ASA

ASA
A key part of the Cisco PIX operating environment is the ASA. The ASA is more secure and
efficient than packet filtering and provides better performance than application-type proxy
firewalls. The ASA segregates the network segments connected to the firewall, maintains
secure perimeters, and can control traffic between those segments.
The firewall interfaces are assigned security levels. The PIX allows traffic to pass from an
interface with a higher security level (inside) to an interface with a lower security level
(outside) without an explicit rule for each resource on the higher-level segment. Traffic that
is coming from an interface with a lower security level destined for an interface with a higher
security level must meet the following two requirements:
■ A static translation must exist for the destination.
■ An access list or conduit must be in place to allow the traffic.
Access lists and conduits can be used to deny traffic from a higher security level to a lower
security level just as they allow traffic from a lower level to a higher level.
NOTE The use of conduits is not supported beyond PIX OS version 6.3.