After the failover occurs, the same connection information is available on the new active unit.Ĭisco ASA lets us configure multiple ASA devices as a single logical device. When stateful failover is enabled, the active unit continuously passes connection state information to the backup device. If one of the ASA goes down, the other ASA device will perform the operations without any interruption. Multiple clients can be shared across multiple ASA units at the same time.ĪSA supports the high availability of pair of Cisco ASA devices. It is a Cisco proprietary feature of Cisco ASA. Transparent mode: In this mode, ASA operates at layer 2 and only a single IP address is needed to manage ASA management purpose as both the interfaces (inside and outside) acts as a bridge.ĪSA supports AAA services either using its local database or using an external server like ACS (Access Control Server).ĪSA supports policy-based VPNs like point-to-point IPsec VPN(site-to-site VPN and remote-access VPN) and SSL-based VPNs.ĪSA (new versions) supports IPv6 routing such as static, dynamic.Routed mode: In this mode, ASA acts like a layer 3 device (router hop) and needs to have two different IP addresses (means two different subnets) on its interface.This is because a stateful database is maintained (in which an entry about the source and destination device information such as IP address, port numbers are maintained) as stateful inspection is enabled by default.ĪSA can perform static routing, Default routing also dynamic routing protocols like EIGRP, OSPF, and RIP. If the traffic matches one of the rules, no other rule is matched and the matched rule is executed.īy default, ASA performs stateful tracking of the packet if the packet is generated from a higher security level to a lower security level.īy default, if the traffic is initiated by the devices in higher security levels for lower security levels device (as destination), TCP and UDP reply traffic will be allowed and will able to, say, telnet the other device in Lower security level. It consists of various permit or denies conditions. Packet filtering is a simple process of filtering the incoming or outgoing packet on the basis of rules defined on the ACL which has been applied to the device. Network Devices (Hub, Repeater, Bridge, Switch, Router, Gateways and Brouter).Difference between File Transfer Protocol (FTP) and Secure File Transfer Protocol (SFTP).TELNET and SSH on Adaptive Security Appliance (ASA).Port Address Translation (PAT) on Adaptive Security Appliance (ASA).
![cisco asa 5505 series cisco asa 5505 series](https://www.bsbroadcast.com/image/cache/cache/1-1000/933/additional/e0e4-IMG_4369-0-1-500x375.png)
![cisco asa 5505 series cisco asa 5505 series](https://www.hardwarejet.com/image/cache/cisco/asa5505-sec-bun-k8-900x900.jpg)
ISRO CS Syllabus for Scientist/Engineer Exam.ISRO CS Original Papers and Official Keys.GATE CS Original Papers and Official Keys.