Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 10: Advanced Cisco Adaptive Security Appliance

Published byEgon Orsós Modified over 6 years ago

Similar presentations

Presentation on theme: "Chapter 10: Advanced Cisco Adaptive Security Appliance"— Presentation transcript:

1 Chapter 10: Advanced Cisco Adaptive Security Appliance
CCNA Security v2.0

2 Chapter Outline 10.0 Introduction 10.1 ASA Security Device Manager
10.2 ASA VPN Configuration 10.3 Summary Chapter Outline

3 Section 10.1: ASA Security Device Manager
Upon completion of this section, you should be able to: Configure an ASA to provide basic firewall services using ASDM. Configure an ASA to provide additional firewall services using ASDM wizards. Configure management settings and services in an ASA using ASDM. Configure object groups on an ASA.

4 Topic 10.1.1: Introduction to ASDM

5 Overview of ASDM Overview of ASDM

6 Preparing for ASDM Preparing the ASA 5505
Verify Connectivity to the ASA

7 Starting ASDM ASDM Security Certificate ASDM Launch Window

8 Starting ASDM (Cont.) ASDM Security Warning - 1

9 Starting ASDM (Cont.) Authenticate to Use ASDM Smart Call Home Window

10 ASDM Home Page Dashboards
ASDM Device Dashboard Page ASDM Home Page Dashboards

11 ASDM Home Page Dashboards (Cont.)
ASDM Firewall Dashboard Page ASDM Home Page Dashboards (Cont.)

12 ASDM Page Elements ASDM Page Elements

13 ASDM Configuration and Monitoring Views
Configuration View ASDM Configuration and Monitoring Views

14 ASDM Configuration and Monitoring Views (Cont.)

15 Configure and Access on an ASA5505

16 Topic 10.1.2: ASDM Wizard Menu

17 ASDM Wizards ASDM Wizards

18 The Startup Wizard Startup Wizard Starting Point Window
Startup Wizard Basic Configuration Window

19 The Startup Wizard (Cont.)
Startup Wizard Interface Selection Window The Startup Wizard (Cont.) Startup Wizard Switch Port Allocation Window

20 The Startup Wizard (Cont.)
Startup Wizard Interface IP Address Configuration Window The Startup Wizard (Cont.) Startup Wizard DHCP Server Window

21 The Startup Wizard (Cont.)
Startup Wizard Address Translation (NAT/PAT) Window The Startup Wizard (Cont.) Startup Wizard Administrative Access Window

22 The Startup Wizard (Cont.)
Startup Wizard Summary Window The Startup Wizard (Cont.)

23 Different Types of VPN Wizards
ASDM VPN Wizards Different Types of VPN Wizards ASDM Remote Access VPN Assistant

24 Other Wizards 10.1.2.4 Other Wizards
Activity – Configuring a Site-to-Site IPsec VPN Using ISR CLI and ASA ASDM

25 Topic 10.1.3: Configuring Management Settings and Services

26 Configuring Settings in ASDM
Configuration Device Setup Tab Configuring Settings in ASDM

27 Configuring Settings in ASDM (Cont.)
Configuration Device Management Tab Configuring Settings in ASDM (Cont.)

28 Configuring Basic Settings in ASDM
Configuring Hostname, Domain Name, and Enable Password Configuring Basic Settings in ASDM Configuring a Master Passphrase

29 Configuring Basic Settings in ASDM (Cont.)
Configuring Legal Notification Configuring Basic Settings in ASDM (Cont.)

30 Configuring Interfaces in ASDM

31 Configuring Interfaces in ASDM (Cont.)
Adding an Outside Interface Change Switch Port Window Configuring Interfaces in ASDM (Cont.)

32 Configuring Interfaces in ASDM (Cont.)
Adding an Outside Interface Configuring Interfaces in ASDM (Cont.)

33 Configuring Interfaces in ASDM (Cont.)
Advanced Outside Interface Settings Updated Interface Page Configuring Interfaces in ASDM (Cont.)

34 Configuring Interfaces in ASDM (Cont.)
Verifying Interfaces Configuring Interfaces in ASDM (Cont.)

35 Configuring Interfaces in ASDM (Cont.)
Enable Switch Ports Configuring Interfaces in ASDM (Cont.) Apply Configuration

36 Configuring the System Time in ASDM
Manually Change the System Time Configuring the System Time in ASDM Use NTP to Change the System Time

37 Configuring the System Time in ASDM (Cont.)
Add an NTP Server Configuring the System Time in ASDM (Cont.) Configure an NTP Server

38 Configuring the System Time in ASDM (Cont.)
Apply the Configuration Configuring the System Time in ASDM (Cont.)

39 Configuring Routing in ASDM
Configuring a Default Static Route

40 Configuring Routing in ASDM (Cont.)
Add or Edit Route Window Add Static Route Details Configuring Routing in ASDM (Cont.)

41 Configuring Routing in ASDM (Cont.)
Apply the Configuration Configuring Routing in ASDM (Cont.)

42 Configuring Device Management Access in ASDM
Configure ASDM/HTTPS/Telnet/SSH Access Configuring Device Management Access in ASDM

43 Configuring Device Management Access in ASDM (Cont.)
Add Device Access Configuration Window Configure SSH Settings Configuring Device Management Access in ASDM (Cont.)

44 Configuring DHCP Services in ASDM
DHCP Server Page Configuring DHCP Services in ASDM

45 Configuring DHCP Services in ASDM (Cont.)
Edit DHCP Server Window Configuring DHCP Services in ASDM (Cont.)

46 Configuring DHCP Services in ASDM (Cont.)
Configuring DHCP Server Services Configuring DHCP Services in ASDM (Cont.)

47 Configuring DHCP Services in ASDM (Cont.)
Verifying DHCP Server Services Configuring DHCP Services in ASDM (Cont.)

48 Topic 10.1.4: Configuring Advanced ASDM Features

49 Objects in ASDM Network Objects/Groups Page Objects in ASDM

50 Objects in ASDM (Cont.) Adding a Network Object/Group
Add Network Object Window

51 Objects in ASDM (Cont.) Add Network Object Group Window

52 Objects in ASDM (Cont.) Service Objects/Group Page

53 Objects in ASDM (Cont.) Adding a Service Object/Group
Add Service Object Window

54 Objects in ASDM (Cont.) Add Service Object Group Window

55 Configuring ACLs Using ASDM
ACLs in ASDM Configuring ACLs Using ASDM

56 Configuring ACLs Using ASDM (Cont.)
Add Access Rule Window Diagramming Access Rules Configuring ACLs Using ASDM (Cont.)

57 Configuring Dynamic NAT in ASDM
Add Network Object Window Configuring Dynamic NAT in ASDM Creating a Network Object for Public Addresses

58 Configuring Dynamic NAT in ASDM (Cont.)
Creating a Network Object for Dynamic NAT Configuring Dynamic NAT in ASDM (Cont.)

59 Configuring Dynamic PAT in ASDM

60 Configuring Static NAT in ASDM
Advanced Static NAT Settings in ASDM Configuring Static NAT in ASDM

61 Configuring AAA Authentication
User Accounts Page Configuring AAA Authentication

62 Configuring AAA Authentication (Cont.)
Add User Account Window Configuring AAA Authentication (Cont.)

63 Configuring AAA Authentication (Cont.)
AAA Server Groups Page Configuring AAA Authentication (Cont.)

64 Configuring AAA Authentication (Cont.)
Add AAA Server Group Window Add AAA Server Window Configuring AAA Authentication (Cont.)

65 Configuring AAA Authentication (Cont.)
Completed AAA Server Groups Window Configuring AAA Authentication (Cont.)

66 Configuring AAA Authentication (Cont.)
AAA Access Page Configuring AAA Authentication (Cont.)

67 Configuring AAA Authentication (Cont.)
AAA Access > Authentication Window Configuring AAA Authentication (Cont.)

68 Configuring a Service Policy Using ASDM
Service Policy in ASDM Configuring a Service Policy Using ASDM

69 Configuring a Service Policy Using ASDM (Cont.)
Configure a Service Policy Configuring a Service Policy Using ASDM (Cont.)

70 Configuring a Service Policy Using ASDM (Cont.)
Configure Traffic Classification Criteria Configuring a Service Policy Using ASDM (Cont.)

71 Configuring a Service Policy Using ASDM (Cont.)
Configure Actions Configuring a Service Policy Using ASDM (Cont.) Lab – Configuring a Service Policy Using ASDM

72 Section 10.2: ASA VPN Configuration
Upon completion of this section, you should be able to: Explain how the ASA supports site-to-site VPNs. Configure remote-access VPNs on an ASA. Configure remote-access VPN support using a clientless SSL VPN. Configure remote-access VPN support using Cisco AnyConnect.

73 Topic 10.2.1: Site-to-Site VPNs

74 ASA Support for Site-to-Site VPNs

75 ASA Site-to-Site VPNs Using ASDM

76 Configuring the ISR Site-to-Site VPNs Using the CLI
Basic ISR Configuration Configure the ISAKMP Policy Configuring Site-to-Site VPNs Using the CLI

77 Configuring the ISR Site-to-Site VPNs Using the CLI (Cont.)
Configure the IPsec and VPN ACL Configure and Apply the Crypto Map Configuring Site-to-Site VPNs Using the CLI (Cont.)

78 Configuring the ASA Site-to-Site VPNs Using ASDM
Basic ISR Configuration Configuring the ASA Site-to-Site VPNs Using ASDM

79 Configuring the ASA Site-to-Site VPNs Using ASDM (Cont.)
Introduction Window Configuring the ASA Site-to-Site VPNs Using ASDM (Cont.) Peer Device Identification Window

80 Configuring the ASA Site-to-Site VPNs Using ASDM (Cont.)
Traffic to Protect Window Configuring the ASA Site-to-Site VPNs Using ASDM (Cont.) Security Window

81 Configuring the ASA Site-to-Site VPNs Using ASDM (Cont.)
NAT Exempt Window Configuring the ASA Site-to-Site VPNs Using ASDM (Cont.) Summary Window

82 Verifying Site-to-Site VPNs Using ASDM

83 Test the Site-to-Site VPNs Using ASDM
Establish the VPN Tunnel Connection to the Remote Network Test the Site-to-Site VPNs Using ASDM

84 Test the Site-to-Site VPNs Using ASDM (Cont.)
Monitoring the VPN Tunnel Test the Site-to-Site VPNs Using ASDM (Cont.)

85 Test the Site-to-Site VPNs Using ASDM (Cont.)
Verify VPN Tunnel Connectivity from the External Host Test the Site-to-Site VPNs Using ASDM (Cont.) Lab – Test the Site-to-Site VPN using ASDM

86 Topic 10.2.2: Remote-Access VPNs

87 Remote-Access VPN Options

88 IPsec Versus SSL IPsec Versus SSL

89 IPsec Versus SSL (Cont.)
Comparing IPsec and SSL IPsec Versus SSL (Cont.)

90 ASA SSL VPNs Remote Access VPN Wizards ASA SSL VPNs

91 ASA SSL VPNs (Cont.) Cisco ASA SSL Remote Access VPN Solutions

92 Clientless SSL VPN Solution
Cisco ASA Clientless SSL VPN Deployment Clientless SSL VPN Solution

93 Clientless SSL VPN Solution (Cont.)
Clientless Login Web page Clientless SSL VPN Solution (Cont.) Web Portal Home Page

94 Client-Based SSL VPN Solution

95 Cisco AnyConnect Secure Mobility Client
AnyConnect Connection Window AnyConnect Authenticate Window Cisco AnyConnect Secure Mobility Client

96 Cisco AnyConnect Secure Mobility Client (Cont.)
AnyConnect Authenticated Window AnyConnect Statistics Window Cisco AnyConnect Secure Mobility Client (Cont.)

97 AnyConnect for Mobile Devices
Cisco AnyConnect Secure Mobility Client is available on the following platforms: iOS Android BlackBerry Windows Mobile AnyConnect for Mobile Devices

98 Topic 10.2.3: Configuring Clientless SSL VPN

99 Configuring Clientless SSL VPN on an ASA
ASDM Assistant Configuring Clientless SSL VPN on an ASA Clientless VPN Wizard

100 Sample Clientless VPN Topology

101 Clientless SSL VPN Clientless SSL VPN Introduction Window
SSL VPN Interface Window

102 Clientless SSL VPN (Cont.)
User Authentication Window Clientless SSL VPN (Cont.) Group Policy Window

103 Clientless SSL VPN (Cont.)
Bookmark List Window Clientless SSL VPN (Cont.) Configure GUI Customization Objects Window

104 Clientless SSL VPN (Cont.)
Add Bookmark List Window Clientless SSL VPN (Cont.) Select Bookmark Type Window

105 Clientless SSL VPN (Cont.)
Add Bookmark Window Clientless SSL VPN (Cont.) Revised Add Bookmark List Window

106 Clientless SSL VPN (Cont.)
Revised Configure GUI Customization Objects Window Clientless SSL VPN (Cont.) Revised Bookmark List Window

107 Clientless SSL VPN (Cont.)
Summary Window Clientless SSL VPN (Cont.)

108 Verifying Clientless SSL VPN

109 Testing the Clientless SSL VPN Connection
Security Certificate Window Testing the Clientless SSL VPN Connection Logon Window

110 Testing the Clientless SSL VPN Connection (Cont.)
Web Portal Home Page Testing the Clientless SSL VPN Connection (Cont.) Web Portal Web Access Page

111 Testing the Clientless SSL VPN Connection (Cont.)
Web Portal File Access Page Testing the Clientless SSL VPN Connection (Cont.) Log Out of the Web Portal

112 Viewing the Generated CLI Config

113 Topic 10.2.4: Configuring AnyConnect SSL VPN

114 Configuring SSL VPN AnyConnect
ASDM Assistant Client-Based VPN Wizard Configuring SSL VPN AnyConnect

115 Sample SSL VPN Topology

116 AnyConnect SSL VPN AnyConnect VPN Wizard Introduction Window
Connection Profile Identification Window

117 AnyConnect SSL VPN (Cont.)
VPN Protocols Window AnyConnect SSL VPN (Cont.)

118 AnyConnect SSL VPN (Cont.)
Client Images Window AnyConnect SSL VPN (Cont.) Add AnyConnect Client Image Window

119 AnyConnect SSL VPN (Cont.)
Browse Flash Window AnyConnect SSL VPN (Cont.) Add AnyConnect Client Image Window

120 AnyConnect SSL VPN (Cont.)
Completed Client Images Window AnyConnect SSL VPN (Cont.)

121 AnyConnect SSL VPN (Cont.)
Authentication Methods Window AnyConnect SSL VPN (Cont.)

122 AnyConnect SSL VPN (Cont.)
Client Address Management Window AnyConnect SSL VPN (Cont.) Add IPv4 Window

123 AnyConnect SSL VPN (Cont.)
Completed Client Address Management Window AnyConnect SSL VPN (Cont.) Network Name Resolution Servers Window

124 AnyConnect SSL VPN (Cont.)
Completed Network Name Resolution Servers Window AnyConnect SSL VPN (Cont.)

125 AnyConnect SSL VPN (Cont.)
NAT Exempt Window AnyConnect SSL VPN (Cont.) Completed NAT Exempt Window

126 AnyConnect SSL VPN (Cont.)
AnyConnect Client Deployment AnyConnect SSL VPN (Cont.) Summary Window

127 Verifying AnyConnect Connection
AnyConnect Connection Profiles Page Verifying AnyConnect Connection

128 Verifying AnyConnect Connection (Cont.)
Verifying the Client-Based Configuration Verifying AnyConnect Connection (Cont.)

129 Install the AnyConnect Client
Security Certificate Window Install the AnyConnect Client Logon Window

130 Install the AnyConnect Client (Cont.)
Cisco AnyConnect VPN Client Window Install the AnyConnect Client (Cont.) Manual Installation Window

131 Install the AnyConnect Client (Cont.)
Run Installer Window Install the AnyConnect Client (Cont.)

132 Install the AnyConnect Client (Cont.)
Cisco AnyConnect VPN Client Setup Window Install the AnyConnect Client (Cont.)

133 Install the AnyConnect Client (Cont.)
End-User Agreement Window User Account Control Security Window Install the AnyConnect Client (Cont.)

134 Install the AnyConnect Client (Cont.)
Ready to Install AnyConnect Client Installing the AnyConnect Client Install the AnyConnect Client (Cont.)

135 Install the AnyConnect Client (Cont.)
Complete Cisco AnyConnect VPN Installation Install the AnyConnect Client (Cont.)

136 Install the AnyConnect Client (Cont.)
Start the Cisco AnyConnect VPN Cisco Cisco AnyConnect VPN Client Window Install the AnyConnect Client (Cont.)

137 Install the AnyConnect Client (Cont.)
Cisco AnyConnect VPN Connect Window Certificate Security Warning Window Install the AnyConnect Client (Cont.)

138 Install the AnyConnect Client (Cont.)
Cisco AnyConnect VPN Authentication Window Cisco AnyConnect VPN Icon in System Tray Install the AnyConnect Client (Cont.)

139 Install the AnyConnect Client (Cont.)
Cisco AnyConnect VPN Client Status Verifying Connectivity to Internal Network Install the AnyConnect Client (Cont.)

140 Viewing the Generated CLI Config
AnyConnect SSL VPN Configuration settings: NAT WebVPN Group policy Tunnel group Viewing the Generated CLI Config Lab - Configure Clientless Remote Access SSL VPNs Using ASDM Lab - Configure AnyConnect Remote Access SSL VPNs Using ASDM

141 Section 10.3: Summary Chapter Objectives:
Implement an ASA firewall configuration. Configure remote-access VPNs on an ASA. Packet Tracer – Configure ASA Basic Settings and Firewall Using CLI Lab – Configure ASA Basic Settings and Firewall Using CLI Chapter 9: Implementing the Cisco Adaptive Security Appliance

142

143 Instructor Resources Remember, there are helpful tutorials and user guides available via your NetSpace home page. ( These resources cover a variety of topics including navigation, assessments, and assignments. A screenshot has been provided here highlighting the tutorials related to activating exams, managing assessments, and creating quizzes. 1 2

Download ppt "Chapter 10: Advanced Cisco Adaptive Security Appliance"

Similar presentations

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 LAN Connections Using the Cisco SDM.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 LAN Connections Using the Cisco SDM.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
CCNA 5.0 Planning Guide Chapter 7: Securing Site-to-Site Connectivity

CCNA 5.0 Planning Guide Chapter 7: Securing Site-to-Site Connectivity
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 CCNA 5.0 Planning Guide Chapter 5: Network Address Translation for IPv4.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 CCNA 5.0 Planning Guide Chapter 5: Network Address Translation for IPv4.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
1 The VPN Menu. 2 The VPN Menu VPN The GD eSeries can be set up either as an OpenVPN server or as a client, and even play both roles at the same time,

1 The VPN Menu. 2 The VPN Menu VPN The GD eSeries can be set up either as an OpenVPN server or as a client, and even play both roles at the same time,
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.

4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
ASA 5505 SSL VPN Joe Cicero Northeast Wisconsin Technical College.

ASA 5505 SSL VPN Joe Cicero Northeast Wisconsin Technical College.
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
Configuring Routing and Remote Access(RRAS) and Wireless Networking

Configuring Routing and Remote Access(RRAS) and Wireless Networking
© 2005,2006 NeoAccel Inc. Partners Presentation SSL VPN-Plus 2.0 Quick Start Guide.

© 2005,2006 NeoAccel Inc. Partners Presentation SSL VPN-Plus 2.0 Quick Start Guide.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 1 Scaling IP Addresses.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 1 Scaling IP Addresses.

Similar presentations

Ads by Google