [] - On the new header
13. ACCESS-LIST - [] - On the new header
14. FLOW-CREATION - [] -
15. ROUTE-LOOKUP - [output and adjacency]
ASA/PIX - Outside (Lower SEC_Level) to Inside (Higher Sec_Lev)
1. FLOW-LOOKUP - [] - Check for existing connections, if none found
create a
new connection.
2. UN-NAT - [static] -
2. ROUTE-LOOKUP - [input] - Initial Checking (Reverse Path Check, etc.)
3. ACCESS-LIST - [log] - ACL Lookup
4. CONN-SETTINGS - [] - class-map, policy-map, service-policy
5. IP-OPTIONS - [] -
6. NAT - [rpf-check] -
7. NAT - [host-limits] -
8. IP-OPTIONS - [] -
9. FLOW-CREATION - [] - If everything passes up until this point a
connection
is created.
10. ROUTE-LOOKUP - [output and adjacency] -
Packet Flow Sequence
====================
PIX/ASA - Inside (Higher Sec_Lev) to Outside (Lower SEC_Level)
Eg. Type - [Sub-Type] - Description
1. FLOW-LOOKUP - [] - Check for existing connections, if none found create a
new connection.
2. ROUTE-LOOKUP - [input] - Initial Checking (Reverse Path Check, etc.)
3. ACCESS-LIST - [log] - ACL Lookup
4. CONN-SETTINGS - [] - class-map, policy-map, service-policy
5. IP-OPTIONS - [] -
6. NAT - [] - xlate
7. NAT - [host-limits] -
8. IP-OPTIONS - [] -
9. FLOW-CREATION - [] - If everything passes up until this point a connection
is created.
10. ROUTE-LOOKUP - [output and adjacency] -
Much thanks to Joshua Walton for forwarding this info over to me - handy reference:
====================
Packet Flow Sequence
====================
PIX/ASA - Inside (Higher Sec_Lev) to Outside (Lower SEC_Level)
Eg. Type - [Sub-Type] - Description
1. FLOW-LOOKUP - [] - Check for existing connections, if none found create a
new connection.
2. ROUTE-LOOKUP - [input] - Initial Checking (Reverse Path Check, etc.)
3. ACCESS-LIST - [log] - ACL Lookup
4. CONN-SETTINGS - [] - class-map, policy-map, service-policy
5. IP-OPTIONS - [] -
6. NAT - [] - xlate
7. NAT - [host-limits] -
8. IP-OPTIONS - [] -
9. FLOW-CREATION - [] - If everything passes up until this point a connection
is created.
10. ROUTE-LOOKUP - [output and adjacency] -
PIX/ASA - VPN - Inside (Higher Sec_Lev) to Outside (Lower SEC_Level)
Eg. Type - [Sub-Type] - Description
1. FLOW-LOOKUP - [] - Check for existing connections, if none found
create a
new connection.
2. ROUTE-LOOKUP - [input] - Initial Checking (Reverse Path Check, etc.)
3. ACCESS-LIST - [log] - ACL Lookup
4. CONN-SETTINGS - [] - class-map, policy-map, service-policy
5. IP-OPTIONS - [] -
6. NAT - [] - xlate
7. NAT - [host-limits] -
8. VPN - [encrypt] -
9. VPN - [ipsec-tunnel-flow] -
10. IP-OPTIONS - [] -
11. FLOW-CREATION - [] - If everything passes up until this point a
connection
is created.
12. FLOW-LOOKUP - [] - On the new header
13. ACCESS-LIST - [] - On the new header
14. FLOW-CREATION - [] -
15. ROUTE-LOOKUP - [output and adjacency]
ASA/PIX - Outside (Lower SEC_Level) to Inside (Higher Sec_Lev)
1. FLOW-LOOKUP - [] - Check for existing connections, if none found
create a
new connection.
2. UN-NAT - [static] -
2. ROUTE-LOOKUP - [input] - Initial Checking (Reverse Path Check, etc.)
3. ACCESS-LIST - [log] - ACL Lookup
4. CONN-SETTINGS - [] - class-map, policy-map, service-policy
5. IP-OPTIONS - [] -
6. NAT - [rpf-check] -
7. NAT - [host-limits] -
8. IP-OPTIONS - [] -
9. FLOW-CREATION - [] - If everything passes up until this point a
connection
is created.
10. ROUTE-LOOKUP - [output and adjacency] -
No comments:
Post a Comment