Vxlan Inspection; History For Database, Directory, And Management Protocol Inspection - Cisco ASA Series Configuration Manual

Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs Also See for ASA Series:
Table of Contents

Advertisement

VXLAN Inspection

When XDMCP is used, the display is negotiated using IP addresses, which the ASA can NAT if needed.
XDCMP inspection does not support PAT.
For information on enabling XDMCP inspection, see
page
VXLAN Inspection
Virtual Extensible Local Area Network (VXLAN) inspection works on VXLAN encapsulated traffic that
passes through the ASA. It ensures that the VXLAN header format conforms to standards, dropping any
malformed packets. VXLAN inspection is not done on traffic for which the ASA acts as a VXLAN
Tunnel End Point (VTEP) or a VXLAN gateway, as those checks are done as a normal part of
decapsulating VXLAN packets.
VXLAN packets are UDP, normally on port 4789. This port is part of the default-inspection-traffic class,
so you can simply add VXLAN inspection to the inspection_default service policy rule. Alternatively,
you can create a class for it using port or ACL matching.
History for Database, Directory, and Management Protocol
Inspection
Feature Name
DCERPC inspection support for
ISystemMapper UUID message
RemoteGetClassObject opnum3.
VXLAN packet inspection
Cisco ASA Series Firewall CLI Configuration Guide
15-22
12-9.
Releases
9.4(1)
9.4(1)
Chapter 15
Inspection of Database, Directory, and Management Protocols
Configure Application Layer Protocol Inspection,
Feature Information
The ASA started supporting non-EPM DCERPC messages
in release 8.3, supporting the ISystemMapper UUID
message RemoteCreateInstance opnum4. This change
extends support to the RemoteGetClassObject opnum3
message.
We did not modify any commands.
The ASA can inspect the VXLAN header to enforce
compliance with the standard format.
We introduced the following command: inspect vxlan.

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents