I have to audit about 40 Cisco ASA (8.4) with ACL service ports as IP or TCP, we want specific ports between source and destinations, please advise the best practice/tool to identify specific port & to avoid any outages.
Also many ACL are defined in both directions, but my understanding is that as ASA is stateful firewall, so for TCP/UDP we don't need to define bidirectional traffic. Bidirectional traffic is only required for encrypted traffic e.g IPSEC/GRE, please correct if I'am wrong. If i'am correct then please advise if I delete bidirectional traffic for TCP/UDP then it will not break the connections.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...