I have a couple of questions regarding the service policy of CISCO ASA
1) when inspect http is disabled in default policy we cant RDP to the desktops connected to the ASA , also when inspect icmp is disabled i cant ping through the ASA but when its enabled icmp works. How does this happen >? how does these inspections work ?
2) if i have a ASA with IPS modules , then if i create a service policy where IPS is enabled and then a global policy then can these two coexist ? or traffic will always consider the global policy ?
1) The HTTP inspection is unrelated to the RDP issue. If you are running 8.4.7, I tend to believe you are hitting a bug. It works when you disable the ICMP, not the HTTP.
ICMP is not what we call stateful, you can really measure that all messages will have a reply. In order to allow it, without the inspection, you will need to put an ACL. That is by default.
2) No, if you create a new one, it will overwrite the existing one. What you can do is to add the IPS in the already created MPF or create a new service policy and put it on the interface you would like protection from.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...