CISCO FIREWALL CONNECTION TABLE AND INSPECTION TABLE AND NAT IMPLEMENTATION

Connection Table of Cisco ASA firewall:

Inspect : CBAC,ZBF

When traffic is going out ASA write down the table in the connection table and the traffic comes back
ASA matches the traffic.

The scope of the connection table:

When the traffic is going from one interface to another ASA note down the information in the
connection table.

Connection: Its a part of the connection table then local host table and xlate table

The connection can be of two types:

Unidirectional: traffic will go from source to destination

Bidirectional: traffic will go from source to destination and destination to source.

“Show connection detail” command: it shows the flag information.

Scope of Inspect:  By default, ICMP is not inspected by the ASA, if the ICMP traffic from
inside to outside it will go b’coz form higher security level to lower, but when the return traffic
will come back then ASA checked “is this traffic is inspected” if ICMP is inspected so ASA will
allow the traffic after checking in connection table and inspection table but ASA has not inspected
the ICMP traffic, it will drop the traffic.

To check which protocol are inspected.

We need run the command: “show run policy-map”

If we want to inspect the ICMP globally we need to run the command:

(Config)#Fixup protocol ICMP

PACKET FLOW OF ASA:

On ASA ver pre and post 8.3

8.0 version: It wil check the ACL and then NAT

8.3 and above: It will check first NAT(or it will UN-NAT first) and then check ACL.

NAT (NETWORK ADDRESS TRANSLATION):

STATIC POLICY NAT:

The policy stands for the if and then statement

To understand NAT:

Static NAT is bidirectional

Phase 6

Type:

Subtype: RPF - check

RPF(Reverse path forwarding or failure) check:

ARP PROTOCOL:(Address resolution protocol).


Need of Arp protocol:
In the network communication cannot possible without knowing the mac addresses of source and destination.
whenever a host want to communicate with another host , but they don't know their mac addresses so without knowing mac address communication cannot be possible between directly connected devices.

Main Points:

-Arp is a protocol which is used to resolve the mac address in the network.
-Arp protocol work between layer 2 and layer 3, means Arp  is 2.5 layer protocol.
-

INTERVIEW TOPICS

WHAT IS ROUTING ?

Ans: Routing is the process through which data packet is sent from source to destination with the selected shorted path.

WHAT IS SWITCHING?
Ans: Switching is the process through which frame switch from one interface to another .

Main topic for the CCNA interview are:
1.ICMP PROTOCOL
2.ARP PROTOCOL
3. IP HEADER WORKING OF EACH FIELD
4.TCP HEADER  WORKING OF EACH FIELD.
5.OSI MODEL IN DETAIL
6.TCP/IP MODEL IN DETAIL
7.DHCP (DORA) PROCESS  AND WORKING IN SAME VLAN AND DIFFERENT VLAN
8.PRIVATE IP AND PUBLIC IP  AND RANGE
9 SUBNETTING
10.NAT ,DYNAMIC NAT AND PAT
11. STATIC ROUTING
12.DEFAULT ROUTING
13.OVERVIEW OF EIGRP PROTOCOL
14.OVERVIEW OF OSPF PROTOCOL
15 BASIC CONCEPT OF SWITCHING



IF YOU ARE CLEAR WITH THESE TOPIC YOU CAN GET EASILY JOB IN NETWORKING FIELD

I WILL EXPLAIN EACH AND EVERY TOPIC IN DETAIL  IN EASIEST WAY.

IF YOU WANT ANY HELP REGARDING NETWORING KNOW PLEASE TELL ME ON THIS PAGE IN COMMENT