I'm really new to firewalls, I have configured one using CCP and the basic firewall wizard with medium security. I just have my laptop plugged into the LAN port and I noticed a couple weird logs that I want to ask about when surfing the web, and retrieving outlook emails.
Hi Chris, Mike here. I see the problem there. We have a section ask the expert where Julio Carvajal is answering Firewalling questions in IOS devices.
Going back to the question, I see where the problem is. Many Websites on the internet are not HTTP compliant, what you are doing with the configuration you did with CCP is creating this AGGRESSIVE inspection in layer 7 inspection for web traffic, meaning, the traffic on HTTP may slow down or have Random connectivity issues. This is mainly because of the service policy configured inside of the HTTP inspection.
As I can see is not only HTTP but it is extending to other protocols as well, my best advice for you is, if you are sure where attack may come from, apply a deep packet inspection to it. I dont particularly like wizzards so if you wanna get deep to a protocol it would be better if you know what you want to match.
Leave the protocols without layer 7 inspection, they will still look at the form of the packet and make sure it is RFC compliant, custom commands (POP and SMTP) custom Methods (HTTP) may get dropped as you can see.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...