Securing Networks with ASA Fundamentals 1.0 (SNAF)
5 days Instructor-Led
Course Overview
In this task-oriented Authorized Cisco course, you will gain the knowledge and skills needed to configure,maintain, and operate Cisco ASA 5500 Series Adaptive Security Appliances. Our labs utilize ASA 5520 security appliances, though the content in this course and our labs are applicable across the ASA and PIX families of security appliances since the command syntax is generally the same. This updates Securing Networks with PIX and ASA (SNPA) v5.0. In SNAF 1.0, the ASDM graphical user interface (GUI) is used for configuration and monitoring. All lessons and labs are now GUI-based, with the commands for each task listed for those who prefer to configure the security appliance via the command line interface (CLI). SNAF 1.0 has been updated to cover new features in Cisco ASA and PIX Security Appliance Software Version 8.0, including the following:
• Threat Detection
• Secure Logging
• Remote command execution in failover pairs
• Redundant Interfaces
• Modular Policy Framework (MPF) enhancements
• Access Control List (ACL) renaming capability
• FTP support for SSL VPN
• Onscreen Keyboard for SSL VPN
• Customization of all SSL VPN user-visible content
• Personal Bookmarks fro SSL VPN users
Who will benefit from this course?
• Cisco customers who implement and maintain ASA and PIX Security Appliances
• Cisco channel partners who sell, implement, and maintain ASA and PIX Security Appliances
• Cisco systems engineers who support the sale of ASA and PIX Security Appliances
Prerequisites
To fully benefit from this course, students should have the following prerequisite skills and knowledge:
• ICND2 Interconnecting Cisco Network Devices 2
• Cisco CCNA or the equivalent knowledge
• Basic knowledge of the Microsoft Windows operating system
• Familiarity with networking and security terms and concepts
After completing this course, students will be able to:
• Functions of the three types of firewalls used to secure today's computer networks
• Technology and features of Cisco security appliances
• How Cisco Adaptive Security Appliances (ASAs) and Cisco PIX Security Appliances protect network
devices from attacks and why each is an appropriate choice
• Bootstrap the security appliance, prepare the security appliance for configuration via the Cisco Adaptive Security Device Manager (ASDM), and launch and navigate ASDM
• Perform essential security appliance configuration using ASDM and the CLI
• Configure dynamic and static address translations using ASDM
• Configure switching and routing using ASDM
• Use ASDM to configure ACLs, filter malicious active codes, and filter URLs that meet the requirements of the security policy
• Use the packet tracer for troubleshooting
• Use ASDM to configure object groups that meet the requirements of the security policy
• Use ASDM to configure AAA to meet the requirements of the security policy
• Configure a modular policy that supports the security policy using ASDM
• Use ASDM to configure protocol inspection to meet security policy requirements
• Configure threat detection to meet security policy requirements using ASDM and the CLI
• Using ASDM, configure the security appliance to support a site-to-site VPN that meets policy
requirements
• Using ASDM, configure the security appliance to provide secure connectivity using remote access VPNs
• Configure the security appliance to run in transparent firewall mode
• Enable, configure, and manage multiple contexts to meet security policy requirements
• Select and configure the type of failover that best suits the network topology
• Monitor and manage an installed security appliance
Course OutlineLesson 1: Introducing Cisco Security Appliance Technology and Features
• Technology and features of Cisco security appliances
• Functions of the three types of firewalls that are used to secure modern computer networks
Lesson 2: Cisco Adaptive Security Appliance and PIX Security Appliance Families
• Cisco ASA security appliance models
• Cisco ASA security appliance licensing options
Lesson 3: Getting Started with Cisco Security Appliances
• Four main access modes
• Security appliance file management system
• Security appliance security levels
• ASDM requirements and capabilities
• Use the CLI to configure and verify basic network settings, and prepare the security appliance for configuration via ASDM
• Verify security appliance configuration and licensing via ASDM
Lesson 4: Essential Security Appliance Configuration
• Configure a security appliance for basic network connectivity
• Verify the initial configuration
• Set the clock and synchronize the time on security appliances
• Configure the security appliance to send syslog messages to a syslog server
Lesson 5: Configuring Translations and Connection Limits
• Configure dynamic address translation
• Configure static address translation
• Set connection limits
• Function of TCP and UDP protocols within the security appliance
• Function of static and dynamic translations
Lesson 6: Using ACLs and Content Filtering
• Configure the basic function of ACLs
• Configure additional functions of ACLs
• Configure the security appliance for URL filtering
• Use the packet tracer for troubleshooting
• Configure active code filtering (ActiveX and Java applets)
Lesson 7: Configuring Object Grouping
• Configure object groups and use them in ACLs
• Object grouping feature of the security appliance and its advantages
Lesson 8: Switching and Routing on Security Appliances
• Configure logical interfaces and VLANs
• Configure passive RIP routing
• Dynamic routing capabilities of Cisco security appliances
• Configure static routes and static route tracking
Lesson 9: Configuring AAA for Cut-Through Proxy
• Define and compare AAA
• Install and configure Cisco Secure ACS
• Configure the local user database
• Define and configure cut-through proxy authentication
• Define and configure user authorization using downloadable ACLs
• Define and configure accounting
Lesson 10: Configuring the Cisco Modular Policy Framework
• Cisco Modular Policy Framework feature for security appliances
• Functionality of class maps
• Functionality of policy maps
• Functionality of service policies
• Use ASDM to configure a service policy rule
Lesson 11: Configuring Advanced Protocol Handling
• Need for advanced protocol handling
• How the security appliance implements inspection of common network applications
• Issues with multimedia applications and how the security appliance supports multimedia call control and audio sessions
Lesson 12: Configuring Threat Detection
• Configure and view threat detection statistics
• Configure basic threat detection and scanning threat detection
Lesson 13: Configuring Site-to-Site VPNs Using Pre-Shared Keys
• How security appliances enable a secure VPN
• Perform the tasks necessary to configure security appliance IPsec support
• Commands to configure security appliance IPsec support
• Configure a VPN between security appliances
Lesson 14: Configuring Security Appliance Remote Access VPNs
• Cisco Easy VPN
• Cisco VPN Client
• Configure an IPSec Remote Access VPN
• Configure Users and Groups
Lesson 15: Configuring Cisco Security Appliances for SSL VPN
• SSL VPN and its purpose
• Use the SSL VPN Wizard to configure a basic clientless SSL VPN connection
• Configure SSL VPN policies
• Verify SSL VPN operations
• Customize the clientless SSL VPN portal
Lesson 16: Configuring Transparent Firewall Mode
• Purpose of transparent firewall mode
• How data traverses a security appliance in transparent mode
• Enable transparent firewall mode
• Monitor and maintain transparent firewall mode
Lesson 17: Configuring Security Contexts
• Purpose of security contexts
• Enable and disable multiple context mode
• Configure a security context
• Manage a security context
Lesson 18: Configuring Failover
• Difference between hardware and stateful failover
• Difference between active/standby and active/active failover
• Security appliance failover hardware requirements
• Configure redundant interfaces
• How active/standby failover works
• Security appliance roles of primary, secondary, active, and standby
• How active/active failover works
• Configure active/standby cable-based and LAN-based failover
• Configure active/active failover
• Use remote command execution
Lesson 19: Managing Security Appliances
• Configure Telnet access to the security appliance
• Configure SSH access to the security appliance
• Configure command authorization
• Recover security appliance passwords using general password recovery procedures
• Use TFTP to install and upgrade the software image on the security appliance
