Securing Networks with ASA Advanced (SNAA)

Securing Networks with ASA Advanced (SNAA) v1.0 is a new course to replace the Cisco Secure Virtual Private Networks (CSVPN) & Securing Networks with PIX and ASA (SNPA) courses. In order to cover new features in ASA software version 8.0 and to fully cover the VPN features of the ASA, the content of SNPA was split into two courses, one that covers the fundamentals and on that covers more advanced topics. Content that has been moved to SNAA includes the following: configuring the ASA 5505 dual-ISP support, configuring ASA 5505 VLANs, configuring policy NAT, Installing and configuring the Cisco Secure Desktop, configuring the security appliance to pass multicast traffic, configuring Layer 7 class maps and policy maps, and initialising the AIP-SSM and CSC-SSM. SNAA also utilises the graphical user interface instead of the command line interface for explanation and discussions of configuring the ASA. The SNAA 1.0 course takes a task-oriented approach to teaching the skills to deploy, configure, and administer the Cisco ASA using a fictional company's deployment of an ASA which is based on real world scenarios.

Course Objectives
This course is the follow on from SNAF, covering advanced topics of Adaptive Security. Upon completing this course, you will be able to meet these overall objectives:

• Configure policy NAT based on traffic type
• Describe the layer 7 modular policy framework for the security appliance and how it is configured.
• Describe the layer 7 advanced protocol handling capabilities of modular policy frame and how it is configured.
• Determine the necessary configuration for the ASA 5505 to be a VPN hardware client.
• Configure CSD and DAP for SSL VPN connections on the Cisco ASA.
• Identify the steps needed to configure, inspect, and filter traffic with the Content Security and Control SSM.
• Identify the steps needed to configure the security appliance to identify, alert, and defend against attacks.

Prerequisites
The delegate must have attended the course SNAF - Securing Networks with ASA Fundamentals.


Who should attend

• Partner
• Customer
• Reseller
• Employee

Course outlineModule 1:Advanced ASA NAT
Lesson 1: Applying NAT 0 and Policy NAT
Read Module 2
Module 2:Advanced Protocol Handling
Lesson 1: Applying the Cisco Modular Policy Framework
Lesson 2: Handling Advanced Protocol
Read Module 3
Module 3:Dynamic Routing and Switching
Lesson 1: Switching with VLANs
Lesson 2: Routing with Dynamic Protocols
Read Module 4
Module 4:IPsec VPNs
Lesson 1: Understanding IPsec and Digital Certificates
Lesson 2: Implementing Site-to-Site VPNs with Digital Certificates
Lesson 3: Configuring the Cisco VPN Client
Lesson 4: Implementing Remote Access VPNs with Digital Certificates
Lesson 5: Configuring Advanced Remote Access Features and Policy
Lesson 6: Configuring the ASA 5505 as an Easy VPN Hardware Client
Lesson 7: IPsec VPNs and QoS
Read Module 5
Module 5:SSL VPNs
Lesson 1: SSL VPN Technology Overview
Lesson 2: Configuring Clientless SSL VPNs
Lesson 3: Configuring Full Network Access SSL VPNs
Lesson 4: Cisco Secure Desktop
Lesson 5: Securing the Desktop with CSD and DAP
Read Module 6
Module 6:Security Services Modules
Lesson 1: Examining the SSMs
Lesson 2: CSC-SSM: Getting Started
Lesson 3: AIP-SSM: Getting Started
Lab Outline
Lab1-1: Implementing Advanced NAT
Lab 2-1: Implementing MPF for FTP and HTTP
Lab 3-1: Dynamic Routing with EIGRP and OSPF
Lab 4-1: Site-to-Site with Digital Certificates
Lab 4-2: Remote Access with Digital Certificates
Lab 4-3: ASA 5505 Easy VPN Hardware Client
Lab 5-1: Clientless SSL VPNs
Lab 5-2: SSL VPNs with AnyConnect Client
Lab 5-3: Cisco Secure Desktop and Dynamic Access Policy
Lab 6-1: Initialising AIP-SSM
.