Vpn Functional Overview; Security Context Overview - Cisco ASA Series Cli Configuration Manual
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 1
Introduction to the Cisco ASA
VPN Functional Overview
A VPN is a secure connection across a TCP/IP network (such as the Internet) that appears as a private
connection. This secure connection is called a tunnel. The ASA uses tunneling protocols to negotiate
security parameters, create and manage tunnels, encapsulate packets, transmit or receive them through
the tunnel, and unencapsulate them. The ASA functions as a bidirectional tunnel endpoint: it can receive
plain packets, encapsulate them, and send them to the other end of the tunnel where they are
unencapsulated and sent to their final destination. It can also receive encapsulated packets,
unencapsulate them, and send them to their final destination. The ASA invokes various standard
protocols to accomplish these functions.
The ASA performs the following functions:
•
•
•
•
•
•
•
•
The ASA invokes various standard protocols to accomplish these functions.
Security Context Overview
You can partition a single ASA into multiple virtual devices, known as security contexts. Each context
is an independent device, with its own security policy, interfaces, and administrators. Multiple contexts
are similar to having multiple standalone devices. Many features are supported in multiple context mode,
including routing tables, firewall features, IPS, and management. Some features are not supported,
including VPN and dynamic routing protocols.
If the connection is already established, the ASA does not need to re-check packets; most matching
packets can go through the "fast" path in both directions. The fast path is responsible for the
following tasks:
–
IP checksum verification
–
Session lookup
–
TCP sequence number check
–
NAT translations based on existing sessions
–
Layer 3 and Layer 4 header adjustments
Data packets for protocols that require Layer 7 inspection can also go through the fast path.
Some established session packets must continue to go through the session management path or the
control plane path. Packets that go through the session management path include HTTP packets that
require inspection or content filtering. Packets that go through the control plane path include the
control packets for protocols that require Layer 7 inspection.
Establishes tunnels
Negotiates tunnel parameters
Authenticates users
Assigns user addresses
Encrypts and decrypts data
Manages security keys
Manages data transfer across the tunnel
Manages data transfer inbound and outbound as a tunnel endpoint or router
VPN Functional Overview
Cisco ASA Series CLI Configuration Guide
1-31
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
