The ASA/PIX Security Appliance comes with a standard set of protocol application inspections. Inspections are functions within the ASA/PIX to ensure that data isn't passing through the ASA/PIX, inside of a packet, that could cause damage to a server or network to which the packet is destined. NOTE Some application inspections have non-security-related features. For example, NetBIOS inspections look into the data portion of the packet at source IP addresses and make sure that those addresses are properly represented in the packet header. All security appliances need this functionality to ensure that network address translation (NAT) functions correctly. The ASA/PIX performs application inspection for the protocols listed in Table 8-1. This is a list of the most commonly used protocols; for a more in-depth list, refer to the Cisco ASA/PIX web page at http://www.cisco.com/go/pix/. Table 8-1. Inspected ProtocolsProtocol | Protocol Definition |
---|
DNS | Domain Name Services used to translate names to IP addresses | FTP | File Transfer Utility Internet standard for moving files | HTTP | Hypertext Transfer Protocol the Internet standard for browsing Internet websites | H323 H225 | A standard to support visual telephony services | H323 RAS | A standard to support telephony gatekeeper services | ILS | Provides name/address resolution for IP video conferencing | RSH | Remote Shell Protocol allows users to execute commands on a remote system without logging in to the remote system | RTSP | Real Time Streaming Protocol the Internet standard for delivering real-time video and audio streaming | ESMTP | Extended Simple Mail Transfer Protocol SMTP with enhanced extensions | SQLNET | The Internet standard for allowing the delivery of queries to SQL-compliant databases over the network | SKINNY | Skinny Client Control Protocol (SCCP) enables IP telephony communication between voice clients | XDMCP | X Display Manager Control Protocol used to communicate between devices running X Windows sessions | SIP | Session Initiation Protocol used to establish sessions for IP telephony | NETBIOS | Microsoft Windows Network Protocol used to connect devices running Windows operating systems | CTIQBE | Computer Telephony Interface Quick Buffer Encoding IP telephony encoding standard | TFTP | Trivial File Transfer Protocol used to update many device images and configurations | ICMP | Internet Control Message Protocol a standard used to communicate status and error messages between network devices using the TCP/IP protocol | SNMP | Simple Network Management Protocol a standard used to manage network devices |
You can browse these protocol application inspections at the following ASDM location: Step 1. | Navigate to Configuration > Features > Security Policy and click the Service Policy Rules option button.
| Step 2. | Choose the line that says inspection default and click Edit. The panel shown in Figure 8-1 will display.
Figure 8-1. Add Service Policy
| Step 3. | From here, you can open the panel Traffic Classification, which lists the protocol port numbers.
| Step 4. | To see the default protocols that are inspected, click the tab Rule Actions. (See Figure 8-2.)
Figure 8-2. Default Inspections
| The details of the default actions of an application inspection are Cisco proprietary. Generally speaking, however, default inspections look into a packet and ensure that a protocol command is valid. As well, they confirm that certain lengths of protocols packets haven't been exceeded. Finally, they ensure that a source address embedded in Layer 7 payload is written to the header of the packet to fix potential problems with NAT. For an in-depth discussion on ASA/PIX application inspection, go to the technical documentation link at http://www.cisco.com/go/pix. |