ASA 8.2 packet flow

asa-8-2-packet-flow
  1. Packet will be received on ingress interface and will be kept in the internal buffer  and interface counter will be incremented.
  2. Now ASA will check if the packet belongs to some existing session or it is a new session
    • If packet doesn’t belong to any existing session then packet will be checked for TCP state check (if packet is a SYN packet or not) if state check fails then packet will be dropped and event is logged otherwise connection counter will be incremented and packet will be forwarded for ACL check.
    • If packet belong to existing session then ACL and xlate check will be bypassed.
  3. Packet will be checked against ingress interface ACL and once ACL allow the traffic the ACL counter will be incremented and packet is moved forward. If ACL doesn’t allow then packet will be dropped and event is logged
  4. NAT rule will be checked:
    • If matching NAT rule is found then connection entry will be created and packet moves forward.
    • If matching NAT rule is not found then packet will be dropped and event is logged.
  5. Packet is subjected to inspection check. ASA verify whether this packet comply with protocol. If packet comply the packet moves forward else dropped and event is logged.
  6. The IP header information is changed as per NAT rule.
  7. Egress interface is selected and packet is forwarded to it. The egress interface is selected as per NAT rule or as per global route lookup.
  8. Layer 3 route lookup will happen on egress interface.
  9. Layer 2 lookup will happen.
  10. Packet is transmitted out of egress interface and interface counter will be incremented.
Advertisements
Image | This entry was posted in ASA and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s