Deploying Cisco ASA v8.4(1) Firewall Solutions (FIREWALL v2.0)

Request a Quote for this class

About this Course

The Deploying Cisco ASA Firewall Solutions (FIREWALL) v2.0 course is part of the curriculum path leading to the Cisco Certified Network Professional Security (CCNP Security) certification. It is a five-day instructor-led course that is aimed at providing network security engineers with the knowledge and skills that are needed to implement and maintain perimeter solutions that are based on Cisco ASA v8.4(1) security appliances. At the end of the course, students will be able to reduce risk to their IT infrastructure and applications using Cisco ASA v8.4(1) security appliance features, and provide detailed operations support for the Cisco ASA v8.4(1) security appliance.

Audience Profile

The primary audience for this course is as follows:

  • Network Security Engineers

At Course Completion

Upon completing this course, the learner will be able to meet these overall objectives:

  • Evaluate the basic firewall technology, features, hardware models, and licensing options of the Cisco ASA security appliance
  • Implement and troubleshoot basic Cisco ASA security appliance connectivity and device management plane features
  • Configure and verify Cisco ASA security appliance network integration
  • Configure and verify Cisco ASA security appliance policy
  • Configure and verify high availability and virtualization on Cisco ASA security appliances

Prerequisites

The knowledge and skills a learner must have before attending this course include the following:

  • Cisco Certified Network Associate (CCNA) certification
  • Cisco Certified Network Associate Security (CCNA Security) certification
  • Working knowledge of the Microsoft Windows operating system

Course Outline

Module 1: Cisco ASA Adaptive Security Appliance Essentials

Lesson 1: Evaluating Cisco ASA Adaptive Security Appliance Technologies

      • Firewalls and Security Domains
      • Firewall Technologies
      • Cisco ASA Adaptive Security Appliance Features

Lesson 2: Identifying Cisco ASA Adaptive Security Appliance Families

      • Cisco ASA Adaptive Security Appliance Hardware
      • Cisco ASA Appliance SSMs

Lesson 3: Identifying Cisco ASA Adaptive Security Appliance Licensing Options

    • Cisco ASA Adaptive Security Appliance Licensing Options
    • Cisco ASA Adaptive Security Appliance Licensing Requirements

Module 2: Basic Connectivity and Device Management

Lesson 1: Preparing the Cisco ASA Adaptive Security Appliance for Network Integration

      • Managing the Cisco ASA Adaptive Security Appliance Boot Process
      • Managing the Cisco ASA Adaptive Security Appliance Using the CLI
      • Managing the Cisco ASA Adaptive Security Appliance Using Cisco ASDM
      • Navigating Basic Cisco ASDM Features
      • Managing the Cisco ASA Adaptive Security Appliance Basic Upgrade

Lesson 2: Managing Basic Cisco ASA Adaptive Security Appliance Network Settings

      • Managing Cisco ASA Adaptive Security Appliance Security Levels
      • Configuring and Verifying Basic Connectivity Parameters
      • Configuring and Verifying Interface VLANs
      • Configuring a Default Route
      • Configuring and Verifying the Cisco ASA Security Appliance DHCP Server
      • Troubleshooting Basic Connectivity

Lesson 3: Configuring Cisco ASA Adaptive Security Appliance Device Management Features

    • Configuring and Verifying Basic Device Management Settings
    • File System Management Overview
    • Managing Cisco ASA Software and Feature Activation
    • Configuring and Verifying Time Settings
    • Configuring and Verifying Event and Session Logging
    • Configuring and Verifying Remote Management Channels
    • Configuring and Verifying AAA for Management Access
    • Troubleshooting AAA for Management Access

Module 3: Network Integration

Lesson 1: Configuring Cisco ASA Adaptive Security Appliance NAT Features

      • NAT on Cisco ASA Software Version 8.2 and Earlier
      • NAT on Cisco ASA Software Version 8.3 and Later
      • Configuring Object (Auto) NAT
      • Configuring Manual NAT
      • Tuning and Troubleshooting NAT on the Cisco ASA Adaptive Security Appliance

Lesson 2: Configuring Cisco ASA Adaptive Security Appliance Basic Access Control Features

      • Connection Table and Local Host Table
      • Configuring and Verifying Interface ACLs
      • Configuring and Verifying Global ACLs
      • Configuring and Verifying Object Groups
      • Configuring and Verifying Public Servers
      • Configuring and Verifying Other Basic Access Controls
      • Troubleshooting ACLs

Lesson 3: Configuring Cisco ASA Adaptive Security Appliance Routing Features

      • Static Routing
      • Dynamic Routing
      • EIGRP Configuration and Verification
      • Multicast Support

Lesson 4: Configuring the Cisco ASA Adaptive Security Appliance Transparent Firewall

    • Transparent Firewall Essentials
    • Configuring and Verifying Transparent Firewall Mode
    • Configuring and Verifying Transparent Firewall Layer 3 Through Layer 7 Access Controls
    • Configuring and Verifying Transparent Firewall Layer 2 Access Controls
    • Troubleshooting Transparent Firewall

Module 4: Cisco ASA Adaptive Security Appliance Policy Control

Lesson 1: Defining the Cisco ASA Adaptive Security Appliance MPF

      • Cisco MPF Overview
      • Configuring and Verifying Layer 3 and Layer 4 Policies
      • Configuring and Verifying a Policy for Management Traffic

Lesson 2: Configuring Cisco ASA Adaptive Security Appliance Connection Policy and QoS Settings

      • Basic Stateful Inspection Tuning Features
      • Tuning Basic OSI Layer 3 and Layer 4 Inspection
      • Configuring and Verifying Advanced Connection Settings
      • Configuring and Verifying Support for Dynamic Protocols
      • Configuring the Botnet Traffic Filter
      • Configuring QoS on the Cisco ASA Adaptive Security Appliance
      • Troubleshooting OSI Layer 3 and Layer 4 Inspection

Lesson 3: Configuring Cisco ASA Adaptive Security Appliance Advanced Application Inspections

      • Layer 5 to Layer 7 Policy Control Overview
      • Configuring and Verifying HTTP Inspection
      • Configuring and Verifying FTP Inspection
      • Supporting Other Layer 5 to Layer 7 Applications
      • Troubleshooting Application Layer Inspection

Lesson 4: Configuring Cisco ASA Adaptive Security Appliance User-Based Policies

    • AAA and Cut-Through Proxy Overview
    • Configuring and Verifying Cut-Through Proxy Authentication
    • Configuring Authentication Prompts and Timeouts
    • Configuring and Verifying Cut-Through Proxy Authorization
    • Configuring and Verifying Cut-Through Proxy Accounting
    • Troubleshooting Cut-Through Proxy Operations

Module 5: Cisco ASA Adaptive Security Appliance High Availability and Virtualization

Lesson 1: Configuring Cisco ASA Adaptive Security Appliance Interface Redundancy Features

      • Configuring and Verifying EtherChannel
      • Configuring and Verifying Redundant Interfaces
      • Troubleshooting EtherChannel and Redundant Interfaces

Lesson 2: Configuring Cisco ASA Adaptive Security Appliance Active/Standby High Availability

      • Configuration Choices, Basic Procedures, and Required Input Parameters
      • Configuring and Verifying Active/Standby Failover
      • Tuning and Managing Active/Standby Failover
      • Remote Command Execution
      • Troubleshooting Active/Standby Failover

Lesson 3: Configuring Security Contexts on the Cisco ASA Adaptive Security Appliance

      • Multiple-Context Mode
      • Configuring Security Contexts
      • Verifying and Managing Security Contexts
      • Configuring and Verifying Resource Management
      • Troubleshooting Security Contexts

Lesson 4: Configuring Cisco ASA Adaptive Security Appliance Active/Active High Availability

    • Active/Active Failover
    • Configuring and Verifying Active/Active Failover
    • Tuning and Managing Active/Active Failover
    • Troubleshooting Active/Active Failover

Lab Outline

  • Lab 2-1: Preparing the Cisco ASA Adaptive Security Appliance for Network Integration
  • Lab 2-2: Configuring the Cisco ASA Adaptive Security Appliance for Secure Network Integration
  • Lab 2-3: Configuring Management Features
  • Lab 3-1: Configuring NAT
  • Lab 3-2: Configuring Basic Cisco Access Control Features
  • Lab 3-3: Configuring Transparent Firewall (Optional)
  • Lab 4-1: Configuring MPF, Basic Stateful Inspections, and QoS
  • Lab 4-2: Configuring MPF Advanced Application Inspections
  • Lab 4-3: Configuring Cut-Through Proxy
  • Lab 5-1: Configuring Active/Standby High Availability
  • Lab 5-2: Configuring Active/Active High Availability