Securing Networks with ASA Fundamentals

• Cisco customers who implement and maintain ASA and PIX Security Appliances
• Cisco channel partners who sell, implement, and maintain ASA and PIX Security Appliances
• Cisco systems engineers who support the sale of ASA and PIX Security Appliances

• Explain the functions of the three types of firewalls used to secure today’s computer networks.
• Describe the technology and features of Cisco security appliances.
• Given diagrams of networks protected by Cisco Adaptive Security Appliances (ASAs) and Cisco PIX Security Appliances, explain how each appliance protects network devices from attacks and why each is an appropriate choice for the example network.
• Bootstrap the security appliance, prepare the security appliance for configuration via the Cisco Adaptive Security Device Manager (ASDM), and launch and navigate ASDM.
• Perform essential security appliance configuration using ASDM and the CLI
• Configure dynamic and static address translations in the security appliance using ASDM
• Configure switching and routing on the security appliance using ASDM
• Configure access control lists, filter malicious active codes, and filter URLs to meet the requirements of the security policy using ASDM
• Use the packet tracer for troubleshooting.
• Configure object groups that meet the requirements of the security policy using ASDM
• Configure AAA as needed to meet the requirements of the security policy using ASDM
• Configure a modular policy that supports the security policy using ASDM
• Configure protocol inspection to meet the requirements of the security policy using ASDM
• Configure threat detection to meet the requirements of the security policy using ASDM and the CLI
• Configure the security appliance to support a site-to-site VPN that meets the requirements of the security policy using ASDM
• Configure the security appliance to provide secure connectivity using remote access VPNs using ASDM
• Configure the security appliance to run in transparent firewall mode as needed to meet the requirements of the security policy.
• Enable, configure, and manage multiple contexts as needed to meet the requirements of the security policy.
• Given a network topology, to select and configure the type of failover that best suits the network topology.
• Monitor and manage an installed security appliance.

Introducing Cisco Security Appliance Technology and Features

• Explain the functions of the three types of firewalls that are used to secure modern computer networks
• Discuss the technology and features of Cisco security appliances

Cisco Adaptive Security Appliance and PIX Security Appliance Families

• Identify the Cisco ASA security appliance models
• Explain the Cisco ASA security appliance licensing options

Getting Started with Cisco Security Appliances

• Explain the four main access modes
• Describe the security appliance file management system
• Describe security appliance security levels
• Describe ASDM requirements and capabilities
• Use the CLI to configure and verify basic network settings, and prepare the security appliance for configuration via ASDM
• Verify security appliance configuration and licensing via ASDM

Essential Security Appliance Configuration

• Configure a security appliance for basic network connectivity
• Verify the initial configuration
• Set the clock and synchronize the time on security appliances
• Configure the security appliance to send syslog messages to a syslog server

Configuring Translations and Connection Limits

• Describe how the TCP and UDP protocols function within the security appliance
• Describe how static and dynamic translations function
• Configure dynamic address translation
• Configure static address translation
• Set connection limits

Using ACLs and Content Filtering

• Configure and explain the basic function of ACLs
• Configure and explain additional functions of ACLs
• Configure active code filtering (ActiveX and Java applets)
• Configure the security appliance for URL filtering
• Use the packet tracer for troubleshooting

Configuring Object Grouping

• Describe the object grouping feature of the security appliance and its advantages
• Configure object groups and use them in ACLs

Switching and Routing on Security Appliances

• Configure logical interfaces and VLANs
• Configure static routes and static route tracking
• Describe the dynamic routing capabilities of Cisco security appliances and configure passive RIP routing

Configuring AAA for Cut-through Proxy

• Define and compare AAA
• Install and configure Cisco Secure ACS
• Configure the local user database
• Define and configure cut-through proxy authentication
• Define and configure user authorization using downloadable ACLs
• Define and configure accounting

Configuring the Cisco Modular Policy Framework

• Explain the Cisco Modular Policy Framework feature for security appliances
• Describe the functionality of class maps
• Describe the functionality of policy maps
• Describe the functionality of service policies
• Use ASDM to configure a service policy rule

Configuring Advanced Protocol Handling

• Describe the need for advanced protocol handling
• Describe how the security appliance implements inspection of common network applications
• Describe the issues with multimedia applications and how the security appliance supports multimedia call control and audio sessions

Configuring Threat Detection

• Describe threat detection and threat statistics
• Configure basic threat detection and scanning threat detection
• Configure and view threat detection statistics

Configuring Site-to-Site VPNs Using Pre-shared Keys

• Describe how security appliances enable a secure VPN
• Perform the tasks necessary to configure security appliance IPsec support
• Identify the commands to configure security appliance IPsec support
• Configure a VPN between security appliances

Configuring Security Appliance Remote Access VPNs

• Describe Cisco Easy VPN
• Describe the Cisco VPN Client
• Configure an IPsec Remote Access VPN
• Configure Users and Groups

Configuring Cisco Security Appliances for SSL VPN

• Describe SSL VPN and its purpose
• Use the SSL VPN Wizard to Configure a Basic Clientless SSL VPN Connection
• Configure SSL VPN Policies
• Verify SSL VPN Operations
• Customize the clientless SSL VPN portal

Configuring Transparent Firewall Mode

• Explain the purpose of transparent firewall mode
• Explain how data traverses a security appliance in transparent mode
• Enable transparent firewall mode
• Monitor and maintain transparent firewall mode

Configuring Security Contexts

• Explain the purpose of security contexts
• Enable and disable multiple context mode
• Configure a security context
• Manage a security context

Configuring Failover

• Describe the difference between hardware and stateful failover
• Describe the difference between active/standby and active/active failover
• Define the security appliance failover hardware requirements
• Describe and configure redundant interfaces
• Describe how active/standby failover works
• Explain the security appliance roles of primary, secondary, active, and standby
• Describe how active/active failover works
• Configure active/standby cable-based and LAN-based failover
• Configure active/active failover
• Describe and use remote command execution

Managing Security Appliances

• Configure Telnet access to the security appliance
• Configure SSH access to the security appliance
• Configure command authorization
• Recover security appliance passwords using general password recovery procedures
• Use TFTP to install and upgrade the software image on the security appliance