© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

© 2003, Cisco Systems, Inc. All rights reserved..
Cisco CCNA Security Overview
Guide to Network Defense and Countermeasures Second Edition
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Operating and Configuring Cisco IOS Devices © 2004 Cisco Systems, Inc. All rights reserved. Operating Cisco IOS Software INTRO v2.0—8-1.
Module 5: Configuring Access for Remote Clients and Networks.
SCSC 455 Computer Security Virtual Private Network (VPN)
1 Configuring Virtual Private Networks for Remote Clients and Networks.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L4 1 Implementing Secure Converged Wide Area Networks (ISCW)
CCNA 5.0 Planning Guide Chapter 7: Securing Site-to-Site Connectivity
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Implementing Secure Converged Wide Area Networks (ISCW)
Internet Protocol Security (IPSec)
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
Course 201 – Administration, Content Inspection and SSL VPN
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Securing Site-to-Site Connectivity Connecting Networks.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 5 – Implementing Intrusion Prevention.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 8 – Implementing Virtual Private Networks.
Chapter 20: Getting from the Office to the Road: VPNs BAI617.
Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 3 City College.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Configuring Network Devices Working at a Small-to-Medium Business or.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model.
Securing Wired Local Area Networks(LANs)
Cisco ASA 5505 Joseph Cicero Northeast Wisconsin Technical College.
Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.
Chapter 5: Implementing Intrusion Prevention
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Chapter 8: Implementing Virtual Private Networks
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 6 City College.
Chapter 3: Authentication, Authorization, and Accounting
Firewall Security.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L5 1 Implementing Secure Converged Wide Area Networks (ISCW) Module 3.1.
Chapter 9: Implementing the Cisco Adaptive Security Appliance
Chapter 6: Securing the Local Area Network
Chapter 4: Implementing Firewall Technologies
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-1 Lesson 3 Cisco PIX Firewall Technology and Features.
Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.
Chapter 2: Configure a Network Operating System
© 2002, Cisco Systems, Inc. All rights reserved..
Securing Access to Data Using IPsec Josh Jones Cosc352.
Cisco Exam Questions IMPLEMENTING CISCO IOS NETWORK SECURITY (IINS V2.0) VERSION: Presents: 1.
© 2001, Cisco Systems, Inc. CSPFA 2.0—16-1 Chapter 16 Cisco PIX Device Manager.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
Operating Cisco IOS Software
Configuring Network Devices
Instructor Materials Chapter 8 Configuring Cisco Devices
© 2002, Cisco Systems, Inc. All rights reserved.
The sign of success.
SECURING NETWORK TRAFFIC WITH IPSEC
Complete Exam Dumps - Pass In 24 Hours - Dumps4Download
Configuring Network Devices
Chapter 10: Advanced Cisco Adaptive Security Appliance
Presentation transcript:

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security Appliance (ASA)

© 2012 Cisco and/or its affiliates. All rights reserved. 2 Explain how the ASA is an advanced stateful firewall. Describe types of firewalls. Describe the default configuration of an ASA Implement an ASA firewall configuration. Configure an ASA to provide basic firewall services using ASDM. Explain and configure access lists and object groups on an ASA. Configure an ASA to provide NAT services. Configure access control using the local database and AAA server. Describe the configuration of Modular Policy Framework (MPF) on an ASA. Implement an AnyConnect SSL VPN and a clientless SSL VPN on an ASA.

© 2012 Cisco and/or its affiliates. All rights reserved Implementing AAA on Cisco Devices 3.1 Implement AAA (authentication, authorization, and accounting) AAA on ASA 7.0 Implementing Cisco Firewall Technologies 7.5 Implement the Cisco Adaptive Security Appliance NAT ACL Default MFP Cisco ASA Security Levels

© 2012 Cisco and/or its affiliates. All rights reserved Implementing VPN Technologies 9.2 Describe VPN technologies IPsec SSL 9.3 Describe the building blocks of IPsec IKE ESP AH Tunnel mode Transport mode 9.6 Implement SSL VPN using ASA Security Device Manager (ASDM) Clientless AnyConnect

© 2012 Cisco and/or its affiliates. All rights reserved. 5 The Adaptive Security Appliance (ASA) is a standalone firewall device that is a primary component of the Cisco SecureX technology. –It combines firewall, VPN concentrator, and intrusion prevention functionality into one device. –It can also support advanced features such as virtualization, high availability with failover, identity firewall, and advanced threat control. –It can be configured in routed mode or in transparent mode. The ASA assigns security levels to distinguish between inside and outside networks. –Security levels define the level of trustworthiness of an interface; the higher the level (up to 100), the more trusted the interface. –Each operational interface must have a name and a security level from 0 (lowest) to 100 (highest) assigned.

© 2012 Cisco and/or its affiliates. All rights reserved. 6 The ASA 5505 ships with a default configuration that is sufficient for SOHO deployments. –The configuration includes two preconfigured VLAN networks, DHCP enabled for inside hosts, and NAT for outside access. ASA devices can be configured and managed using either the CLI or the Adaptive Security Device Manager (ASDM) GUI. –The ASA CLI has a similar look and feel to the router IOS. –Cisco ASDM facilitates the setup, configuration, monitoring, and troubleshooting of Cisco ASAs. ASDM provides several wizards to help simplify the configuration. –The Startup Wizard guides through the initial configuration of the ASA. –The VPN wizards guides basic site-to-site and remote access VPN configurations.

© 2012 Cisco and/or its affiliates. All rights reserved. 7 Like ISR routers, the ASA: –Provides basic traffic filtering capabilities with ACLs. –Supports objects and object groups making it easier to maintain configurations. –Supports NAT and PAT. These addresses can either static or dynamic. –Can be configured to authenticate using a local user database or an external server. The ASA uses the Modular Policy Framework (MPF) to define sets of rules for applying firewall features.

© 2012 Cisco and/or its affiliates. All rights reserved. 8 The ASA provides support for site-to-site IPsec VPNs and can also support the following remote access VPNs: –Clientless SSL VPN Remote Access (using a web browser) –SSL or IPsec (IKEv2) VPN Remote Access (using Cisco AnyConnect client) –IPsec (IKEv1) VPN Remote Access (using Cisco VPN client) With a clientless SSL VPN deployment, remote clients use an SSL web portal interface. Client-based SSL VPN requires a client, such as the Cisco AnyConnect VPN client, to be pre-installed on the host, or downloaded on-demand via a browser.

© 2012 Cisco and/or its affiliates. All rights reserved. 9 Chapter 10 Lab A: Configuring ASA Basic Settings and Firewall Using CLI –Part 1: Lab Setup –Part 2: Accessing the ASA Console and Using CLI Setup Mode to Configure Basic Settings –Part 3: Configuring Basic ASA Settings and Interface Security Levels Using CLI –Part 4: Configuring Routing, Address Translation and Inspection Policy Using CLI –Part 5: Configuring DHCP, AAA, and SSH –Part 6: Configuring a DMZ, Static NAT, and ACLs

© 2012 Cisco and/or its affiliates. All rights reserved. 10 Chapter 10 Lab B: Configuring ASA Basic Settings and Firewall Using ASDM –Part 1: Lab Setup –Part 2: Accessing the ASA Console and ASDM –Part 3: Configuring ASA Settings and Firewall Using the ASDM Startup Wizard –Part 4: Configuring ASA Settings from the ASDM Configuration Menu –Part 5: Configuring a DMZ, Static NAT and ACLs Chapter 10 Lab C: Configuring Clientless and AnyConnect Remote Access SSL VPNs Using ASDM –Part 1: Lab Setup –Part 2: Access the ASA Console and Prepare for VPN configuration –Part 3: Configuring Clientless SSL VPN Remote Access Using ASDM –Part 4: Configuring AnyConnect Client SSL VPN Remote Access Using ASDM

© 2012 Cisco and/or its affiliates. All rights reserved. 11 Chapter 10 Lab D: Configuring a Site-to-Site IPsec VPN Using CCP and ASDM –Part 1: Basic Router/Switch/PC Configuration –Part 2: Basic ASA Configuration –Part 3: Configuring the ISR as a Site-to-Site IPsec VPN Endpoint Using CCP –Part 4: Configuring the ASA as a Site-to-Site IPsec VPN Endpoint Using ASDM

© 2012 Cisco and/or its affiliates. All rights reserved. 12

© 2012 Cisco and/or its affiliates. All rights reserved. 13 Note: Refer to Chapter 8 Terms and Acronyms.

© 2012 Cisco and/or its affiliates. All rights reserved. 14 This is a new chapter. This chapter was not included in v1.0; therefore all content should be considered new.

© 2012 Cisco and/or its affiliates. All rights reserved. 15 Use the knowledge gained during Chapter 1 – 9 to help cover the topics in Chapter 10.

© 2012 Cisco and/or its affiliates. All rights reserved. 16 The ASA 5505 is different from the other 5500 series ASA models. –With the ASA 5505, the eight integrated switch ports are Layer 2 ports, and therefore cannot be assigned IP addresses directly. –With other ASAs, the physical port can be assigned a Layer 3 IP address directly, much like a Cisco router. On an ASA 5505, Layer 3 parameters are configured on a SVI. –The SVI requires a name, interface security level, and IP address. –The Layer 2 switch ports are then assigned to a specific VLAN. –Switch ports on the same VLAN can communicate with each other using hardware switching. –But when a switch port on VLAN 1 wants to communicate with a switch port on VLAN 2, then the ASA applies the security policy to the traffic and routes between the two VLANs.

© 2012 Cisco and/or its affiliates. All rights reserved. 17 The Cisco ASA command set is similar to Cisco IOS routers. Like a Cisco IOS router, the ASA also recognizes the following: –Abbreviation of commands and keywords –Tab key to complete a partial command –The help key (?) after the command Unlike an ISR, the ASA performs as follows: –Execute any ASA CLI command regardless of the current configuration mode prompt. The IOS do command is not required or recognized. –Provide a brief description and command syntax when help is entered followed by the command. –Interrupt show command output using Q. The IOS requires Ctrl+C (^C).

© 2012 Cisco and/or its affiliates. All rights reserved. 18 ASDM is similar to CCP. It requires that a router be initially configured. ASDM can be run locally on a host or from the ASA flash. –ASDM can be downloaded on a host from the ASA flash. Like CCP, ASDM provides several wizard to help in device configuration.

© 2012 Cisco and/or its affiliates. All rights reserved. 19 The ASA provides two main deployment modes that are found in Cisco SSL VPN solutions: –Clientless SSL VPN is a browser-based VPN option and once authenticated, users access a portal page and can access specific, supported internal resources. –Client-Based SSL VPN provides full tunnel SSL VPN connection but the AnyConnect client application to be installed on the remote host. AnyConnect can be pre-installed on the host or it can be downloaded on-demand from the ASA. AnyConnect is also available for various operating systems and smart devices.

© 2012 Cisco and/or its affiliates. All rights reserved. 20 The same analogies covered in Chapter 8 can be used here.

© 2012 Cisco and/or its affiliates. All rights reserved. 21 The same classroom discussions from Chapter 8 can be used. Why / When would you use an ASA instead of an ISR router?

© 2012 Cisco and/or its affiliates. All rights reserved. 22 This chapter is best learned by applying the concepts as much as possible. –Student must get their own battle scars. Encourage students to come up with their own VPN topology scenarios. –Have them interconnect an ASA with an ISR router.

© 2012 Cisco and/or its affiliates. All rights reserved. 23 For more information, go to: – – –

© 2011 Cisco and/or its affiliates. All rights reserved. 24

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.