Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Multiple service policies on ASA

I created a service policy that uses REGEX expressions to limit access to certain websites on my ASA firewall.

 

I then applied this policy to the interface

 

However, the global policy still exists on the firewall (the default), which, by design affects all interfaces.

 

How will these two policies interact? Do they merge when traffic comes in on the interface?

1 REPLY

Hi Colins, When a packet

Hi Colins,

 

When a packet arrives the asa it checks the acl assigned to the interface where the traffic hits..... then it goes and check the xlate table.... then it checks the service policy defined in your firewall...... obviously it will check both the global and locally defined service policies on the interface..... in general global policies will have the inspect statement to enable fast path for certain protocols which doesn't have reverse path or stateful way.... so those are required to be inspected to enable fast path..... so both the service policies will be handled seperately but on the same process sequence..... before it goes out....

 

Regards

Karthik

29
Views
0
Helpful
1
Replies