EasyManuals Logo

Cisco ASA 5555-X Configuration Guide

Cisco ASA 5555-X
428 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #6 background imageLoading...
Page #6 background image
1-2
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 1
Basic Access Control
Step 5 Implement Network Address Translation (NAT). See Network Address Translation, page 1-4.
Step 6 Implement application inspection if the default settings are insufficient for your network. See
Application Inspection, page 1-5.
Basic Access Control
Access rules, applied per interface or globally, are your first line of defense. You can drop, upon entry,
specific types of traffic, or traffic from (or to) specific hosts or networks. By default, the ASA allows
traffic to flow freely from an inside network (higher security level) to an outside network (lower security
level).
You can apply an access rule to limit traffic from inside to outside, or allow traffic from outside to inside.
Basic access rules control traffic using a “5-tuple” of source address and port, destination address and
port, and protocol.
You can augment your rules by making them identity aware. This lets you configure rules based on user
identity or group membership. To implement identity control, do any combination of the following:
Install Cisco Context Directory Agent (CDA), also known as AD agent, on a separate server to
collect user and group information already defined in your Active Directory (AD) server. Then,
configure the ASA to get this information, and add user or group criteria to your access rules.
Install Cisco Identity Services Engine (ISE) on a separate server to implement Cisco Trustsec. You
can then add security group criteria to your access rules.
Install the ASA FirePOWER module on the ASA and implement identity policies in the module. The
identity-aware access policies in ASA FirePOWER would apply to any traffic that you redirect to
the module.
Related Topics
Access Control Lists, page 3-1
Access Rules, page 4-1
Identity Firewall, page 5-1
ASA and Cisco TrustSec, page 6-1
ASA FirePOWER Module, page 7-1
Application Filtering
The wide-spread use of web-based applications means that a lot of traffic runs over the HTTP or HTTPS
protocols. With traditional 5-tuple access rules, you either allow or disallow all HTTP/HTTPS traffic.
You might require more granular control of web traffic.
You can install a module on the ASA to provide application filtering to selectively allow HTTP or other
traffic based on the application being used. Thus, you do not have to make a blanket permit for HTTP.
You can look inside the traffic and prevent applications that are unacceptable for your network (for
example, inappropriate file sharing). When you add a module for application filtering, do not configure
HTTP inspection on the ASA.

Table of Contents

Other manuals for Cisco ASA 5555-X

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA 5555-X and is the answer not in the manual?

Cisco ASA 5555-X Specifications

General IconGeneral
Firewall Throughput4 Gbps
Maximum Concurrent Sessions1, 000, 000
Security Contexts50
VPN Throughput1.2 Gbps
RAM8 GB
Storage120 GB SSD
Power SupplyDual, Hot-swappable
Form Factor1RU
Interfaces8 x 1 Gigabit Ethernet

Related product manuals