Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How ASA holds and inspect the UDP packets?

Hi..

Please any one, Explain that how ASA Stateful Packet inspections works on UDP packets/Sessions?           

Everyone's tags (5)
2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: How ASA holds and inspect the UDP packets?

Hello Pradeepa,

I would say there is a deep packet inspection for some UDP protocols such as SIP or TFTP,etc. What the ASA is going to do is to check each packet and as soon as he determines based on the payload of the packet that it needs to be inspected he will perform a " stateful inspection" for that particular protocol so the incoming packets are accepted and secondary channels get open if need it.

As you know UDP is an stateless protocol but for security purposes the ASA needs to follow up that UDP connection and he will do that based on it's Xlate, Conn table and local-host table.

Regards,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com

Re: How ASA holds and inspect the UDP packets?

Hi Pradeep,

ASA does it thru three database which it has.

1) ACL

2) Xlate Tables / Conn Table

3) Inspect (Policies) for Application level

When the ASA receives any packet it doesn't matter TCP/UDP packet. It checks for the ACL and then it creates the connection in Xlate/Conn table. Then it checks for the inspection for the application level inspects.

then it forwards to the destination system and gets back the response to the host back.

Please do rate for the helpful posts.

By

Karthik

5 REPLIES
VIP Purple

Re: How ASA holds and inspect the UDP packets?

For UDP there is no state like for TCP. If the session is allowed by the ASA, then the return-traffic is allowed for this addrss/port-pair. If the sission is not in use any more it times out and gets deleted from the state-table.

For DNS there is an excemption, that wit DNS-guard enabled, the ASA knows that after one DNS-query, only one answer is expected and the session gets removed from the state-table emediately.

Sent from Cisco Technical Support iPad App


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni

Re: How ASA holds and inspect the UDP packets?

Hello Pradeepa,

I would say there is a deep packet inspection for some UDP protocols such as SIP or TFTP,etc. What the ASA is going to do is to check each packet and as soon as he determines based on the payload of the packet that it needs to be inspected he will perform a " stateful inspection" for that particular protocol so the incoming packets are accepted and secondary channels get open if need it.

As you know UDP is an stateless protocol but for security purposes the ASA needs to follow up that UDP connection and he will do that based on it's Xlate, Conn table and local-host table.

Regards,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Re: How ASA holds and inspect the UDP packets?

Thank you.. Jcarvaja..

Re: How ASA holds and inspect the UDP packets?

Hi Pradeep,

ASA does it thru three database which it has.

1) ACL

2) Xlate Tables / Conn Table

3) Inspect (Policies) for Application level

When the ASA receives any packet it doesn't matter TCP/UDP packet. It checks for the ACL and then it creates the connection in Xlate/Conn table. Then it checks for the inspection for the application level inspects.

then it forwards to the destination system and gets back the response to the host back.

Please do rate for the helpful posts.

By

Karthik

New Member

Re: How ASA holds and inspect the UDP packets?

Thank you Karthik...

4750
Views
0
Helpful
5
Replies
CreatePlease login to create content