Cisco ASA features the ability to perform application or protocol inspection on specific Layer 4Layer 7 protocols. Many network attacks attempt to exploit a vulnerability in the handling of a network protocol. The ability for the ASA to inspect the contents of network packets for certain protocols can enable the ASA to identify a potential attack and be self-defending. Protocol inspection can also verify dynamic port assignments and rewrite embedded network addresses within the protocol data packets. The protocols that are supported for protocol inspection in ASA include the following:
Computer Telephone Interface Quick Buffer Encoding (CTIQBE) CTIQBE is used by Cisco IP SoftPhone and Cisco CallManager.
Domain Name System (DNS) DNS translates a name to an IP address.
Enhanced Simple Mail Transport protocol (ESMTP) ESMTP adds Extended Hello to SMTP.
File Transfer Protocol (FTP) Use FTP to transfer files across a network using PUT and GET.
GPRS Tunneling Protocol (GTP) GPRS is a 3G data service for GSM mobile phones. A separate license is required to enable GTP protocol inspection on ASA.
H.323 and H.225 H.323 are endpoints that participate in a Voice over IP (VoIP) call, and H.225 is the ITU call control signaling protocol.
H.323 Registration, Admission, and Status (RAS) This is the H.323 gatekeeper discovery and registration protocol.
Hypertext Transfer Protocol (HTTP) This protocol enables web browsing.
Internet Control Message Protocol (ICMP) ICMP ping is used to determine if there is connectivity to an IP address across the network.
ICMP Error Ping error codes.
Internet Locator Service (ILS) ILS is used in Microsoft NetMeeting.
Media Gateway Control Protocol (MGCP) MGCP controls media gateways from controllers and call agent.
Network Basic Input/Output System (NetBIOS) NetBIOS is used for Windows print sharing.
Point-to-Point Tunneling Protocol (PPTP) PPTP was the first VPN protocol supported by Microsoft dial-up networking.
Remote Shell (RSH) RSH is the UNIX utility to remotely execute commands.
Real Time Streaming Protocol (RTSP) RTSP is the IETF protocol for streaming media such as video on a network.
Session Initialization Protocol (SIP) SIP is the IETF protocol for voice over IP (VoIP).
Skinny Call Control Protocol (SCCP) SCCP is the voice communication protocol between Cisco CallManager and VoIP phones.
Simple Network Management Protocol (SNMP) SNMP is used for network monitoring and management by reading and writing to Message Information Blocks (MIBs).
SQLNET This is the SQL*NET protocol for Oracle database.
Sun Remote Procedure Call (SunRPC) This is the Sun client/server protocol for distributed computing. Network File System (NFS) also uses this protocol.
Trivial File Transfer Protocol (TFTP) TFTP is the protocol to transfer a file accross a network or boot a network device.
X Display Manager Control Protocol (XDMCP) This is the protocol for communication between a display manager and X server.
