Академический Документы
Профессиональный Документы
Культура Документы
NetworkerInterview
Prepare for CCNA, CCNP, CCIE Interview !
What is a Firewall?
Firewall is a device that is placed between a trusted and an untrusted network. It deny or permit trac that
enters or leaves network based on pre-congured policies. Firewalls protect inside networks from
BuyCCNA
unauthorized access by users on an outside network. A rewall can also protect inside networks from each
other. For example - By keeping a Management network separate from a user network. Questions&A
http://networkerinterview.net/entries/asafirewall/asafirewallinterviewquestionsandanswers 1/10
11/4/2016 ASAFirewallInterviewQuestionsandAnswers[CCIE]|NetworkerInterview
How can we allow packets from lower security level to higher security level (Override Security Levels)? Networke
1,424likes
We use ACLs to allow packets from lower security level to higher security level.
By default same security level trac is not allowed. To allow it we use command:-
1friendlikesthis
ASA(cong)# same-security-trac permit inter-interface.
http://networkerinterview.net/entries/asafirewall/asafirewallinterviewquestionsandanswers 2/10
11/4/2016 ASAFirewallInterviewQuestionsandAnswers[CCIE]|NetworkerInterview
What is the Dierence between ports in ASA 8.4 and ASA 8.2?
In ASA 8.4 all ports are Gigports and in ASA 8.2 all are Ethernet ports.
http://networkerinterview.net/entries/asafirewall/asafirewallinterviewquestionsandanswers 3/10
11/4/2016 ASAFirewallInterviewQuestionsandAnswers[CCIE]|NetworkerInterview
What are the similarities between switch and ASA (in Transparent mode) ?
Both learns which mac addresses are associated with which interface and store them in local mac address
table.
What are the dierences between switch and ASA (in Transparent mode) ?
ASA does not oods unknown unicast frames that are not found in mac address table.
ASA does not participate in STP.
Switch process trac at layer 1 & layer 2 while ASA can process trac from layer 1 to layer 7.
What are the features that are not supported in Transparent mode?
1.Dynamic Routing.
2.Multicasting.
3.QOS.
4.VPNs like IPSec and WebVPN cannot be terminated.
5.ASA cannot act as DHCP relay agent.
http://networkerinterview.net/entries/asafirewall/asafirewallinterviewquestionsandanswers 4/10
11/4/2016 ASAFirewallInterviewQuestionsandAnswers[CCIE]|NetworkerInterview
Explain Failover?
Failover is a cisco proprietary feature. It is used to provide redundancy. It requires two identical ASAs to be
connected to each other through a dedicated failover link. Health of active interfaces and units are
monitored to determine if failover has occurred or not.
http://networkerinterview.net/entries/asafirewall/asafirewallinterviewquestionsandanswers 5/10
11/4/2016 ASAFirewallInterviewQuestionsandAnswers[CCIE]|NetworkerInterview
http://networkerinterview.net/entries/asafirewall/asafirewallinterviewquestionsandanswers 6/10
11/4/2016 ASAFirewallInterviewQuestionsandAnswers[CCIE]|NetworkerInterview
http://networkerinterview.net/entries/asafirewall/asafirewallinterviewquestionsandanswers 7/10
11/4/2016 ASAFirewallInterviewQuestionsandAnswers[CCIE]|NetworkerInterview
BuyVPN&ASAFirewallInterviewQuestionsandAnswersPdf3$
http://networkerinterview.net/entries/asafirewall/asafirewallinterviewquestionsandanswers 8/10
11/4/2016 ASAFirewallInterviewQuestionsandAnswers[CCIE]|NetworkerInterview
ClickforPreview
Go Back
Share
Jitendra Yadav
1
Its really amazing webside, plz keep post good thing on this portal
mandeep kumar
2
it is Awesome!!!
Ashim
3
for study
Janardan
4
sujeet
5
Dilip
6
Comment
Name:
E-mail :
Website :
http://networkerinterview.net/entries/asafirewall/asafirewallinterviewquestionsandanswers 9/10
11/4/2016 ASAFirewallInterviewQuestionsandAnswers[CCIE]|NetworkerInterview
Comment:
Submit
ContactusAboutusPrivacyPolicy
Giveyourvaluablesuggestionsandfeedbackthroughcomments
http://networkerinterview.net/entries/asafirewall/asafirewallinterviewquestionsandanswers 10/10