Cisco's Adaptive Security Appliance (ASA) offers a range of features to monitor and safeguard network connections, with defenses for one or more systems and control of connections between protected and unprotected networks. Cisco's ASA features include packet filtering, address translation and DNS doctoring, all of which are advantageous resources for network traffic monitoring when properly implemented.
The book Cisco ASA: All-In-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance includes the chapter "Controlling Network Access," which details Cisco's ASA features and how to implement these resources. Authors Jazib Frahim and Omar Santos provide step-by-step guidance on best practices for using Cisco ASA features for controlling network access and network address translation.
To start with, the chapter outlines Cisco ASA features for controlling network traffic monitoring. These Cisco ASA features include:
- Packet filtering. ASA protects demilitarized zones, plus the inside and outside networks, by inspecting all passing traffic and either admitting or denying packets according to rules in the access control list (ACL).
- Configuring traffic filtering. ACLs can filter out packets destined to the appliance according to policies configured through Cisco's Adaptive Security Device Manager (ASDM) or the command line interface (CLI).
- Advanced ACL features. Sophisticated packet filtering functions, such as object grouping and time-based ACLs, allow for simplified security to fit a variety of network environments.
- Content and URL filtering. ASA analyzes content information in Layer 7 protocols to enhance the functionality of firewalls, which traditionally filter data packets by examining data in Layer 3 and Layer 4 header information.
- Deployment scenarios using access control lists. Two main design scenarios for content filtering provide a better understanding of ACL deployment: using ACLs to filter inbound traffic and enabling content filtering using Websense.
- Monitoring network access control. ASA provides show commands to assess the status of the hardware and isolate network-related issues.
- Address translation. Masking a network address from untrusted networks is possible through either Network Address Translation (NAT) or Port Address Translation (PAT).
- DNS doctoring. To avoid dropped packets, ASA inspects the data payload of the DNS replies and changes the IP address sent by the DNS server to an address specified in the NAT configuration.
- Monitoring address translations. A variety of show commands are available in ASA to monitor and troubleshoot address translation issues. The most important of these commands, show xlate, displays a host's local address and global IP address.
Read the rest of this chapter for more details on using Cisco ASA's features tools for network traffic monitoring.