Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
610
Views
0
Helpful
1
Replies

Cisco 5520 Rule configurations...

Go to solution
alatzas
Level 1
Level 1

‎01-10-2007 10:02 AM - edited ‎03-11-2019 02:17 AM

I am new the the ASA5520 coming from a checkpoint world. I am setting up my acl's (i am used to them being called rules) and noticed that my options are permit and deny. In the Checkpoint world I was able to also tag the line with drop. This was due to the fact that (atleast with checkpoint) even if you said deny it would send a response packet back to the source. Will this happen with the ASA with only a deny or does this firewall handle the deny packets differently?

Thanks in advance

Pete

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mmorris11
Level 4
Level 4

‎01-10-2007 11:21 AM

The cisco acl which denys is sending the packet to the bit bucket. I can only imagine that the "deny" feature that you are referring to with the CHeckpoint product would amount to a TCP reset and as such would only be applicable when dealing with TCP traffic. This level of fuctionality is delivered at IPS/IDS level on Cisco solutions. CBAC in IOS has an architecture more similar I suppose:

http://www.cisco.com/en/US/products/ps6586/products_qanda_item09186a008009464d.shtml#qa3

but is still not as monolithic as what you have described with the "rule" concept in Checkpoint.

HTH

mike

View solution in original post

0 Helpful
1 Reply 1

Go to solution
mmorris11
Level 4
Level 4

‎01-10-2007 11:21 AM

The cisco acl which denys is sending the packet to the bit bucket. I can only imagine that the "deny" feature that you are referring to with the CHeckpoint product would amount to a TCP reset and as such would only be applicable when dealing with TCP traffic. This level of fuctionality is delivered at IPS/IDS level on Cisco solutions. CBAC in IOS has an architecture more similar I suppose:

http://www.cisco.com/en/US/products/ps6586/products_qanda_item09186a008009464d.shtml#qa3

but is still not as monolithic as what you have described with the "rule" concept in Checkpoint.

HTH

mike

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card