From the user's perspective this is mostly true. But if you start using Span you might notice some weird things.
When a connection is initially made between 2 machines that must be routed through the MSFC, the first few packets of the connection do go through either port 15/1 or 16/1.
But, once the connection has been established then MLS (multi-layer switching) kicks in and starts doing fast switching in hardware for that connection. The Supervisor recognizes that the MSFC is permitting and routing that conection so instead of sending additional packets for that connection to the MSFC it sends it to the PFC (policy feature card) which switches/routes these already permitted connections in hardware. This allows the switch to route packets at the speed of the backplane (in the case of the new fabric, the DFCs - Distributed Forwarding Cards - aid the PFC in doing this hardware switching/routing.)
So if you Span 15/1 (or 16/1) you may only see the initial packets for the connections. The other packets are going through the PFC (or DFCs) which do not have spannable "ports".
So instead of Spanning the MSFC port 15/1 (or 16/1) you need to span either the port where the packets enter the switch or the port where they leave the switch.
the MSFC permits the connection and routes the packet. As the Supervisor reconizes this procedure is active, give the permission to MLS to do fast switching in hardware for that connection... so i don't understant the different actions that MLS and PFC has to do?.. it seems as they do the same thing...
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...