Implicit Behavioral Differences

From DocWiki

Revision as of 01:11, 7 May 2010 by Mikecrowe4ics (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Implicit Behavioral Differences

The following table lists the implicit behavioral differences between FWSM and ASA.

Implicit Behavior Behavior in FWSM Behavior in ASA
Implicit Deny By default, implicit deny for all IP traffic between interfaces, regardless of security level. Implicit permit from high security to low security interfaces.
ICMP to-the-box deny Implicit ICMP deny to the interface. Implicit permit.
NAT matching for statistics Static NAT and static PAT (regular and policy static command) -- Best Match. In the case of overlapping address in the static statements, a warning is displayed, but they are supported. The order of static commands does not matter; the static statement that best matches the real address is used. Static NAT and static PAT (regular and policy static command) -- In order until the first match.

Rating: 5.0/5 (1 vote cast)

Retrieved from "http://docwiki.cisco.com/wiki/Implicit_Behavioral_Differences"
Personal tools