Cisco's Adaptive Security Appliance (ASA) offers a range of features to monitor and safeguard
network connections, with defenses for one or more systems and control of connections between
protected and unprotected networks. Cisco's ASA features include packet filtering, address
translation and DNS doctoring, all of which are advantageous resources
for network traffic monitoring when properly implemented.
The book Cisco
ASA: All-In-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance includes the
chapter "Controlling
Network Access," which details Cisco's ASA features and how to implement these resources.
Authors Jazib Frahim and Omar Santos provide step-by-step guidance on best practices for using
Cisco ASA features for controlling network access and network address translation.
To start with, the chapter outlines Cisco ASA features for controlling network traffic
monitoring. These Cisco ASA features include:
- Packet filtering. ASA protects demilitarized zones, plus the inside and outside
networks, by inspecting all passing traffic and either admitting or denying packets according to
rules in the access control
list (ACL).
- Configuring traffic filtering. ACLs can filter out packets destined to the appliance
according to policies configured through Cisco's Adaptive Security Device
Manager (ASDM) or the command line
interface (CLI).
- Advanced ACL features. Sophisticated packet filtering functions, such as object grouping
and time-based ACLs, allow for simplified security to fit a variety of network environments.
- Content and URL filtering. ASA analyzes content information in Layer 7 protocols to
enhance the functionality of firewalls, which traditionally filter data packets by examining data
in Layer 3 and Layer 4 header information.
- Deployment scenarios using access control lists. Two main design scenarios for content
filtering provide a better understanding of ACL deployment: using ACLs to filter inbound traffic
and enabling content filtering using Websense.
- Monitoring network access control. ASA provides show commands to assess the status of
the hardware and isolate network-related issues.
- Address translation. Masking a network address from untrusted networks is possible
through either Network
Address Translation (NAT) or Port Address
Translation (PAT).
- DNS doctoring. To avoid dropped packets, ASA inspects the data payload of the DNS
replies and changes the IP address sent by the DNS server to an address specified in the NAT
configuration.
- Monitoring address translations. A variety of show commands are available in ASA to
monitor and troubleshoot address translation issues. The most important of these commands, show xlate, displays a host's local address and global
IP address.
Read the rest of this chapter for more details on using Cisco ASA's
features tools for network traffic monitoring.
20 Feb 2013