Description

The Course Name: SASAC – Implementing Core Cisco ASA Security v1.0

The Duration: 5 Days

The Overview:

The purpose of this course is to  teach participants advance knowledge and experience about Cisco NGN ASA solutions by adding depth to the standard labs, using a topology that simulates a typical production network which will use ASA 5515 appliances to work through configuring access control to and from your network as well.

What You Will Learn:

  • Essentials of Cisco ASA
  • Basic connectivity and device management
  • Network integration
  • How to configure common features of the Cisco ASA OS
  • Cisco ASA policy control
  • Core Cisco ASA VPN common components
  • Main VPN components
  • Cisco clientless VPN solutions
  • Cisco AnyConnect full tunnel VPN solution
  • Cisco ASA high availability and virtualization options
  • Features of Cisco ASA 5500-X Series Next-Generation Firewalls

The Course Index :

  1. Cisco ASA Essentials
  • Firewall Technologies
  • Cisco ASA Features
  • Cisco ASA Hardware
  • Cisco ASA Licensing Options
  • Cisco ASA Licensing Requirements
  1. Basic Connectivity and Device Management
  • Managing the Cisco ASA Boot Process
  • Managing the Cisco ASA Using the CLI
  • Managing the Cisco ASA Using Cisco ASDM
  • Navigating Basic Cisco ASDM Features
  • Managing the Cisco ASA Basic Upgrade
  • Managing Cisco ASA Security Levels
  • Configuring and Verifying Basic Connectivity Parameters
  • Configuring and Verifying Interface VLANs
  • Configuring a Default Route
  • Configuring and Verifying the Cisco ASA Security Appliance DHCP Server
  • Troubleshooting Basic Connectivity
  1. Network Integration
  • NAT on Cisco ASA Security Appliances
  • Configuring Object (Auto) NAT
  • Configuring Manual NAT
  • Tuning and Troubleshooting NAT on the Cisco ASA
  • Connection Table and Local Host Table
  • Configuring and Verifying Interface ACLs
  • Configuring and Verifying Global ACLs
  • Configuring and Verifying Object Groups
  • Configuring and Verifying Public Servers
  • Configuring and Verifying Other Basic Access Controls
  • Troubleshooting ACLs
  • Static Routing
  • Dynamic Routing
  • EIGRP Configuration and Verification
  • Multicast Support
  1. Cisco ASA Policy Control
  • Cisco MPF Overview
  • Configuring and Verifying Layer 3 and Layer 4 Policies
  • Configuring and Verifying a Policy for Management Traffic
  • Layer 5 to Layer 7 Policy Control Overview
  • Configuring and Verifying HTTP Inspection
  • Configuring and Verifying FTP Inspection
  • Supporting Other Layer 5 to Layer 7 Applications
  • Troubleshooting Application Layer Inspection
  1. Cisco ASA VPN Common Components
  • VPN Definition
  • Key Threats to WANs and Remote Access
  • VPN Types
  • VPN Components
  • Cisco ASA VPN Policy Configuration
  • Cisco ASA Connection Profiles
  • Cisco ASA Group Policies
  • Cisco ASA VPN AAA and External Policy Storage
  • Cisco ASA User Attributes
  • Access Control Methods
  • VPN Accounting Using External Servers
  • Dynamic Access Policy for SSL VPN
  • Using PKI
  • Provisioning Server-Side Certificates on the Cisco ASA Adaptive Security Appliance
  • CA Servers
  • Deploying Client-Based Certificate Authentication
  • SCEP Proxy Operations
  • Enable Certificate Authentication in Connection Profile
  • Configuring Certificate-to-Connection Profile Mappings
  1. Cisco Clientless VPN Solution
  • Cisco Clientless SSL VPN
  • Cisco Clientless SSL VPN Use Cases
  • Cisco Clientless SSL VPN Resource Access Methods
  • Secure Sockets Layer and Transport Layer Security
  • SSL Session Setup and Key Management
  • SSL Server Authentication
  • SSL Client Authentication
  • SSL Transmission Protection
  • Basic Cisco Clientless SSL VPN
  • Server Authentication in Basic Clientless SSL VPN
  • Client-side Authentication in Basic Clientless SSL VPN
  • Clientless SSL VPN URL Entry and Bookmarks
  • Basic Access Control for Clientless SSL VPN
  • Disabling Content Rewriting
  • Basic Clientless SSL VPN Configuration Tasks
  • Basic Clientless SSL VPN Configuration Scenario
  • Configuring Basic Cisco Clientless SSL VPN
  • Verify Basic Cisco Clientless SSL VPN
  • Troubleshooting Basic Clientless SSL VPN Operations
  • Cisco Clientless SSL VPN Application Access Overview
  • Application Plug-Ins
  • Configuring Application Plug-ins
  • Verify Clientless SSL VPN Application Plug-Ins
  • Troubleshooting Clientless SSL VPN Application Plug-Ins
  • Smart Tunnels
  • Configuring Smart Tunnels
  • Verifying Smart Tunnels
  • Troubleshoot Smart Tunnels
  • Client-side Authentication Options
  • Client-side Authentication and Authorization Using AAA Server
  • Double Client-side Authentication Using AAA Servers
  • Troubleshooting Client-side AAA Authentication
  1. Cisco AnyConnect Full Tunnel VPN Solution
  • Basic Cisco AnyConnect SSL VPN
  • SSL VPN Clients Authentication
  • SSL VPN Clients IP Address Assignment
  • SSL VPN Split Tunneling
  • Configuration Scenario
  • Configuration Tasks
  • Enable AnyConnect SSL VPN
  • Define IP Address Pool
  • Configure Identity NAT
  • Configure Group Policy
  • Configure Group Policy: Split Tunneling
  • Configure Connection Profile
  • Monitor AnyConnect VPN on Client
  • Monitor AnyConnect VPN on Server
  • Cisco AnyConnect SSL VPN Solution Components
  • DTLS Overview
  • Parallel DTLS and TLS Tunnels
  • Configure DTLS
  • Verify DTLS
  • Cisco AnyConnect Client Configuration Management
  • Managing Cisco AnyConnect Software from Cisco ASA
  • Cisco AnyConnect Client Operating System Integration Options
  • Deploying Cisco AnyConnect Trusted Network Detection
  • Cisco AnyConnect Start Before Logon
  • Deploying Cisco AnyConnect Start Before Logon
  • Cisco AnyConnect Advanced Authentication Scenarios
  • Certificate-Based Server Authentication
  • Client Enrollment Methods
  • Methods for Revoking Credentials
  • Enable Certificate-Based Authentication
  • Enable Two-Factor Authentication
  • Two-Factor Authentication with Name Pre-Fill
  • Local Authorization Overview
  • Local Authorization Configuration Procedure
  • Configure Local Authorization
  • Verify Local Authorization
  • External Authorization Scenario
  • Configure Authorization Using LDAP/AD
  • Verify External Authorization
  • Troubleshooting Cisco AnyConnect VPN
  • AnyConnect Support for IKEv2
  • Internet Key Exchange v1 and v2
  • Making IPsec the Primary Protocol for a Host Entry
  • IKEv2 Configuration Procedure
  • Configure a Cisco AnyConnect IPsec VPN on a Cisco ASA
  • Verify and Troubleshoot Cisco AnyConnect IPsec VPN on Cisco ASA
  1. Cisco ASA High Availability and Virtualization
  • Configuring and Verifying EtherChannel
  • Configuring and Verifying Redundant Interfaces
  • Troubleshooting EtherChannel and Redundant Interfaces
  • Configuring and Verifying Redundant Interfaces
  • Troubleshooting EtherChannel and Redundant Interfaces
  • Configuring Cisco ASA Active / Standby Failover High Availability
  • Configuring and Verifying Active / Standby Failover
  • Tuning and Managing Active / Standby Failover
  • Remote Command Execution
  • Troubleshooting Active / Standby Failover
  • Multiple-Context Mode
  • Configuring Security Contexts
  • Verifying and Managing Security Contexts
  • Configuring and Verifying Resource Management
  • Troubleshooting Security Contexts

(Optional)

  • Active/Active Failover
  • Configuring and Verifying Active/Active Failover
  • Tuning and Managing Active/Active Failover
  • Troubleshooting Active/Active Failover

Labs:

Lab 1: Remote Lab Environment

Lab 2: ASA Administration and Network Integration

Lab 3: Network Address Translation

Lab 4: Access Control and Troubleshooting

Lab 5: MPF Basic Application Inspections

Lab 6: MPF Advanced Application Inspections

Lab 7: Basic Clientless SSL VPN

Lab 8: Clientless SSL VPN Applications

Lab 9: External AAA for Clientless SSL VPN

Lab 10: Lab: Basic AnyConnect SSL VPN

Lab 11: Advanced AnyConnect SSL VPN

Lab 12: IPSec Remote Access VPN

Lab 13: Active-Standby High Availability