Cisco ASA 5506-X Configuration Manual page 176
Cli
Hide thumbs
Also See for ASA 5506-X:
- Installation manual (46 pages) ,
- Hardware installation manual (26 pages) ,
- Quick start manual (14 pages)
Advertisement
IPsec Pass Through Inspection
Monitoring IP Options Inspection
You can use these techniques to monitor the results of IP options inspection:
•
•
IPsec Pass Through Inspection
The following sections describe the IPsec Pass Through inspection engine.
•
•
IPsec Pass Through Inspection Overview
Internet Protocol Security (IPsec) is a protocol suite for securing IP communications by authenticating
and encrypting each IP packet of a data stream. IPsec also includes protocols for establishing mutual
authentication between agents at the beginning of the session and negotiation of cryptographic keys to
be used during the session. IPsec can be used to protect data flows between a pair of hosts (for example,
computer users or servers), between a pair of security gateways (such as routers or firewalls), or between
a security gateway and a host.
IPsec Pass Through application inspection provides convenient traversal of ESP (IP protocol 50) and AH
(IP protocol 51) traffic associated with an IKE UDP port 500 connection. It avoids lengthy ACL
configuration to permit ESP and AH traffic and also provides security using timeout and max
connections.
Configure a policy map for IPsec Pass Through to specify the restrictions for ESP or AH traffic. You can
set the per client max connections and the idle timeout.
NAT and non-NAT traffic is permitted. However, PAT is not supported.
Configure IPsec Pass Through Inspection
IPsec Pass Through inspection is not enabled by default. You must configure it if you want IPsec Pass
Through inspection.
Procedure
Step 1
Configure an IPsec Pass Through Inspection Policy Map, page
Step 2
Configure the IPsec Pass Through Inspection Service Policy, page
Cisco ASA Series Firewall CLI Configuration Guide
7-30
Each time a packet is dropped due to inspection, syslog 106012 is issued. The message shows which
option caused the drop.
Use the show service-policy inspect ip-options command to view statistics for each option.
IPsec Pass Through Inspection Overview, page 7-30
Configure IPsec Pass Through Inspection, page 7-30
Chapter 7
Inspection of Basic Internet Protocols
7-31.
7-32.
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
