Description
The Course Name: SASAC – Implementing Core Cisco ASA Security v1.0
The Duration: 5 Days
The Overview:
The purpose of this course is to teach participants advance knowledge and experience about Cisco NGN ASA solutions by adding depth to the standard labs, using a topology that simulates a typical production network which will use ASA 5515 appliances to work through configuring access control to and from your network as well.
What You Will Learn:
- Essentials of Cisco ASA
- Basic connectivity and device management
- Network integration
- How to configure common features of the Cisco ASA OS
- Cisco ASA policy control
- Core Cisco ASA VPN common components
- Main VPN components
- Cisco clientless VPN solutions
- Cisco AnyConnect full tunnel VPN solution
- Cisco ASA high availability and virtualization options
- Features of Cisco ASA 5500-X Series Next-Generation Firewalls
The Course Index :
- Cisco ASA Essentials
- Firewall Technologies
- Cisco ASA Features
- Cisco ASA Hardware
- Cisco ASA Licensing Options
- Cisco ASA Licensing Requirements
- Basic Connectivity and Device Management
- Managing the Cisco ASA Boot Process
- Managing the Cisco ASA Using the CLI
- Managing the Cisco ASA Using Cisco ASDM
- Navigating Basic Cisco ASDM Features
- Managing the Cisco ASA Basic Upgrade
- Managing Cisco ASA Security Levels
- Configuring and Verifying Basic Connectivity Parameters
- Configuring and Verifying Interface VLANs
- Configuring a Default Route
- Configuring and Verifying the Cisco ASA Security Appliance DHCP Server
- Troubleshooting Basic Connectivity
- Network Integration
- NAT on Cisco ASA Security Appliances
- Configuring Object (Auto) NAT
- Configuring Manual NAT
- Tuning and Troubleshooting NAT on the Cisco ASA
- Connection Table and Local Host Table
- Configuring and Verifying Interface ACLs
- Configuring and Verifying Global ACLs
- Configuring and Verifying Object Groups
- Configuring and Verifying Public Servers
- Configuring and Verifying Other Basic Access Controls
- Troubleshooting ACLs
- Static Routing
- Dynamic Routing
- EIGRP Configuration and Verification
- Multicast Support
- Cisco ASA Policy Control
- Cisco MPF Overview
- Configuring and Verifying Layer 3 and Layer 4 Policies
- Configuring and Verifying a Policy for Management Traffic
- Layer 5 to Layer 7 Policy Control Overview
- Configuring and Verifying HTTP Inspection
- Configuring and Verifying FTP Inspection
- Supporting Other Layer 5 to Layer 7 Applications
- Troubleshooting Application Layer Inspection
- Cisco ASA VPN Common Components
- VPN Definition
- Key Threats to WANs and Remote Access
- VPN Types
- VPN Components
- Cisco ASA VPN Policy Configuration
- Cisco ASA Connection Profiles
- Cisco ASA Group Policies
- Cisco ASA VPN AAA and External Policy Storage
- Cisco ASA User Attributes
- Access Control Methods
- VPN Accounting Using External Servers
- Dynamic Access Policy for SSL VPN
- Using PKI
- Provisioning Server-Side Certificates on the Cisco ASA Adaptive Security Appliance
- CA Servers
- Deploying Client-Based Certificate Authentication
- SCEP Proxy Operations
- Enable Certificate Authentication in Connection Profile
- Configuring Certificate-to-Connection Profile Mappings
- Cisco Clientless VPN Solution
- Cisco Clientless SSL VPN
- Cisco Clientless SSL VPN Use Cases
- Cisco Clientless SSL VPN Resource Access Methods
- Secure Sockets Layer and Transport Layer Security
- SSL Session Setup and Key Management
- SSL Server Authentication
- SSL Client Authentication
- SSL Transmission Protection
- Basic Cisco Clientless SSL VPN
- Server Authentication in Basic Clientless SSL VPN
- Client-side Authentication in Basic Clientless SSL VPN
- Clientless SSL VPN URL Entry and Bookmarks
- Basic Access Control for Clientless SSL VPN
- Disabling Content Rewriting
- Basic Clientless SSL VPN Configuration Tasks
- Basic Clientless SSL VPN Configuration Scenario
- Configuring Basic Cisco Clientless SSL VPN
- Verify Basic Cisco Clientless SSL VPN
- Troubleshooting Basic Clientless SSL VPN Operations
- Cisco Clientless SSL VPN Application Access Overview
- Application Plug-Ins
- Configuring Application Plug-ins
- Verify Clientless SSL VPN Application Plug-Ins
- Troubleshooting Clientless SSL VPN Application Plug-Ins
- Smart Tunnels
- Configuring Smart Tunnels
- Verifying Smart Tunnels
- Troubleshoot Smart Tunnels
- Client-side Authentication Options
- Client-side Authentication and Authorization Using AAA Server
- Double Client-side Authentication Using AAA Servers
- Troubleshooting Client-side AAA Authentication
- Cisco AnyConnect Full Tunnel VPN Solution
- Basic Cisco AnyConnect SSL VPN
- SSL VPN Clients Authentication
- SSL VPN Clients IP Address Assignment
- SSL VPN Split Tunneling
- Configuration Scenario
- Configuration Tasks
- Enable AnyConnect SSL VPN
- Define IP Address Pool
- Configure Identity NAT
- Configure Group Policy
- Configure Group Policy: Split Tunneling
- Configure Connection Profile
- Monitor AnyConnect VPN on Client
- Monitor AnyConnect VPN on Server
- Cisco AnyConnect SSL VPN Solution Components
- DTLS Overview
- Parallel DTLS and TLS Tunnels
- Configure DTLS
- Verify DTLS
- Cisco AnyConnect Client Configuration Management
- Managing Cisco AnyConnect Software from Cisco ASA
- Cisco AnyConnect Client Operating System Integration Options
- Deploying Cisco AnyConnect Trusted Network Detection
- Cisco AnyConnect Start Before Logon
- Deploying Cisco AnyConnect Start Before Logon
- Cisco AnyConnect Advanced Authentication Scenarios
- Certificate-Based Server Authentication
- Client Enrollment Methods
- Methods for Revoking Credentials
- Enable Certificate-Based Authentication
- Enable Two-Factor Authentication
- Two-Factor Authentication with Name Pre-Fill
- Local Authorization Overview
- Local Authorization Configuration Procedure
- Configure Local Authorization
- Verify Local Authorization
- External Authorization Scenario
- Configure Authorization Using LDAP/AD
- Verify External Authorization
- Troubleshooting Cisco AnyConnect VPN
- AnyConnect Support for IKEv2
- Internet Key Exchange v1 and v2
- Making IPsec the Primary Protocol for a Host Entry
- IKEv2 Configuration Procedure
- Configure a Cisco AnyConnect IPsec VPN on a Cisco ASA
- Verify and Troubleshoot Cisco AnyConnect IPsec VPN on Cisco ASA
- Cisco ASA High Availability and Virtualization
- Configuring and Verifying EtherChannel
- Configuring and Verifying Redundant Interfaces
- Troubleshooting EtherChannel and Redundant Interfaces
- Configuring and Verifying Redundant Interfaces
- Troubleshooting EtherChannel and Redundant Interfaces
- Configuring Cisco ASA Active / Standby Failover High Availability
- Configuring and Verifying Active / Standby Failover
- Tuning and Managing Active / Standby Failover
- Remote Command Execution
- Troubleshooting Active / Standby Failover
- Multiple-Context Mode
- Configuring Security Contexts
- Verifying and Managing Security Contexts
- Configuring and Verifying Resource Management
- Troubleshooting Security Contexts
(Optional)
- Active/Active Failover
- Configuring and Verifying Active/Active Failover
- Tuning and Managing Active/Active Failover
- Troubleshooting Active/Active Failover
Labs:
Lab 1: Remote Lab Environment
Lab 2: ASA Administration and Network Integration
Lab 3: Network Address Translation
Lab 4: Access Control and Troubleshooting
Lab 5: MPF Basic Application Inspections
Lab 6: MPF Advanced Application Inspections
Lab 7: Basic Clientless SSL VPN
Lab 8: Clientless SSL VPN Applications
Lab 9: External AAA for Clientless SSL VPN
Lab 10: Lab: Basic AnyConnect SSL VPN
Lab 11: Advanced AnyConnect SSL VPN
Lab 12: IPSec Remote Access VPN
Lab 13: Active-Standby High Availability