Course Overview

In this five-day task-oriented Authorized Cisco course, you will gain the knowledge and skills needed to configure, maintain, and operate Cisco ASA 5500 Series Adaptive Security appliances. Our labs utilize 5520 security appliances, though the content in this course and our labs is applicable across the ASA and PIX families of security appliances since the command syntax is generally the same. This updates Securing Networks with PIX and ASA (SNPA) v5.0. In SNAF v1.0, the ASDM graphical user interface (GUI) is used for configuration and monitoring. All lessons and labs are now GUI-based, with the commands for each task listed for those who prefer to configure the security appliance via the command line interface (CLI). SNAF 1.0 has been updated to cover new features in Cisco ASA and PIX Security Appliance Software version 8.0 including the following:

• Threat Detection
• Secure Logging
• Remote Command Execution in Failover Pairs
• Redundant Interfaces
• Modular Policy Framework (MPF) enhancements
• Access Control List (ACL) renaming capability
• FTP support for SSL VPN
• Onscreen Keyboard for SSL VPN
• Customization of all SSL VPN user-visible content
• Personal Bookmarks for SSL VPN user

Prerequisites

To benefit fully from this course, you must have these prerequisite skills and knowledge:

• Interconnecting Cisco Network Devices Part 2 (ICND 2)
• Cisco CCNA or equivalent knowledge
• Basic knowledge of the Microsoft Windows operating system
• Familiarity with networking and security terms and concept

Target Audience

Cisco customers who implement and maintain ASA and PIX Security Appliances, Cisco channel who sell, implement, and maintain ASA and PIX Security Appliances, and Cisco systems engineers who support the sale of ASA and PIX Security Appliances will benefit from this course.

After completing this course, students will be able to:

• Functions of the three types of firewalls used to secure today's computer networks
• Technology and features of Cisco security appliances
• How Cisco Adaptive Security Appliances (ASAs) and Cisco PIX Security Appliances protect network devices from attacks and why each is an appropriate choice
• Bootstrap the security appliance, prepare the security appliance for configuration via the Cisco Adaptive Security Device Manager (ASDM), and launch and navigate ASDM
• Perform essential security appliance configuration using ASDM and the CLI
• Configure dynamic and static address translations using ASDM
• Configure switching and routing using ASDM
• Use ASDM to configure ACLs, filter malicious active codes, and filter URLs that meet the requirements of the security policy
• Use the packet tracer for troubleshooting
• Use ASDM to configure object groups that meet the requirements of the security policy
• Use ASDM to configure AAA to meet the requirements of the security policy
• Configure a modular policy that supports the security policy using ASDM
• Use ASDM to configure protocol inspection to meet security policy requirements
• Configure threat detection to meet security policy requirements using ASDM and the CLI
• Using ASDM, configure the security appliance to support a site-to-site VPN that meets policy requirements
• Using ASDM, configure the security appliance to provide secure connectivity using remote access VPNs
• Configure the security appliance to run in transparent firewall mode
• Enable, configure, and manage multiple contexts to meet security policy requirements
• Select and configure the type of failover that best suits the network topology
• Monitor and manage an installed security appliance

Course Outline

• Introducing Cisco Security Appliance Technology and Features
• Cisco Adaptive Security Appliance and PIX Security Appliance
• Getting Started with Cisco Security Appliances
• Essential Security Appliance Configuration
• Configuring Translations and Connection Limits
• Using ACLs and Content Filtering
• Configuring Object Grouping
• Switching and Routing on Security Appliances
• Configuring AAA for Cut-Through Proxy
• Configuring the Cisco Modular Policy Framework
• Configuring Advanced Protocol Handling
• Configuring Threat Detection
• Configuring Site-to-Site VPNs Using Pre-Shared Keys
• Configuring Security Appliance Remote Access VPNs
• Configuring Cisco Security Appliances for SSL VPN
• Configuring Transparent Firewall Mode
• Configuring Security Contexts
• Configuring Failover
• Managing Security Appliances