Filter
Top Products
47-46
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 47 Configuring Inspection of Basic Internet Protocols
IPsec Pass Through Inspection
IPsec Pass Through Inspection
This section describes the IPsec Pass Through inspection engine. This section includes the following
topics:
• IPsec Pass Through Inspection Overview, page 47-46
• Select IPsec-Pass-Thru Map, page 47-46
• IPsec Pass Through Inspect Map, page 47-47
• Add/Edit IPsec Pass Thru Policy Map (Security Level), page 47-48
• Add/Edit IPsec Pass Thru Policy Map (Details), page 47-49
IPsec Pass Through Inspection Overview
Internet Protocol Security (IPsec) is a protocol suite for securing IP communications by authenticating
and encrypting each IP packet of a data stream. IPsec also includes protocols for establishing mutual
authentication between agents at the beginning of the session and negotiation of cryptographic keys to
be used during the session. IPsec can be used to protect data flows between a pair of hosts (for example,
computer users or servers), between a pair of security gateways (such as routers or firewalls), or between
a security gateway and a host.
IPsec Pass Through application inspection provides convenient traversal of ESP (IP protocol 50) and AH
(IP protocol 51) traffic associated with an IKE UDP port 500 connection. It avoids lengthy access list
configuration to permit ESP and AH traffic and also provides security using timeout and max
connections.
Specify IPsec Pass Through inspection parameters to identify a specific map to use for defining the
parameters for the inspection. Configure a policy map for Specify IPsec Pass Through inspection to
access the parameters configuration, which lets you specify the restrictions for ESP or AH traffic. You
can set the per client max connections and the idle timeout in parameters configuration.
NAT and non-NAT traffic is permitted. However, PAT is not supported.
Select IPsec-Pass-Thru Map
The Select IPsec-Pass-Thru Map dialog box is accessible as follows:
Add/Edit Service Policy Rule Wizard > Rule Actions > Protocol Inspection Tab >
Select IPsec-Pass-Thru Map
The Select IPsec-Pass-Thru dialog box lets you select or create a new IPsec map. An IPsec map lets you
change the configuration values used for IPsec application inspection. The Select IPsec Map table
provides a list of previously configured maps that you can select for application inspection.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
••••—