Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 9: Implementing the Cisco Adaptive Security Appliance

Published byCollin Hancock Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 9: Implementing the Cisco Adaptive Security Appliance"— Presentation transcript:

1 Chapter 9: Implementing the Cisco Adaptive Security Appliance
CCNA Security v2.0

2 Chapter Outline 9.0 Introduction 9.1 Introduction to the ASA
9.2 ASA Firewall Configuration 9.3 Summary Chapter Outline

3 Section 9.1: Introduction to the ASA
Upon completion of this section, you should be able to: Compare ASA solutions to other routing firewall technologies. Explain ASA 5505 operation with the default configuration.

4 Topic 9.1.1: ASA Solutions

5 ASA Firewall Models Small Office and Branch Office ASA Models

6 ASA Firewall Models (Cont.)
Internet Edge Models ASA Firewall Models (Cont.)

7 ASA Firewall Models (Cont.)
Enterprise Data Center Models ASA Firewall Models (Cont.) Cisco ASA Next-Generation Firewall Appliances: Video - Introducing Cisco ASA with FirePOWER Services

8 Advanced ASA Firewall Feature
ASA Virtualization Advanced ASA Firewall Feature

9 Advanced ASA Firewall Feature (Cont.)
High Availability Advanced ASA Firewall Feature (Cont.)

10 Advanced ASA Firewall Feature (Cont.)
Identity Firewall Advanced ASA Firewall Feature (Cont.)

11 Advanced ASA Firewall Feature (Cont.)
ASA Threat Control Advanced ASA Firewall Feature (Cont.)

12 Review of Firewalls in Network Design
Permitted Traffic Review of Firewalls in Network Design DeniedTraffic

13 ASA Firewall Modes of Operation
Routed Mode Transparent Mode ASA Firewall Modes of Operation

14 ASA Licensing Requirements
Base License Specifics ASA Licensing Requirements

15 ASA Licensing Requirements (Cont.)
Security Plus License Specifics ASA Licensing Requirements (Cont.)

16 ASA Licensing Requirements
show version Command Output ASA Licensing Requirements

17 Topic 9.1.2: Basic ASA Configuration

18 Overview of ASA 5505 ASA 5505 Back Panel ASA 5505 Front Panel

19 ASA Security Levels Security Level Control: Network Access
Inspection Engines Application Filtering ASA Security Levels

20 ASA 5505 Deployment Scenarios
ASA Deployment in a Small Branch ASA 5505 Deployment Scenarios ASA Deployment in a Small Business

21 ASA 5505 Deployment Scenarios (Cont.)
ASA Deployment in an Enterprise ASA 5505 Deployment Scenarios (Cont.)

22 Section 9.2: ASA Firewall Configuration
Upon completion of this section, you should be able to: Explain what ASA firewall services are enabled using the default configuration. Configure an ASA to provide basic firewall services. Configure object groups on an ASA. Configure access lists with object groups on an ASA. Configure an ASA to provide NAT services. Configure access control using the local database and AAA server. Explain how the Cisco Modular Framework (MPF) is used to configure ASA policies.

23 Topic 9.2.1: The ASA Firewall Configuration

24 Introduce Basic ASA Settings
Base License Specifics Introduce Basic ASA Settings Security Plus License Specifics

25 Introduce Basic ASA Settings (Cont.)
show version Command Output Introduce Basic ASA Settings (Cont.)

26 ASA Default Configuration
ASA 5505 Default Configuration Overview. ASA Default Configuration

27 ASA Interactive Setup Initialization Wizard
Entering the ASA 5505 Setup Initialization Wizard ASA Interactive Setup Initialization Wizard

28 Topic 9.2.2: Configuring Management Settings and Services

29 Enter Global Configuration Mode
Entering Global Configuration Mode Example Enter Global Configuration Mode

30 Configuring Basic Settings
ASA Basic Configuration Commands Configuring Basic Settings

31 Configuring Basic Settings (Cont.)
Enabling AES Encryption Example

32 Configuring Logical VLAN Interfaces
Local VLAN Interface Commands Configuring Logical VLAN Interfaces Configuring IP Addresses on VLAN Interfaces

33 Configuring Logical VLAN Interfaces (Cont.)
Configuring VLAN Interfaces Example Configuring Logical VLAN Interfaces (Cont.)

34 Assigning Layer 2 Ports to VLANs
Configuring Layer 2 Ports Example Assigning Layer 2 Ports to VLANs Verifying VLAN Port Assignment Example

35 Assigning Layer 2 Ports to VLANs (Cont.)
Verifying Interfaces Example Assigning Layer 2 Ports to VLANs (Cont.) Verifying IP Addresses Example

36 Configuring a Default Static Route

37 Configuring Remote Access Services
Telnet Configuration Commands Telnet Configuration Commands Example Configuring Remote Access Services

38 Configuring Remote Access Services (Cont.)
SSH Configuration Commands Configuring Remote Access Services (Cont.) Configuring SSH Access Example

39 Configuring Network Time Protocol Services
NTP Authentication Commands Configuring NTP Example Configuring Network Time Protocol Services

40 Configuring DHCP Services
DHCP Server Commands Configuring DHCP Server Example Configuring DHCP Services

41 Topic 9.2.3: Object Groups

42 Introduction to Objects and Object Groups

43 Configuring Network Objects
Network Object Commands Configuring a Network Object Example Configuring Network Objects

44 Configuring Service Objects
Service Object Options Example Configuring Service Objects

45 Configuring Service Objects (Cont.)
Common Service Object Commands Configuring a Service Object Example Configuring Service Objects (Cont.)

46 Object Groups Object Groups

47 Configuring Common Object Groups
Network Object Group Example Configuring Common Object Groups ICMP-type Object Group Example

48 Configuring Common Object Groups (Cont.)
Services Object Group Example Configuring Common Object Groups (Cont.) Activity – Identify Types of Object Groups

49 Configuring Common Object Groups (Cont.)
Services Object Group Example Configuring Common Object Groups (Cont.) Activity – Identify Types of Object Groups

50 Topic 9.2.4: ACLS

51 ASA ACLs ASA ACL and IOS ACL Similarities

52 Types of ASA ACL Filtering
Higher Levels Allowed To Lower Levels Types of ASA ACL Filtering Lower Levels Denied To Higher Levels

53 Types of ASA ACLs Extended ACL Examples Standard ACL Example
IPv6 ACL Example

54 Configuring ACLs ACL Command Parameters Configuring ACLs

55 Configuring ACLs (Cont.)
Condensed Extended ACL Syntax Configuring ACLs (Cont.)

56 Configuring ACLs (Cont.)
ASA ACL Elements Configuring ACLs (Cont.)

57 Applying ACLs access-group Command Syntax Applying ACLs

58 ACLs and Object Groups ACL Reference Topology

59 ACLs and Object Groups (Cont.)
Extended ACL Configuration Example ACLs and Object Groups (Cont.) Verifying the ACL

60 ACL Using Object Groups Examples
Condensed Extended ACL Syntax with Object Groups ACL Reference Topology ACL Using Object Groups Examples

61 ACL Using Object Groups Examples
ACL and Object Group Configuration Example ACL Using Object Groups Examples Verifying the ACL and Object Group Configuration Example

62 Topic 9.2.5: NAT Services on an ASA

63 ASA NAT Overview Types of NAT Deployments: Inside NAT Outside NAT
Bidirectional NAT ASA NAT Overview

64 Configuring Dynamic NAT
Dynamic NAT Reference Topology Configuring Dynamic NAT

65 Configuring Dynamic NAT (Cont.)
Dynamic NAT Configuration Example Enable Return Traffic Example Configuring Dynamic NAT (Cont.) Verifying the Dynamic NAT Configuration Example

66 Configuring Dynamic PAT
Dynamic PAT Configuration Example Verifying the Dynamic PAT Configuration Example Configuring Dynamic PAT

67 Configuring Static NAT
Configure the DMZ Interface Example Configuring Static NAT Static NAT Configuration Example

68 Configuring Static NAT (Cont.)
Verifying the Static NAT Configuration Example Configuring Static NAT (Cont.)

69 Topic 9.2.6: AAA

70 AAA Review AAA Review

71 Local Database and Servers
RADIUS and TACACS+ Server Commands Sample AAA TACACS+ Server Configuration Local Database and Servers

72 AAA Configuration AAA Configuration

73 Topic 9.2.7: Service Policies on an ASA

74 Overview of MPF Overview of MBF

75 Configuring Class Maps

76 Define and Activate a Policy
Implementing Modular Policy Framework Define and Activate a Policy

77 ASA Default Policy Default Service Policy Configuration

78 Section 9.3: Summary Chapter Objectives:
Explain how the ASA operates as an advanced stateful firewall. Implement an ASA firewall configuration. Packet Tracer – Configure ASA Basic Settings and Firewall Using CLI Lab – Configure ASA Basic Settings and Firewall Using CLI Chapter 9: Implementing the Cisco Adaptive Security Appliance

79

80 Instructor Resources Remember, there are helpful tutorials and user guides available via your NetSpace home page. ( These resources cover a variety of topics including navigation, assessments, and assignments. A screenshot has been provided here highlighting the tutorials related to activating exams, managing assessments, and creating quizzes. 1 2

Download ppt "Chapter 9: Implementing the Cisco Adaptive Security Appliance"

Similar presentations

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Troubleshooting Working at a Small-to-Medium Business or ISP – Chapter 9.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Troubleshooting Working at a Small-to-Medium Business or ISP – Chapter 9.
Sybex CCNA 640-802 Chapter 11: Network Address Translation Instructor & Todd Lammle.

Sybex CCNA Chapter 11: Network Address Translation Instructor & Todd Lammle.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.

Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 8 – PIX Security Appliance Contexts, Failover, and Management.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 8 – PIX Security Appliance Contexts, Failover, and Management.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Providing Teleworker Services Accessing the WAN – Chapter 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Providing Teleworker Services Accessing the WAN – Chapter 6.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Cisco Certified Network Associate CCNA 640-802 Access the WAN Asst.Prof. It-arun.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Cisco Certified Network Associate CCNA Access the WAN Asst.Prof. It-arun.
Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.

Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.
Introduction to Network Address Translation

Introduction to Network Address Translation
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 NGWC – Central Webauth (CWA) using ISE 3850 and 5760 Viten Patel – RTP Wireless.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 NGWC – Central Webauth (CWA) using ISE 3850 and 5760 Viten Patel – RTP Wireless.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Chapter 11: Managing a Secure Network

Chapter 11: Managing a Secure Network
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)

1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
Cisco ASA 5505 Joseph Cicero Northeast Wisconsin Technical College.

Cisco ASA 5505 Joseph Cicero Northeast Wisconsin Technical College.
Chapter 5: Implementing Intrusion Prevention

Chapter 5: Implementing Intrusion Prevention
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

Similar presentations

Ads by Google