Cisco Systems ASA 5580 Manual De Usuario

This chapter describes how to configure application layer protocol inspection. Inspection engines are 
required for services that embed IP addressing information in the user data packet or that open secondary 
channels on dynamically assigned ports. These protocols require the ASA to do a deep packet inspection 
instead of passing the packet through the fast path (see the general operations configuration guide for 
more information about the fast path). As a result, inspection engines can affect overall throughput. 
Several common inspection engines are enabled on the ASA by default, but you might need to enable 
others depending on your network. 

This chapter includes the following sections:

This section includes the following topics:

As illustrated in 

, the ASA uses three databases for its basic operation:

ACLs—Used for authentication and authorization of connections based on specific networks, hosts, 
and services (TCP/UDP port numbers).

Inspections—Contains a static, predefined set of application-level inspection functions.

Connections (XLATE and CONN tables)—Maintains state and other information about each 
established connection. This information is used by the Adaptive Security Algorithm and 
cut-through proxy to efficiently forward traffic within established sessions.