Cisco ASA features
Cisco ASA is a multipurpose firewall appliance, which means that it supports many additional features besides packet filtering. Here is a list of some of the features supported by ASA:
- packet filtering – packet filtering using standard and extended ACLs.
- stateful filtering – a feature that enables ASA to keep track of the state of network connections so that the filtering decisions are not only be based on the defined rules, but also on context that has been built by previous connections. For example, if a user from the inside network makes a request to a server on the outside network, the return traffic is allowed back in through the firewall (in spite of the access lists that stops all traffic from the outside).
- Network Address Translation (NAT) – ASA supports inside and outside NAT, and both static and dynamic NAT and PAT.
- application inspection – ASA can be configured to listen in on conversations between devices on one side and devices on the other side of the firewall and dynamically allow the communication between them.
- DHCP – ASA can serve as a DHCP server and distribute network parameters to other devices in the network.
- VPN – ASA can act as a VPN server.
- AAA – ASA supports a variety of AAA server types.
- routing – ASA can be used as a router and supports routing protocols such as EIGRP or OSPF.
- high availability – it is possible to use two ASAs in a high-availability failover combination to protect agains a single point of failure.