Chapter 9: Implementing the Cisco Adaptive Security Appliance

Slides:



Advertisements
Similar presentations
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
Advertisements

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Troubleshooting Working at a Small-to-Medium Business or ISP – Chapter 9.
Sybex CCNA Chapter 11: Network Address Translation Instructor & Todd Lammle.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 8 – PIX Security Appliance Contexts, Failover, and Management.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Providing Teleworker Services Accessing the WAN – Chapter 6.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Cisco Certified Network Associate CCNA Access the WAN Asst.Prof. It-arun.
Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.
Introduction to Network Address Translation
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 NGWC – Central Webauth (CWA) using ISE 3850 and 5760 Viten Patel – RTP Wireless.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Chapter 11: Managing a Secure Network
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
Cisco ASA 5505 Joseph Cicero Northeast Wisconsin Technical College.
Chapter 5: Implementing Intrusion Prevention
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Saeed Darvish Pazoki – MCSE, CCNA Abstracted From: Cisco Press – ICND 2 – 6 IP Access Lists 1.
Access Control Lists Accessing the WAN – Chapter 5.
Chapter 8: Implementing Virtual Private Networks
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 6 City College.
Chapter 3: Authentication, Authorization, and Accounting
Chapter 2: Securing Network Devices
Chapter 7: Cryptographic Systems
Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.
Firewalls and proxies Unit objectives
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Basic Switch Configurations.
Chapter 6: Securing the Local Area Network
Chapter 4: Implementing Firewall Technologies
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-1 Lesson 6 Translations and Connections.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-1 Lesson 3 Cisco PIX Firewall Technology and Features.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—13-1 Lesson 13 Switching and Routing.
Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.
Chapter 2: Configure a Network Operating System
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists.
Cisco Exam Questions IMPLEMENTING CISCO IOS NETWORK SECURITY (IINS V2.0) VERSION: Presents: 1.
Network Troubleshooting CT NWT NameTP No. Gan Pei ShanTP Tan Ming FattTP Elamparithi A/L ThuraisamyTP Tan Ken SingTP
© 2001, Cisco Systems, Inc. CSPFA 2.0—16-1 Chapter 16 Cisco PIX Device Manager.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
Configuring Network Devices
© 2002, Cisco Systems, Inc. All rights reserved.
Instructor Materials Chapter 5: Network Security and Monitoring
Accessing the WAN – Chapter 5
Instructor Materials Chapter 7: Access Control Lists
Instructor Materials Chapter 2: Configure a Network Operating System
100% Exam Passing Guarantee & Money Back Assurance
The sign of success.
Only Two Ways through the PIX Firewall
Chapter 2: Configure a Network Operating System
Cisco ASA Express Security
Instructor Materials Chapter 9: NAT for IPv4
Routing and Switching Essentials v6.0
Accessing the WAN – Chapter 5
Virtual Network Management Center 2
Accessing the WAN – Chapter 5
NETW 208 Enthusiastic Studysnaptutorial.com
Cisco Real Exam Dumps IT-Dumps
Chapter 2: Configure a Network Operating System
Chapter 4: Access Control Lists
Configuring Network Devices
Instructor Materials Chapter 9: NAT for IPv4
Chapter 10: Advanced Cisco Adaptive Security Appliance
Presentation transcript:

Chapter 9: Implementing the Cisco Adaptive Security Appliance CCNA Security v2.0

Chapter Outline 9.0 Introduction 9.1 Introduction to the ASA 9.2 ASA Firewall Configuration 9.3 Summary Chapter Outline

Section 9.1: Introduction to the ASA Upon completion of this section, you should be able to: Compare ASA solutions to other routing firewall technologies. Explain ASA 5505 operation with the default configuration.

Topic 9.1.1: ASA Solutions

ASA Firewall Models Small Office and Branch Office ASA Models

ASA Firewall Models (Cont.) Internet Edge Models 9.1.1.1 ASA Firewall Models (Cont.)

ASA Firewall Models (Cont.) Enterprise Data Center Models 9.1.1.1 ASA Firewall Models (Cont.) 9.1.1.2 Cisco ASA Next-Generation Firewall Appliances: Video - Introducing Cisco ASA with FirePOWER Services

Advanced ASA Firewall Feature ASA Virtualization 9.1.1.3 Advanced ASA Firewall Feature

Advanced ASA Firewall Feature (Cont.) High Availability 9.1.1.3 Advanced ASA Firewall Feature (Cont.)

Advanced ASA Firewall Feature (Cont.) Identity Firewall 9.1.1.3 Advanced ASA Firewall Feature (Cont.)

Advanced ASA Firewall Feature (Cont.) ASA Threat Control 9.1.1.3 Advanced ASA Firewall Feature (Cont.)

Review of Firewalls in Network Design Permitted Traffic 9.1.1.4 Review of Firewalls in Network Design DeniedTraffic

ASA Firewall Modes of Operation Routed Mode Transparent Mode 9.1.1.5 ASA Firewall Modes of Operation

ASA Licensing Requirements Base License Specifics 9.1.1.6 ASA Licensing Requirements

ASA Licensing Requirements (Cont.) Security Plus License Specifics 9.1.1.6 ASA Licensing Requirements (Cont.)

ASA Licensing Requirements show version Command Output 9.1.1.6 ASA Licensing Requirements

Topic 9.1.2: Basic ASA Configuration

Overview of ASA 5505 ASA 5505 Back Panel ASA 5505 Front Panel

ASA Security Levels Security Level Control: Network Access Inspection Engines Application Filtering 9.1.2.2 ASA Security Levels

ASA 5505 Deployment Scenarios ASA Deployment in a Small Branch 9.1.2.3 ASA 5505 Deployment Scenarios ASA Deployment in a Small Business

ASA 5505 Deployment Scenarios (Cont.) ASA Deployment in an Enterprise 9.1.2.3 ASA 5505 Deployment Scenarios (Cont.)

Section 9.2: ASA Firewall Configuration Upon completion of this section, you should be able to: Explain what ASA firewall services are enabled using the default configuration. Configure an ASA to provide basic firewall services. Configure object groups on an ASA. Configure access lists with object groups on an ASA. Configure an ASA to provide NAT services. Configure access control using the local database and AAA server. Explain how the Cisco Modular Framework (MPF) is used to configure ASA policies.

Topic 9.2.1: The ASA Firewall Configuration

Introduce Basic ASA Settings Base License Specifics 9.2.1.1 Introduce Basic ASA Settings Security Plus License Specifics

Introduce Basic ASA Settings (Cont.) show version Command Output 9.2.1.1 Introduce Basic ASA Settings (Cont.)

ASA Default Configuration ASA 5505 Default Configuration Overview. 9.2.1.2 ASA Default Configuration

ASA Interactive Setup Initialization Wizard Entering the ASA 5505 Setup Initialization Wizard 9.2.1.3 ASA Interactive Setup Initialization Wizard

Topic 9.2.2: Configuring Management Settings and Services

Enter Global Configuration Mode Entering Global Configuration Mode Example 9.2.2.1 Enter Global Configuration Mode

Configuring Basic Settings ASA Basic Configuration Commands 9.2.2.2 Configuring Basic Settings

Configuring Basic Settings (Cont.) Enabling AES Encryption Example

Configuring Logical VLAN Interfaces Local VLAN Interface Commands 9.2.2.3 Configuring Logical VLAN Interfaces Configuring IP Addresses on VLAN Interfaces

Configuring Logical VLAN Interfaces (Cont.) Configuring VLAN Interfaces Example 9.2.2.3 Configuring Logical VLAN Interfaces (Cont.)

Assigning Layer 2 Ports to VLANs Configuring Layer 2 Ports Example 9.2.2.4 Assigning Layer 2 Ports to VLANs Verifying VLAN Port Assignment Example

Assigning Layer 2 Ports to VLANs (Cont.) Verifying Interfaces Example 9.2.2.4 Assigning Layer 2 Ports to VLANs (Cont.) Verifying IP Addresses Example

Configuring a Default Static Route

Configuring Remote Access Services Telnet Configuration Commands Telnet Configuration Commands Example 9.2.2.6 Configuring Remote Access Services

Configuring Remote Access Services (Cont.) SSH Configuration Commands 9.2.2.6 Configuring Remote Access Services (Cont.) Configuring SSH Access Example

Configuring Network Time Protocol Services NTP Authentication Commands Configuring NTP Example 9.2.2.7 Configuring Network Time Protocol Services

Configuring DHCP Services DHCP Server Commands Configuring DHCP Server Example 9.2.2.8 Configuring DHCP Services

Topic 9.2.3: Object Groups

Introduction to Objects and Object Groups

Configuring Network Objects Network Object Commands Configuring a Network Object Example 9.2.3.2 Configuring Network Objects

Configuring Service Objects Service Object Options Example 9.2.3.3 Configuring Service Objects

Configuring Service Objects (Cont.) Common Service Object Commands Configuring a Service Object Example 9.2.3.3 Configuring Service Objects (Cont.)

Object Groups 9.2.3.4 Object Groups

Configuring Common Object Groups Network Object Group Example 9.2.3.5 Configuring Common Object Groups ICMP-type Object Group Example

Configuring Common Object Groups (Cont.) Services Object Group Example 9.2.3.5 Configuring Common Object Groups (Cont.) 9.2.3.6 Activity – Identify Types of Object Groups

Configuring Common Object Groups (Cont.) Services Object Group Example 9.2.3.5 Configuring Common Object Groups (Cont.) 9.2.3.6 Activity – Identify Types of Object Groups

Topic 9.2.4: ACLS

ASA ACLs ASA ACL and IOS ACL Similarities

Types of ASA ACL Filtering Higher Levels Allowed To Lower Levels 9.2.4.2 Types of ASA ACL Filtering Lower Levels Denied To Higher Levels

Types of ASA ACLs Extended ACL Examples Standard ACL Example IPv6 ACL Example

Configuring ACLs ACL Command Parameters 9.2.4.4 Configuring ACLs

Configuring ACLs (Cont.) Condensed Extended ACL Syntax 9.2.4.4 Configuring ACLs (Cont.)

Configuring ACLs (Cont.) ASA ACL Elements 9.2.4.4 Configuring ACLs (Cont.)

Applying ACLs access-group Command Syntax 9.2.4.5 Applying ACLs

ACLs and Object Groups ACL Reference Topology

ACLs and Object Groups (Cont.) Extended ACL Configuration Example 9.2.4.6 ACLs and Object Groups (Cont.) Verifying the ACL

ACL Using Object Groups Examples Condensed Extended ACL Syntax with Object Groups ACL Reference Topology 9.2.4.7 ACL Using Object Groups Examples

ACL Using Object Groups Examples ACL and Object Group Configuration Example 9.2.4.7 ACL Using Object Groups Examples Verifying the ACL and Object Group Configuration Example

Topic 9.2.5: NAT Services on an ASA

ASA NAT Overview Types of NAT Deployments: Inside NAT Outside NAT Bidirectional NAT 9.2.5.1 ASA NAT Overview

Configuring Dynamic NAT Dynamic NAT Reference Topology 9.2.5.2 Configuring Dynamic NAT

Configuring Dynamic NAT (Cont.) Dynamic NAT Configuration Example Enable Return Traffic Example 9.2.5.2 Configuring Dynamic NAT (Cont.) Verifying the Dynamic NAT Configuration Example

Configuring Dynamic PAT Dynamic PAT Configuration Example Verifying the Dynamic PAT Configuration Example 9.2.5.3 Configuring Dynamic PAT

Configuring Static NAT Configure the DMZ Interface Example 9.2.5.4 Configuring Static NAT Static NAT Configuration Example

Configuring Static NAT (Cont.) Verifying the Static NAT Configuration Example 9.2.5.4 Configuring Static NAT (Cont.)

Topic 9.2.6: AAA

AAA Review 9.2.6.1 AAA Review

Local Database and Servers RADIUS and TACACS+ Server Commands Sample AAA TACACS+ Server Configuration 9.2.6.2 Local Database and Servers

AAA Configuration 9.2.6.3 AAA Configuration

Topic 9.2.7: Service Policies on an ASA

Overview of MPF 9.2.7.1 Overview of MBF

Configuring Class Maps

Define and Activate a Policy Implementing Modular Policy Framework 9.2.7.3 Define and Activate a Policy

ASA Default Policy Default Service Policy Configuration

Section 9.3: Summary Chapter Objectives: Explain how the ASA operates as an advanced stateful firewall. Implement an ASA firewall configuration. 9.3.1.1 Packet Tracer – Configure ASA Basic Settings and Firewall Using CLI 9.3.1.2 Lab – Configure ASA Basic Settings and Firewall Using CLI 9.3.1.3 Chapter 9: Implementing the Cisco Adaptive Security Appliance

Instructor Resources Remember, there are helpful tutorials and user guides available via your NetSpace home page. (https://www.netacad.com) These resources cover a variety of topics including navigation, assessments, and assignments. A screenshot has been provided here highlighting the tutorials related to activating exams, managing assessments, and creating quizzes. 1 2 https://www.netacad.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.