Course Details
Deploying Cisco ASA Firewall Solutions v1.0
  • Course Length: 5 days
  • Course Price: $3495
  • Code: FIREWALL
  • Course Mode: ILT
Prerequisite
The knowledge and skills that a learner must have before attending this course: Cisco Certified Network Associate (CCNA) certification: Interconnecting Cisco Network Devices 1 (ICND1) & Interconnecting Cisco Network Devices 2 (ICND2). Cisco Certified Network Associate Security (CCNA Security) certification: Implementing Cisco IOS Network Security (IINS) & Working knowledge of the Microsoft Windows operating system.
Audience
Channel Partner / Reseller, Customer, Employee

The Deploying Cisco ASA Firewall Features (FIREWALL) 1.0 course is an instructor-led course presented by Cisco training partners to their end-user customers. This five-day course aims at providing network security engineers with the knowledge and skills needed to implement and maintain Cisco ASA adaptive security appliance-based perimeter solutions. Successful graduates will be able to reduce risk to the IT infrastructure and applications using Cisco ASA adaptive security appliance features, and provide detailed operations support for the Cisco ASA adaptive security appliance.

  • Module 1: Introduction to the Cisco ASA v8.2 Adaptive Security Appliance
    • Lesson 1: Introducing Cisco ASA v8.2 Adaptive Security Appliance Technology and Features
      • Firewalls and Security Domains
      • Firewall Technologies
      • Overview of Cisco ASA v8.2 Adaptive Security Appliance Features
      • Common Cisco ASA v8.2 Adaptive Security Appliance Use Cases
    • Lesson 2: Introducing the Cisco ASA v8.2 Adaptive Security Appliance Family
      • Cisco ASA v8.2 Adaptive Security Appliance Platforms and Models
      • Cisco ASA v8.2 Adaptive Security Appliance Security Services Modules
      • Cisco ASA v8.2 Adaptive Security Appliance Licensing Model
      • Basic Cisco ASA v8.2 Adaptive Security Appliance Hardware Troubleshooting
  • Module 2: Implementation of Basic Connectivity and Device Management
    • Lesson 1: Getting Started with the Cisco ASA v8.2 Adaptive Security Appliance and Cisco ASDM
      • Managing the Cisco ASA v8.2 Adaptive Security Appliance Boot Process
      • Managing the Cisco ASA v8.2 Adaptive Security Appliance Using the CLI
      • Managing the Cisco ASA v8.2 Adaptive Security Appliance Using Cisco ASDM
      • Navigating Basic Cisco ASDM Features
    • Lesson 2: Configuring Interfaces and Static Routing
      • Overview of Basic Configuration Choices, Basic Procedures, and Required Input Parameters
      • Managing Cisco ASA v8.2 Adaptive Security Appliance Security Levels
      • Configuring and Verifying Interface Network Parameters
      • Configuring and Verifying VLAN Interfaces
      • Configuring and Verifying Static Routing
      • Configuring and Verifying the Cisco ASA v8.2 Adaptive Security Appliance DHCP Server
      • Troubleshooting Basic Connectivity
    • Lesson 3: Configuring Basic Device Management Features
      • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
      • Configuring and Verifying Basic Device Management Settings
      • Managing Time Settings
      • Managing Event and Session Logging
      • Managing the Cisco ASA v8.2 Adaptive Security Appliance File System
      • Managing Cisco ASA v8.2 Adaptive Security Appliance Software and Feature Activation
      • Using Other Troubleshooting and Management Tools
    • Lesson 4: Configuring Management Access
      • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
      • Managing Remote Management Channels
      • Managing Authentication for Management Access
      • Verifying and Troubleshooting AAA for Management Access
  • Module 3: Deployment of Cisco ASA v8.2 Adaptive Security Appliance Access Control Features
    • Lesson 1: Configuring Basic Access Control
      • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
      • Connection Table and Local Host Table
      • Configuring and Verifying Interface Access Rules
      • Configuring and Verifying Object Groups
      • Configuring and Verifying Other Basic Access Controls
      • Troubleshooting Basic Access Control
    • Lesson 2: Using Cisco ASA v8.2 Adaptive Security Appliance Modular Policy Framework
      • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
      • Configuring and Verifying Policies for OSI Layers 3 and 4
      • Configuring and Verifying Policies for OSI Layers 5 to 7
      • Configuring and Verifying a Policy for Management Traffic
    • Lesson 3: Tuning Basic Stateful Inspection Features
      • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
      • Tuning Basic Inspection of OSI Layers 3 and 4
      • Tuning the Cisco ASA v8.2 Adaptive Security Appliance TCP Normalizer
      • Configuring Support for Dynamic Protocols
      • Troubleshooting Inspection of OSI Layers 3 and 4 on the Cisco ASA v8.2 Adaptive Security Appliance
    • Lesson 4: Configuring Application Layer Policies
      • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
      • Configuring and Verifying HTTP Inspection
      • Evaluating FTP Inspection
      • Evaluating DNS Inspection
      • Evaluating ESMTP Inspection
      • Evaluating Inspection of Other Protocols
      • Troubleshooting Application Layer Inspection
    • Lesson 5: Configuring Advanced Access Controls
      • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
      • Configuring and Verifying Cisco TCP Intercept
      • Configuring and Verifying the Cisco Botnet Traffic Filter
      • Configuring and Verifying Basic Threat Detection
      • Configuring and Verifying Advanced Threat Detection
      • Configuring and Verifying Scanning Threat Detection
    • Lesson 6: Configuring Resource Limits and Guarantees
      • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
      • Configuring and Verifying Connection Limits
      • Configuring and Verifying Traffic Policing and Shaping
      • Configuring and Verifying Traffic Priority Queuing
    • Lesson 7: Configuring User-Based Policies (Cut-Through Proxy)
      • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
      • Configuring and Verifying User Authentication
      • Configuring Authentication Prompts and Timeouts
      • Configuring and Verifying User Authorization
      • Configuring and Verifying User Session Accounting
      • Troubleshooting Operation of User-Based Controls
  • Module 4: Deployment of Cisco ASA v8.2 Adaptive Security Appliance Network Integration Features
    • Lesson 1: Deploying Network Address Translation
      • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
      • Configuring NAT Control
      • Configuring and Verifying Dynamic Inside NAT and PAT
      • Configuring and Verifying Static Inside NAT and PAT
      • Configuring NAT Rules to Bypass Address Translations
      • Configuring Outside NAT
      • Integrating NAT with Cisco ASA v8.2 Adaptive Security Appliance Access Control
      • Troubleshooting NAT
    • Lesson 2: Configuring Cisco ASA v8.2 Adaptive Security Appliance Transparent Operations
      • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
      • Configuring and Verifying Transparent Firewall Mode
      • Configuring OSI Layer 3–7 Access Control in Transparent Firewall Mode
      • Configuring OSI Layer 2 Access Control in Transparent Firewall Mode
      • Troubleshooting Transparent Firewall Operation
  • Module 5: Deployment of Cisco ASA v8.2 Adaptive Security Appliance Virtualization and High Availability Features
    • Lesson 1: Deploying Cisco ASA v8.2 Adaptive Security Appliance Virtualization Features
      • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
      • Configuring and Verifying Security Contexts
      • Managing Security Contexts
      • Configuring and Verifying Resource Management
      • Troubleshooting Security Contexts
    • Lesson 2: Deploying Cisco ASA v8.2 Adaptive Security Appliance Redundant Interfaces
      • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
      • Configuring and Verifying Redundant Interfaces
      • Troubleshooting Redundant Interfaces
    • Lesson 3: Deploying Active/Standby High Availability Failover
      • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
      • Configuring and Verifying Active/Standby Failover
      • Tuning and Managing Active/Standby Failover
      • Remote Command Execution
      • Troubleshooting Active/Standby Failover
    • Lesson 4: Deploying Active/Active High-Availability Failover
      • Overview of Configuration Choices, Basic Procedures, and Required Input Parameters
      • Configuring and Verifying Active/Active Failover
      • Tuning and Managing Active/Active Failover
      • Troubleshooting Active/Active Failover
  • Module 6: Integration of Cisco ASA v8.2 Adaptive Security Appliance Security Service Modules
    • Lesson 1: Introducing Cisco ASA v8.2 Adaptive Security Appliance Security Service Modules
      • Cisco Security Service Modules Overview
      • Cisco Content Security Control SSM
      • Cisco Advanced Inspection and Protection SSM and SSC
    • Lesson 2: Integrating the Cisco ASA v8.2 Adaptive Security Appliance AIP-SSM and AIP-SSC Modules
      • Cisco AIP-SSM and Cisco AIP SSC Installation
      • Managing Cisco ASA v8.2 AIP-SSM and Cisco ASA v8.2 AIP SSC Basic Features
      • Initializing Cisco ASA v8.2 AIP-SSM and Cisco ASA v8.2 AIP SSC
      • Configuring Cisco ASA v8.2 Adaptive Security Appliance Traffic Redirection Policy
    • Lesson 3: Integrating the Cisco ASA v8.2 Adaptive Security Appliance CSC-SSM Module
      • Cisco CSC-SSM Installation
      • Managing Cisco CSC-SSM Basic Features
      • Initializing Cisco CSC-SSM
      • Configuring Cisco ASA v8.2 Adaptive Security Appliance Traffic Redirection Policy


    ASA v8.3 Upgrade Outline

    Module 1 Introduction to Cisco ASA adaptive security appliance v8.3

    • Lesson 1 Overview of Major Changes v8.3
      • Hardware & Software requirements
      • Auto Migration of the Configuration
      • Real IP Address Migration
      • NAT Migration
      • NAT Exemption Migration
      • Network & Service Object Migration
    Module 2 Cisco ASA adaptive security appliance v8.3 Upgrade & Auto Migration
    • Lesson 1 System Requirements & Memory Upgrade (v8.3)
      • RAM Memory Requirements
      • Flash Memory Requirements
      • Memory & Flash Upgrade Kits
      • Upgrade Error Messages
      • Physical Memory & Flash Upgrade Process
    • Lesson 2 Auto Migration of the Configuration
      • Backup of Configuration
      • Auto Migration
      • Saving the Migrated Configuration
    Module 3 Cisco ASA adaptive security appliance v8.3 Migration
    • Lesson 1 Real IP Address Migration
      • Features that use Real IP Addresses
      • Features that continue to use Mapped IP Addresses
      • Real IP Address Migration Naming Conventions
      • Real IP Addresses in Access List Migration w/Examples
      • Real IP Address Migration Limitations
    • Lesson 2 NAT Migration
      • NAT Then & Now
      • Old Nat Commands
      • New Nat Commands
      • Supporting Commands for Nat
      • Nat Migration Guidelines & Limitations
      • Scenario & Examples
    • Lesson 3 NAT Exemption
      • NAT Control
      • DNS Rewrite
      • Connection Settings
      • Source and Destination Nat
      • alias Command
      • NAT Migration Messages
      • Scenario & Examples
    • Lesson 4 Network & Service Object Migration
      • Supported Features for Objects
      • Object Migration
      • Object Migration Naming Conventions
      • Scenario & Examples

    • Upon completing this course, the learner will be able to meet these overall objectives:

    • Evaluate the basic technology, features, and hardware models of the Cisco ASA adaptive security appliance product line.
    • Implement and maintain basic Cisco ASA adaptive security appliance connectivity and device management plane features.
    • Implement and maintain data plane access control features of the Cisco ASA adaptive security appliance product family.
    • Implement and maintain Cisco ASA adaptive security appliance features that integrate it with the local and global routing and switching infrastructure.
    • Implement and maintain Cisco ASA adaptive security appliance virtualization and high availability features.
    • Evaluate Cisco ASA adaptive security appliance SSM modules, their major features, and integrate them with the Cisco ASA adaptive security appliance.

    Additional v8.3 Upgrade Objectives:

    • Evaluate the hardware & software requirements to migrate from operating system 8.x to 8.3+ on the Cisco ASA adaptive security appliance.
    • Perform an 8.x to 8.3+ version migration - This will include performing hardware upgrade, software upgrade, saving the configuration, & auto migration of the 8.x to 8.3+ configuration.
    • Understand 8.2 to 8.3+ NAT migration guidelines & limitations
    • Migrate, configure, & deploy 8.3+ version of NAT, NAT exemption, Network & Service objects.