» » » Cisco CCNP Security Firewall - Deploying Cisco ASA Firewall Solutions v2.0

Information of news
21-01-2015, 14:37

Cisco CCNP Security Firewall - Deploying Cisco ASA Firewall Solutions v2.0

Category: Tutorials / Other

Cisco CCNP Security Firewall - Deploying Cisco ASA Firewall Solutions v2.0

Cisco CCNP Security Firewall - Deploying Cisco ASA Firewall Solutions v2.0 (Repost)
English | 2012 | flv | H264 1280x720 | AAC 2 ch | 13 hrs 23 min | 3.2 GB

Firewalls have come a long way over the years, and the Cisco Adaptive Security Appliance (ASA) firewall has as well. In this "soup-to-dessert" video course, trainer Keith Barker walks you through the entire process of implementing the ASA on the network, beginning with bootstrapping the ASA so that it will allow basic management, all the way to configuring advanced features such as the new Network Address Translation (NAT, which changed between versions 8.2 and 8.3), redundant interfaces, etherchannel, transparent L2 firewall services, multiple-contexts (virtual firewalls), application layer inspection, failover for high availability (HA), and more. By the time you finish this course, you'll be able to return to your network with confidence in the care and feeding of the ASA.

This course addresses all the objectives for exam 642-618 (Firewall v2), which is part of the Cisco Firewall Specialist, ASA Specialist and CCNP Security certifications. Plus, a GNS3 Nugget covers how to create a complete ASA virtual lab environment, for hands-on practice.

Viewers who have taken the CCNA Security (or has the equivalent knowledge) will get the most out of this course. Exam 642-618 is one of the requirements for ASA Specialist, Firewall Specialist and CCNP Security certifications; pre-requisites for these three certifications include CCNA (RS) and CCNA Security. This course is also valuable if you're applying for network/security positions where the employer has ASAs in place and are looking for skilled ASA network technicians and engineers.

1. Firewall v2.0 Introduction (00:13:48)
The Adaptive Security Appliance (ASA) is a vital cornerstone in Cisco's security portfolio, and when properly implemented and managed can reduce the overall risk to a company. This introduction video identifies who the course was created for, what to expect from it and how to get the most out of it.

2. Out of the Box (00:36:44)
Before we can implement the advanced features of the Adaptive Security Appliance (ASA), which include stateful packet filtering, application layer inspection, user-based access control, AAA, BotNet filtering, IPsec and SSL VPNs, redundant interfaces, etherchannel, multicast and routing protocols, NAT, transparent firewall, multiple context firewall (virtual firewalls), or High Availability (HA) with failover, we need to first have management access to the ASA. In this video, Keith walks you through how to do an image recovery of an ASA that doesn't have a valid OS image on flash, and then proceeds to take you step by step in bootstrapping the ASA with enough configuration to allow access by the ASA Security Device Manager (ASDM).

Maps to CCNP Firewall 642-618 objectives: Manage the ASA boot process; Implement ASA interface settings.

3. ASA & ASDM Essentials (00:53:59)
What else needs to be done, to get an ASA up and functioning in the network? This Nugget answers that, as Keith walks you through configuring a second interface and configuring Network Address Translation (NAT) to provide firewall services for clients. As you and Keith configure, he explains the details of why security levels (assigned to each interface) are important, and how they work in conjunction with stateful firewall services.

Maps to CCNP Firewall 642-618 objectives: Implement ASA licensing; Implement ASA interface settings; Implement ASA management features; Implement ASA access control features; Implement Network Address Translation (NAT) on the ASA.

4. NAT on the ASA, 8.2, 8.3 and beyond (01:11:23)
What's up with NAT!?! That is a topic that comes up all the time with the current version of the ASA (8.3 and higher). The methods and configuration dramatically changed after the update from 8.2 to 8.3. In this video, Keith walks you through how NAT on the 8.2 and older versions of the ASA was configured, and then takes you through the logic and configuration of the new NAT. Concepts are reinforced by real world scenarios along with demonstration and verification of the NAT, step by step.

Maps to CCNP Firewall 642-618 objectives: Implement ASA interface settings; Implement Network Address Translation (NAT) on the ASA.

5. ACLs on the ASA (00:56:14)
What do Public Servers, Real IP addresses, and global Access Control Lists (ACLs) all have in common? They are all new features in version 8.3, 8.4 and higher of the ASA, and critical to know. Have no fear, in this video, Keith introduces the ACL options including when and where to use them. Demonstration and verification are done to reinforce both the concepts and the configuration steps.

Maps to CCNP Firewall 642-618 objectives: Implement ASA access control features; Implement NAT on the ASA; Implement ASDM public server feature.

6. Routing on the ASA (00:23:44)
When the ASA considers forwarding a packet, it uses its routing table to determine the exit interface and the next hop router (if the destination is not directly connected). Based on the interfaces involved, the appropriate rules are considered, such as the security levels or ACLs involved. Training the ASA to learn about remote networks can be done in a few ways, and in this Nugget, Keith walks you through each of the methods including static routing, RIP, EIGRP and OSPF. Multicast routing capabilities of the ASA are also discussed in this video.

Maps to CCNP Firewall 642-618 objectives: Implement ASA static routing; Implement ASA dynamic routing.

7. MPF 101 (00:54:54)
Modular Policy Framework (MPF) is used to implement additional Layer 3 and Layer 4 actions on the packets that flow through the ASA. MPF actions include implementing Quality of Service (QoS), policing, application inspection (such as looking for additional ports that may need to be allowed through the ASA for an application to work), changing TCP connection thresholds (such as limiting the number of half-formed sessions allowed through the firewall), and much more. Keith demonstrates real-world scenarios where MPF is required and discusses both the CLI and ASDM implementation of policies using the class maps, policy maps and a service policy (which are the "framework" in Modular Policy Framework (MPF).

Maps to CCNP Firewall 642-618 objectives: Implement ASA inspections features.

8. TCP Advanced Options (00:39:34)
Not all traffic is simple, and some traffic is intentionally malicious. In this video, you and Keith discuss some of the advanced TCP challenges facing the ASA including asymmetrical routing conditions, TCP options that the ASA would normally remove (but are required for BGP authentication to work), and how to prevent a SYN-flood attack from taking down your critical servers. Concepts are reinforced by live demonstrations.

Maps to CCNP Firewall 642-618 objectives: Implement ASA inspections features

9. Layer 5-7 Advanced Inspection (00:43:02)
What is being hidden behind TCP port 80? We assume it is valid HTTP, but how do we know for sure? Users could be tunneling non-http traffic over port 80 and malicious code on web servers could return data to clients that the browser had not asked for. To address these problems, the ASA allows for Layer 5-7 (TCP/IP application layer) advanced protocol inspection to keep an eye on those protocols and to enforce RFC compliance and/or filter what commands may be issued by the application layer protocol. In this video, Keith walks you through CLI and ASDM commands to implement and verify this feature.

Maps to CCNP Firewall 642-618 objectives: Implement ASA inspections features

10. Interfaces: Sub, Ether-channel and Redundant (00:39:39)
Sometimes, using a single physical interface to support a single IP subnet just isn't enough. For example, if we need interfaces to support 25 subnets, but only have eight physical interfaces, or when we need four times the bandwidth of our fastest interface, or when we need redundancy for a single interface. In this video, Keith describes each of these requirements and demonstrates how to implement the solution on the ASA firewall by using sub-interfaces, L3 Ether-channel and a redundant interfaces.

Maps to CCNP Firewall 642-618 objectives: Implement ASA Interface redundancy and load sharing features

11. Transparent Firewall (00:57:50)
The ASA has a nice trick up its sleeve, in that it can be inserted into an existing network and leave the existing routers and IP addressing in place. It does this by converting to a layer 2 device from an IP perspective, but still maintains its ability to do stateful inspection at the higher layers. In this video, Keith walks you through the options of using this feature by explaining and demonstrating the transparent firewall on both the ASA 5505, and the larger 5520.

Maps to CCNP Firewall 642-618 objectives: Implement ASA transparent firewall

12. AAA on the ASA (00:47:43)
"Who, do you think you are? What do you think you are doing? That is getting reported." Those are the types of activities that go on all day long in a network where Authentication, Authorization and Accounting (AAA) are in use. In this Nugget, Keith walks you through the two major categories of users that need to be tracked using AAA, and then demonstrates how to implement the AAA features of management and cut-through proxy on the ASA.

Maps to CCNP Firewall 642-618 objectives: Implement ASA management features; Implement ASA access control features

13. Active/Standby Failover (00:50:47)
Got HA? High Availability (HA) can be implemented on the ASA when there are 2 ASA firewalls, with appropriate licensing. One fault tolerant method is to use "Active/Standby Failover," and in this video, Keith describes how this works and demonstrates how to implement it from both the ASDM interface and the CLI.

Maps to CCNP Firewall 642-618 objectives: Implement ASA stateful failover

14. Virtual Firewalls (contexts) (00:51:16)
Even with only one physical firewall, the option exists to create multiple logical firewalls using only a single ASA. In this video, Keith discusses with you some reasons why we might want to place a firewall into "multiple mode", and then uses the CLI and ASDM to create and verify new contexts (virtual firewalls).

Maps to CCNP Firewall 642-618 objectives: Implement ASA virtualization feature

15. Active/Active Failover (01:06:28)
High Availability (HA) using failover can be implemented using Active/Active when ASAs are configured in multiple mode. One of the benefits is that both firewalls can be configured to actively forward traffic and have the option of implementing some load sharing along with the fault tolerance. In this video, Keith walks you through the reasons, the logic and the configuration needed to implement Active/Active failover as well as verifying it.

Maps to CCNP Firewall 642-618 objectives: Implement ASA stateful failover

16. Botnet Filtering (00:17:05)
Malware installed on a computer can allow an attacker to centrally control that device as part of an army of compromised hosts to form a botnet. The ASA has the option to work with a Cisco centralized database of IP addresses and domains that have been identified as being part of a botnet, so that the ASA can prevent traffic to and from those addresses. In this video, Keith discusses the steps to configure and enable botnet filtering.

Maps to CCNP Firewall 642-618 objectives: Implement ASA Botnet traffic filter

17. Management, Logging, Anti-spoofing and More... (00:46:47)
What protocols are being allowed to the ASA for management, and where are logging messages being sent? In this video, Keith walks you through implementing security regarding management of the ASA, as well as the options of setting up logging to one of several destinations including email, syslog and ASDM. Unicast Reverse Path Filtering (uRPF) and the "established" command, including their purpose, are in this video.

Maps to CCNP Firewall 642-618 objectives: Implement ASA management features; Implement ASA access control features

18. GNS3 and the ASA (00:31:52)
GNS3 is a free emulation environment that can be used to practice various vendors products, including Cisco and their routers. Until mid-2012, Firewall/ASA emulation was not easy to implement as it didn't always work correctly, when it worked at all in a virtual environment such as GNS3. With the current release of GNS3, the ASA ver 8.4 of software and associated ASDM can work very well in GNS3. In this video, Keith walks you through the list of tools and software that can be used to create a hands-on practice lab using GNS3.








Site BBcode/HTML Code:
Dear visitor, you went to the site as unregistered user.
We recommend you Sign up or Login to website under your name.
Would you like to leave your comment? Please Login to your account to leave comments. Don't have an account? You can create a free account now.

Tag Cloud

archive of news

free html hit counter