Register Now

Course Overview

In this five-day task-oriented Authorized Cisco course, you will gain the knowledge and skills needed to configure, maintain, and operate Cisco ASA 5500 Series Adaptive Security appliances.

Our labs utilize 5520 security applicances, though the content in this course and our labs is applicable across the ASA and PIX families of security appliances since the command syntax is generally the same.

This updates Securing Networks with PIX and ASA (SNPA) v5.0. In SNAF v1.0, the ASDM graphical user interface (GUI) is used for configuration and monitoring. All lessons and labs are now GUI-based, with the commands for each task listed for those who prefer to configure the security appliance via the command line interface (CLI). SNAF 1.0 has been updated to cover new features in Cisco ASA and PIX Security Appliance Software version 8.0 including the following:

• Threat Detection
• Secure Logging
• Remote Command Execution in Failover Pairs
• Redundant Interfaces
• Modular Policy Framework (MPF) enhancements
• Access Control List (ACL) renaming capability
• FTP support for SSL VPN
• Onscreen Keyboard for SSL VPN
• Customization of all SSL VPN user-visible content
• Personal Bookmarks for SSL VPN user

Who will benefit from this course?

• Cisco customers who implement and maintain ASA and PIX Security Appliances
• Cisco channel who sell, implement, and maintain ASA and PIX Security Appliances
• Cisco systems engineers who support the sale of ASA and PIX Security Appliances

Sunset Learning Differentiators:

Our SLI team of experienced instructors have designed labs to reflect real-world scenarios and tasks associated with a working environment. SLI is a top tier Cisco Learning Solutions Partner. We are among the premier Cisco partners in the Learning Channel. Our sole focus and core competency is Cisco. We do it better than anyone else. All of our instructors are full time employees and are available to answer your post training questions through our Sunset Forums.

Prerequisites

• Interconnecting Cisco Network Devices Part 2 (ICND 2)
• Cisco CCNA or equivalent knowledge
• Basic knowledge of the Microsoft Windows operating system
• Familiarity with networking and security terms and concept

Related Courses

• SNAA Securing Networks With ASA Advanced
• IPS Implementing Cisco Intrusion Prevention System 6.0
• MARS Cisco Monitoring Analysis and Response System 3.0
• IINS – Implementing Cisco IOS Network Security 1.0
• SNRS – Securing Networks with Cisco Routers and Switches 2.0

Course Objectives

•  Functions of the three types of firewalls used to secure today's computer networks
• Technology and features of Cisco security appliances
• How Cisco Adaptive Security Appliances (ASAs) and Cisco PIX Security Appliances protect network devices from attacks and why each is an appropriate choice
• Bootstrap the security appliance, prepare the security appliance for configuration via the Cisco Adaptive Security Device Manager (ASDM), and launch and navigate ASDM
• Perform essential security appliance configuration using ASDM and the CLI
• Configure dynamic and static address translations using ASDM
• Configure switching and routing using ASDM
• Use ASDM to configure ACLs, filter malicious active codes, and filter URLs that meet the requirements of the security policy
• Use the packet tracer for troubleshooting
• Use ASDM to configure object groups that meet the requirements of the security policy
• Use ASDM to configure AAA to meet the requirements of the security policy
• Configure a modular policy that supports the security policy using ASDM
• Use ASDM to configure protocol inspection to meet security policy requirements
• Configure threat detection to meet security policy requirements using ASDM and the CLI
• Using ASDM, configure the security appliance to support a site-to-site VPN that meets policy requirements
• Using ASDM, configure the security appliance to provide secure connectivity using remote access VPNs
• Configure the security appliance to run in transparent firewall mode
• Enable, configure, and manage multiple contexts to meet security policy requirements
• Select and configure the type of failover that best suits the network topology
• Monitor and manage an installed security appliance

Course Outline

Introducing Cisco Security Appliance Technology and Features

• Functions of the three types of firewalls that are used to secure modern computer networks
• Technology and features of Cisco security appliances

Cisco Adaptive Security Appliance and PIX Security Appliance Families

• Cisco ASA security appliance models
• Cisco ASA security appliance licensing options

Getting Started with Cisco Security Appliances

• Four main access modes
• Security appliance file management system
• Security appliance security levels
• ASDM requirements and capabilities
• Use the CLI to configure and verify basic network settings, and prepare the security appliance for configuration via ASDM
• Verify security appliance configuration and licensing via ASDM

Essential Security Appliance Configuration

• Configure a security appliance for basic network connectivity
• Verify the initial configuration
• Set the clock and synchronize the time on security appliances
• Configure the security appliance to send syslog messages to a syslog server

Configuring Translations and Connection Limits

• Function of TCP and UDP protocols within the security appliance
• Function of static and dynamic translations
• Configure dynamic address translation
• Configure static address translation
• Set connection limit

Using ACLs and Content Filtering

• Configure the basic function of ACLs
• Configure additional functions of ACLs
• Configure active code filtering (ActiveX and Java applets)
• Configure the security appliance for URL filtering
• Use the packet tracer for troubleshooting

Configuring Object Grouping

• Object grouping feature of the security appliance and its advantages
• Configure object groups and use them in ACLs

Switching and Routing on Security Appliances

• Configure logical interfaces and VLANs
• Configure static routes and static route tracking
• Dynamic routing capabilities of Cisco security appliances
• Configure passive RIP routing

Configuring AAA for Cut-Through Proxy

• Define and compare AAA
• Install and configure Cisco Secure ACS
• Configure the local user database
• Define and configure cut-through proxy authentication
• Define and configure user authorization using downloadable ACLs
• Define and configure accounting

Configuring the Cisco Modular Policy Framework

• Cisco Modular Policy Framework feature for security appliances
• Functionality of class maps
• Functionality of policy maps
• Functionality of service policies
• Use ASDM to configure a service policy rule

Configuring Advanced Protocol Handling

• Need for advanced protocol handling
• How the security appliance implements inspection of common network applications
• Issues with multimedia applications and how the security appliance supports multimedia call control and audio sessions

Configuring Threat Detection

• Threat detection and statistics
• Configure basic threat detection and scanning threat detection
• Configure and view threat detection statistics

Configuring Site-to-Site VPNs Using Pre-Shared Keys

• How security appliances enable a secure VPN
• Perform the tasks necessary to configure security appliance IPsec support
• Commands to configure security appliance IPsec support
• Configure a VPN between security appliances

Configuring Security Appliance Remote Access VPNs

• Cisco Easy VPN
• Cisco VPN Client
• Configure an IPSec Remote Access VPN
• Configure Users and Groups

Configuring Cisco Security Appliances for SSL VPN

• SSL VPN and its purpose
• Use the SSL VPN Wizard to configure a basic clientless SSL VPN connection
• Configure SSL VPN policies
• Verify SSL VPN operations
• Customize the clientless SSL VPN portal

Configuring Transparent Firewall Mode

• Purpose of transparent firewall mode
• How data traverses a security appliance in transparent mode
• Enable transparent firewall mode
• Monitor and maintain transparent firewall mode

Configuring Security Contexts

• Purpose of security contexts
• Enable and disable multiple context mode
• Configure a security context
• Manage a security context

Configuring Failover

• Difference between hardware and stateful failover
• Difference between active/standby and active/active failover
• Security appliance failover hardware requirements
• Configure redundant interfaces
• How active/standby failover works
• Security appliance roles of primary, secondary, active, and standby
• How active/active failover works
• Configure active/standby cable-based and LAN-based failover
• Configure active/active failover
• Use remote command execution

Managing Security Appliances

• Configure Telnet access to the security appliance
• Configure SSH access to the security appliance
• Configure command authorization
• Recover security appliance passwords using general password recovery procedures
• Use TFTP to install and upgrade the software image on the security appliance

Labs

Our investment in enhanced and exclusive labs means you get the experience you need using current software and hardware. We provide an unparalleled lab infrastructure for CCSP-oriented courses. For SNAF, each pod has a 2811 router, a 3560 switch, one 5520 and one 5505 ASA per pod, and two PC systems. These devices are organized in a real-world fashion and are configured to work together to provide a complete security solution. The two PCs are strategically placed in the topology to provide interesting and realistic functional demonstrations. An Inside PC is treated as the Security Administrator's office desktop PC, and an Inside Server runs the applications, such as Cisco Secure Access Control Server, intended to be installed in the data center and shared among multiple administrators. The DMZ server is partially exposed to the Internet and provides HTTP and FTP services. An Outside PC is connected to the simulated Internet and can be used as a simulated web server and as the source of inbound connections.