Cisco Asdm 7 User Guide

CH A P T E R
 
9-1
Cisco ASA Series Firewall ASDM Configuration Guide
 
9
Configuring Public Servers
This section describes how to configure public servers, and includes the following topics:
Information About Public Servers, page 9-1
Licensing Requirements for Public Servers, page 9-1
Guidelines and Limitations, page 9-1
Adding a Public Server that Enables Static NAT, page 9-2
Adding a Public Server that Enables Static NAT with PAT, page 9-2
Editing Settings for a Public Server, page 9-3
Feature History...

 
9-2
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 9      Configuring Public Servers
  Adding a Public Server that Enables Static NAT
Firewall Mode Guidelines
Supported in routed and transparent firewall mode.
Adding a Public Server that Enables Static NAT
To add a public server that enables static NAT and creates a fixed translation of a real address to a 
mapped address, perform the following steps:
Step 1In the Configuration > Firewall > Public Servers pane, click Add to add a new...

 
9-3
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 9      Configuring Public Servers
  Editing Settings for a Public Server
Step 4In the Private Service field, click Browse to display the Browse Service dialog box
Step 5Choose the actual service that is exposed to the outside, and click OK.
Optionally, from the Browse Service dialog box, click Add to create a new service or service group. 
Multiple services from various ports can be opened to the outside. For more information about...

 
9-4
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 9      Configuring Public Servers
  Feature History for Public Servers
Feature History for Public Servers
Ta b l e 9 - 1 lists each feature change and the platform release in which it was implemented. ASDM is 
backwards-compatible with multiple platform releases, so the specific ASDM release in which support 
was added is not listed.
Table 9-1 Feature History for Public Servers
Feature NamePlatform 
Releases Feature Information
Public...

 
PART 4
Configuring Application Inspection 

CH A P T E R
 
10-1
Cisco ASA Series Firewall ASDM Configuration Guide
 
10
Getting Started with Application Layer Protocol 
Inspection
This chapter describes how to configure application layer protocol inspection. Inspection engines are 
required for services that embed IP addressing information in the user data packet or that open secondary 
channels on dynamically assigned ports. These protocols require the ASA to do a deep packet inspection 
instead of passing the packet through the fast path (see...

 
10-2
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 10      Getting Started with Application Layer Protocol Inspection
  Information about Application Layer Protocol Inspection
Figure 10-1 How Inspection Engines Work
In Figure 10-1, operations are numbered in the order they occur, and are described as follows:
1.A TCP SYN packet arrives at the ASA to establish a new connection.
2.The ASA checks the ACL database to determine if the connection is permitted.
3.The ASA creates a new entry in...

 
10-3
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 10      Getting Started with Application Layer Protocol Inspection
  Guidelines and Limitations
When you enable application inspection for a service that embeds IP addresses, the ASA translates 
embedded addresses and updates any checksum or other fields that are affected by the translation.
When you enable application inspection for a service that uses dynamically assigned ports, the ASA 
monitors sessions to identify the dynamic port...

 
10-4
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 10      Getting Started with Application Layer Protocol Inspection
  Default Settings and NAT Limitations
Inspected protocols are subject to advanced TCP-state tracking, and the TCP state of these connections 
is not automatically replicated.  While these connections are replicated to the standby unit, there is a 
best-effort attempt to re-establish a TCP state.
Default Settings and NAT Limitations
By default, the configuration includes...