Securing Networks with ASA Advanced
Course
Inhouse
Description
-
Type
Course
-
Methodology
Inhouse
-
Duration
5 Days
This course covers the advanced feature set for the ASA 5500 series appliances, including Policy NAT, Advanced Protocol Handling, Dynamic Routing and Switching (DRS), advanced IPSec and SSL VPN configuration, EasyVPN, QoS for VPNs, and the CSCSSM and AIPSSM security services modules. Basic configuration of the ASA appliance is covered in the Securing Networks with ASA Fundamentals (SNAF). Suitable for: This course is designed for anyone tasked with implementing or maintaining a secure network using Cisco ASA firewalls. Candidates seeking the Cisco CCSP security certification must also take this course.
About this course
CCNA certification or equivalent knowledge
Basic knowledge of the Windows operating system
Securing Cisco Network Devices (SND)
Securing Networks with ASA Fundamentals (SNAF)
Reviews
Course programme
This course covers the advanced feature set for the ASA 5500 series appliances, including Policy NAT, Advanced Protocol Handling, Dynamic Routing and Switching (DRS), advanced IPSec and SSL VPN configuration, EasyVPN, QoS for VPNs, and the CSC-SSM and AIP-SSM security services modules.
Basic configuration of the ASA appliance is covered in the Securing Networks with ASA Fundamentals (SNAF) course.
Learning objectives
After you complete this course, you will be able to:
- Configure policy NAT based on traffic type
- Configure the Layer 7 Modular Policy Framework for advanced protocol handling
- Segment traffic with VLANs
- Configure dynamic routing
- Establish LAN-to-LAN tunnels with digital certificates
- Configure the IPsec VPN client
- Configure remote access using digital certificates
- Configure QoS for VPN traffic
- Configure WebVPN functionality
- Configure clientless SSL VPNs
- Configure the Cisco AnyConnect VPN Client
- Configure Cisco Secure Desktop and DAP for SSL VPN connections
- Inspect and filter traffic with the CSC-SSM service module
- Identify, alert, and defend against attacks with the AIP-SSM security module
Who should attend
This course is designed for anyone tasked with implementing or maintaining a secure network using Cisco ASA firewalls. Candidates seeking the Cisco CCSP security certification must also take this course.
Recommended prerequisites
- CCNA certification or equivalent knowledge
- Basic knowledge of the Windows operating system
- Securing Cisco Network Devices (SND)
- Securing Networks with ASA Fundamentals (SNAF)
Course outline
Module 1: Advanced NAT
Lesson 1: Applying NAT 0 and Policy NAT
- ACLs
- NAT
- Translation Behavior
- NAT Exemption
- Policy NAT
- Verify and Troubleshoot
Lesson 1: Applying the Cisco Modular Policy Framework
- Cisco Modular Policy Framework Overview
- Configuring the Cisco Modular Policy Framework
- Configuring a Layer 7 Class Map
- Configuring a Regular Expression Class Map
- Configuring a Layer 7 Policy Map
- Verifying the Cisco Modular Policy Framework Configuration
- Protocol Inspection Overview
- FTP Inspection
- HTTP Inspection
- IM Inspection
- ESMTP Inspection
- DNS Inspection
- ICMP Inspection
- Protocol Inspection Verification
Lesson 1: Switching with VLANs
- Cisco ASA VLAN Operations
- VLAN Configuration
- VLAN Configuration on the Cisco ASA 5505
- VLAN Verification
- Dynamic and Static Routing
- RIP
- OSPF
- EIGRP
- Redistribution
- Verification and Troubleshooting
Lesson 1: Understanding IPsec and Digital Certificates
- IPsec Operation
- Digital Certificates and Public-Key Cryptography
- Certificates and Scalability
- Certificate Enrollment Process
- Validating the Certificate
- Certificate Revocation Lists
- Security Appliance Certificate Enrollment Support
- Key Pairs and Trustpoints
- Site-to-Site VPNs
- Configuring CA Certificates
- Site-to-Site IPsec Connection Profiles
- Modifying Certificate to Connection Mapping
- Hub and Spoke
- Site-to-Site Redundancy
- Verifying Site-to-Site VPNs
- Troubleshooting Site-to-Site VPNs
- Cisco VPN Client
- Cisco VPN Client Installation
- Digital Certificates with Cisco VPN Client
- Connection Entry
- Advanced Options
- Verify and Troubleshoot Client Configuration
- Remote-Access VPNs
- Configuring a Cisco ASA for Remote Access
- Installing Cisco ASA Certificates
- Defining a Remote-Access Address Pool
- User Policy Attribute Inheritance
- Configuring an IPsec Connection Profile
- Configuring the Certificate to Connection Profile Policy
- Verifying Remote-Access VPNs
- Troubleshooting Remote-Access VPNs
- Load Balancing
- Reverse Route Injection
- Backup Servers
- Intra-Interface VPN Traffic
- NAT Transparency
- Client Update
- Split Tunneling
- Personal Firewalls
- Introduction to Cisco Easy VPN
- Cisco Easy VPN Server Policy
- Cisco Easy VPN Hardware Client
- QoS Overview
- Cisco ASA QoS
- Configuring QoS for VPNs
- Verifying QoS
Lesson 1: Understanding SSL VPN Technology
- SSL Overview
- Clientless SSL VPN
- Cisco Secure Desktop
- Configuring Clientless SSL VPN
- Verifying Clientless SSL VPN Operation
- Configuring Port-Forwarding SSL VPN
- Verifying Port-Forwarding SSL VPN
- Configuring Additional SSL VPN Features
- Troubleshooting Clientless and Port-Forwarding SSL VPNs
- Cisco Full Network Access SSL VPN Overview
- Configuring Cisco AnyConnect SSL VPN
- Verifying Cisco AnyConnect VPN Operation
- Configuring Advanced Features for the Cisco AnyConnect VPN Client
- Configuring Certificate-Based Authentication for the Cisco AnyConnect SSL VPN
- Troubleshooting Cisco AnyConnect VPN Client Operation
- Cisco Secure Desktop Overview
- Cisco Secure Desktop Interoperability
- Preparing the Cisco ASA for Cisco Secure Desktop
- Cisco Secure Desktop Workflow
- Prelogin Assessment
- Secure Session
- Cache Cleaner
- Host Emulation and Keystroke Logger Detection
- Host Scan
- Dynamic Access Policy
- DAP Testing
Lesson 1: Examining the Cisco SSMs
- Business Challenges
- Cisco SSMs
- CSC-SSM
- AIP-SSM
- AIP-SSM or CSC-SSM
- CSC-SSM Overview
- CSC-SSM Software Loading
- Initial CLI Cisco CSC Configuration
- Initially Configuring the CSC-SSM with the Cisco ASDM CSC Setup Wizard
- AIP-SSM Overview
- AIP-SSM Software Loading
- Initial Cisco IPS ASDM Configuration
- Configure a Cisco IPS Security Policy
Lab: Implementing Advanced NAT
Lab: Configuring Advanced Protocol Inspection
Lab: Dynamic Routing with EIGRP and OSPF
Lab: Site-to-Site with Digital Certificates
Lab: Remote Access with Digital Certificates
Lab: Cisco ASA 5505 Easy VPN Hardware Client
Lab: Clientless SSL VPNs
Lab: SSL VPNs with the Cisco AnyConnect Client
Lab: Cisco Secure Desktop and Dynamic Access Policy
Lab: Initializing AIP-SSM
Securing Networks with ASA Advanced