Chapter 2 VLANs. CHAPTER 2 VLANs

Size: px
Start display at page:

Download "Chapter 2 VLANs. CHAPTER 2 VLANs"

Transcription

1 [ 52 ] Chapter 2 Beginning in Version 6.2 of the PIX firewall, there is support for subinterfaces, trunk links, and. The PIX and ASA can support 802.1q encapsulation and a number of logical interfaces depending on the platform. This enables you to scale your perimeter security solution without the cost of additional hardware. For instance, I have had many clients in the past with a three-interface firewall configuration (inside, outside, DMZ). DMZ VLAN 50 Inside Outside

2 [ 53 ] The problem that lies here is that all the web services are hosted on the same subnet, and while filtering is being performed between the outside and the DMZ, there is no filtering within the DMZ. Suppose a security breach occurs on your web server through a web application vulnerability. After the web server has been compromised, it has unrestricted access to the other hosts on the DMZ. The mail server can now be compromised using an exploit against ports that would have been off limits, such as 135, 139, 445. In addition, servers and network devices that were previously inaccessible from the Internet can now be attacked from the compromised host. Through the use of subinterfaces and, we can now segregate our DMZ servers and apply different security policies to each server or each group depending on your configuration. We can take control over what traffic, if any, will pass between these servers. DMZ VLAN 25 VLAN 50 VLAN 75 Inside Outside

3 [ 54 ] To configure a subinterface from the command line, simply enter the interface command followed by the interface, including a fractional decimal value: ASA5510(config)# interface ethernet 0/0.1 Within the interface configuration mode, assign additional parameters, such as logical name, IP address, security level, and VLAN: ASA5510# config t ASA5510(config)# int e0/2.1 ASA5510(config-subif)# vlan 25 ASA5510(config-subif)# security-level 25 ASA5510(config-subif)# nameif web ASA5510(config-subif)# ip address ASA5510(config)# int e0/2.2 ASA5510(config-subif)# vlan 50 ASA5510(config-subif)# security-level 50 ASA5510(config-subif)# nameif mail ASA5510(config-subif)# ip address ASA5510(config)# int e0/2.1 ASA5510(config-subif)# vlan 75 ASA5510(config-subif)# security-level 75 ASA5510(config-subif)# nameif DNS ASA5510(config-subif)# ip address After configuring the interface, you configure NAT rules and access control lists (ACLs) and apply these the same way that you do when using physical interfaces.

4 [ 55 ] Routing Information Protocol The security appliances have support for dynamic routing protocols. As you may know, Routing Information Protocol (RIP) is a distance-vector routing protocol that is supported by the majority of network devices. The ASA can support RIP Version 1 and Version 2. You can run RIP v1, v2, both v1 and v2 on the same interface or different interfaces at the same time. You can enable RIP from the command line with the router rip command. RIP can also be enabled from the Cisco Adaptive Security Device Manager (ASDM) from the following location: Configuration > Routing > RIP > Setup. From this screen, RIP can be enabled, interfaces can be set to passive if necessary, and network statements can be added. In this case, I have configured the outside interface.

5 [ 56 ] As you should know, one of RIP v2 s improvements over v1 is the support for authentication. Although authentication of routing protocols is a best practice that makes lots of sense to me, I have found that it is not used the majority of the time in production networks. If this is something that is under your control, invest the small amount of time required to secure your routing tables. You can configure authentication on a per-interface basis. To enable authentication of RIP, navigate to Configuration > Device Setup > Routing > RIP > Interface. On this screen, select an interface, and then click Edit.

UniNets CCNA Security LAB MANUAL UNiNets CCNA Cisco Certified Network Associate Security LAB MANUAL UniNets CCNA LAB MANUAL

UniNets CCNA Security LAB MANUAL UNiNets CCNA Cisco Certified Network Associate Security LAB MANUAL UniNets CCNA LAB MANUAL UNiNets CCNA Cisco Certified Network Associate Security LAB MANUAL Contents: UniNets CCNA Security LAB MANUAL Section 1 Securing Layer 2 Lab 1-1 Configuring Native VLAN on a Trunk Links Lab 1-2 Disabling

More information

ASA/PIX Security Appliance

ASA/PIX Security Appliance I N D E X A AAA, implementing, 27 28 access to ASA/PIX Security Appliance monitoring, 150 151 securing, 147 150 to websites, blocking, 153 155 access control, 30 access policies, creating for web and mail

More information

DOWNLOAD PDF CISCO ASA 5505 CONFIGURATION GUIDE

DOWNLOAD PDF CISCO ASA 5505 CONFIGURATION GUIDE Chapter 1 : Cisco ASA DMZ Configuration Example â Speak Network Solutions Cisco ASA Quick Start Guide. Step 1 Connect the power supply adaptor to the power cable.. Step 2 Connect the rectangular connector

More information

Getting Started. Getting Started with Your Platform Model. Factory Default Configurations CHAPTER

Getting Started. Getting Started with Your Platform Model. Factory Default Configurations CHAPTER CHAPTER 2 This chapter describes how to access the command-line interface, configure the firewall mode, and work with the configuration. This chapter includes the following sections: with Your Platform

More information

Skills Assessment Student Training

Skills Assessment Student Training Skills Assessment Student Training Topology Assessment Objectives Part 1: Initialize Devices (6 points, 5 minutes) Part 2: Configure Device Basic Settings (33 points, 20 minutes) Part 3: Configure Switch

More information

Configuring IP Unnumbered on IEEE 802.1Q VLANs

Configuring IP Unnumbered on IEEE 802.1Q VLANs CHAPTER 7 Configuring IP Unnumbered on IEEE 802.1Q VLANs Service providers continuously seek ways in which they can make their networks less complex and less expensive, and reduce the cost of provisioning

More information

UNIVERSITY OF BOLTON CREATIVE TECHNOLOGIES COMPUTING PATHWAYS SEMESTER ONE EXAMINATION 2015/2016 ROUTING FUNDAMENTALS MODULE NO: CPU5010

UNIVERSITY OF BOLTON CREATIVE TECHNOLOGIES COMPUTING PATHWAYS SEMESTER ONE EXAMINATION 2015/2016 ROUTING FUNDAMENTALS MODULE NO: CPU5010 UNIVERSITY OF BOLTON [CRT13] CREATIVE TECHNOLOGIES COMPUTING PATHWAYS SEMESTER ONE EXAMINATION 2015/2016 ROUTING FUNDAMENTALS MODULE NO: CPU5010 Date: 12 th January 2016 Time: 10:00-12:00 INSTRUCTIONS

More information

This chapter tells how to configure VLAN subinterfaces.

This chapter tells how to configure VLAN subinterfaces. This chapter tells how to configure VLAN subinterfaces. Note For multiple context mode, complete all tasks in this section in the system execution space. To change from the context to the system execution

More information

Computer Network Vulnerabilities

Computer Network Vulnerabilities Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like

More information

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet Interfaces. 2016 Cisco and/or its affiliates. All

More information

PIX/ASA: PPPoE Client Configuration Example

PIX/ASA: PPPoE Client Configuration Example PIX/ASA: PPPoE Client Configuration Example Contents Introduction Prerequisites Requirements Components Used Related Products Conventions Configure Network Diagram CLI Configuration ASDM Configuration

More information

Contents. Introduction

Contents. Introduction Contents Introduction Prerequisites Requirements Components Used Network Diagrams Configure Step 1. Modify Interface IP configuration on ASA Step 2. Modify DHCP pool settings on both inside and wifi interfaces

More information

ASA Access Control. Section 3

ASA Access Control. Section 3 [ 39 ] CCNP Security Firewall 642-617 Quick Reference Section 3 ASA Access Control Now that you have connectivity to the ASA and have configured basic networking settings on the ASA, you can start to look

More information

Fundamentals of Network Security v1.1 Scope and Sequence

Fundamentals of Network Security v1.1 Scope and Sequence Fundamentals of Network Security v1.1 Scope and Sequence Last Updated: September 9, 2003 This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document

More information

The following steps should be used when configuring a VLAN on the EdgeXOS platform:

The following steps should be used when configuring a VLAN on the EdgeXOS platform: EdgeXOS VLANs VLAN Overview This document provides an overview of what a VLAN is and how it is configured on the EdgeXOS platform. Use the step-by-step guide below to configure a VLAN on the Edge appliance

More information

Interconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview

Interconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview Interconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview This course will teach students about building a simple network, establishing internet connectivity, managing network device security,

More information

VLANs over IP Unnumbered SubInterfaces

VLANs over IP Unnumbered SubInterfaces The VLANs over IP Unnumbered Subinterfaces feature allows IP unnumbered interface support to be configured on Ethernet VLAN subinterfaces. This feature also provides support for DHCP on VLAN subinterfaces.

More information

Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM

Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet interfaces. 2015 Cisco and/or its affiliates. All rights

More information

Configuring EIGRP. Overview CHAPTER

Configuring EIGRP. Overview CHAPTER CHAPTER 24 This chapter describes how to configure the adaptive security appliance to route data, perform authentication, and redistribute routing information, using the Enhanced Interior Gateway Routing

More information

Configuring VLANs. Understanding VLANs

Configuring VLANs. Understanding VLANs This document describes how to configure your Cisco wireless mobile interface card (WMIC) to operate with the VLANs set up on your wired LAN. These sections describe how to configure your WMIC to support

More information

VLAN Range. Feature Overview

VLAN Range. Feature Overview VLAN Range Feature History Release 12.0(7)XE 12.1(5)T 12.2(2)DD 12.2(4)B 12.2(8)T 12.2(13)T Modification The interface range command was introduced. The interface range command was integrated into Cisco

More information

Asa 5505 Cisco Security Appliance Command Line Configuration Guide

Asa 5505 Cisco Security Appliance Command Line Configuration Guide Asa 5505 Cisco Security Appliance Command Line Configuration Guide MIBs Supported by Product Choose Adaptive Security Appliance from the Cisco Secure and ASA 5505 Quick Start Cisco ASA 5505 Quick Start

More information

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels This article provides a reference for deploying a Barracuda Link Balancer under the following conditions: 1. 2. In transparent (firewall-disabled)

More information

CCNA Boot Camp. Course Description

CCNA Boot Camp. Course Description CCNA Boot Camp Course Description CCNA Boot Camp combines both the Interconnecting Cisco Network Devices Part 1 (ICND1) course and the Interconnecting Cisco Network Devices Part 2 (ICND2) course into one

More information

Securing BYOD with Cisco TrustSec Security Group Firewalling

Securing BYOD with Cisco TrustSec Security Group Firewalling White Paper Securing BYOD with Cisco TrustSec Security Group Firewalling Getting Started with TrustSec What You Will Learn The bring-your-own-device (BYOD) trend can spur greater enterprise productivity

More information

PIX/ASA as a DHCP Server and Client Configuration Example

PIX/ASA as a DHCP Server and Client Configuration Example PIX/ASA as a DHCP Server and Client Configuration Example Document ID: 70391 Contents Introduction Prerequisites Requirements Components Used Related Products Conventions Configure DHCP Server Configuration

More information

- PIX Advanced IPSEC Lab -

- PIX Advanced IPSEC Lab - 1 - PIX Advanced IPSEC Lab - Configuring Advanced PIX IPSEC Lab Basic Objectives: 1. Configure and cable the Ethernet interfaces as indicated in the above diagram. 2. Configure a web server for each network,

More information

Configuring 802.1Q VLAN Interfaces

Configuring 802.1Q VLAN Interfaces A VLAN is a group of devices on one or more LANs that are configured so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments.

More information

About This Guide. Document Objectives. Audience

About This Guide. Document Objectives. Audience This preface introduce the, and includes the following sections: Document Objectives, page xxxv Audience, page xxxv Related Documentation, page xxxvi Document Organization, page xxxvi Document Conventions,

More information

shun through sysopt radius ignore-secret Commands

shun through sysopt radius ignore-secret Commands CHAPTER 30 shun through sysopt radius ignore-secret Commands 30-1 shun Chapter 30 shun To block connections from an attacking host, use the shun command in privileged EXEC mode. To disable a shun, use

More information

Book Heading. 2 Configurating Static Routing. 7 Router Security VLAN Network Router Security Network Infrastructure Design

Book Heading. 2 Configurating Static Routing. 7 Router Security VLAN Network Router Security Network Infrastructure Design CND 1: Part 1. Navigation and Administration Switch CL EXEC Mode Switch CL Configuration Process Switch CL Configuration Process Router CL EXEC Mode Router CL EXEC Mode Router CL Configuration Process

More information

VLAN-Based Security for Modern Service-Provision Networks. Version 1.0 October, 2000 Bill Woodcock Packet Clearing House

VLAN-Based Security for Modern Service-Provision Networks. Version 1.0 October, 2000 Bill Woodcock Packet Clearing House VLAN-Based Security for Modern Service-Provision Networks Version 1.0 October, 2000 Bill Woodcock Packet Clearing House We Have Linguistic Problems, not Technological Problems The technology is much, much

More information

CCNA Exploration Network Fundamentals

CCNA Exploration Network Fundamentals CCNA Exploration 4.0 1. Network Fundamentals The goal of this course is to introduce you to fundamental networking concepts and technologies. These online course materials will assist you in developing

More information

Connections, addressing and common configuration rules.

Connections, addressing and common configuration rules. Lab #2 r9-1 r7 Lab 2 BGP AS 100 VLAN_21 r5 e1 3/11 fa0/0.25 fa0/0.15 3/6 2/1 2/1 VLAN_25 VLAN_15 IGRP AS 5 OSPF Area 5 BGP AS 65005 ISDN 3/1 504 Frame-Relay OSPF Area 0 VLAN_22 604 EIGRP AS 6 r9-0 OSPF

More information

PIX/ASA : Port Redirection(Forwarding) with nat, global, static and access list Commands

PIX/ASA : Port Redirection(Forwarding) with nat, global, static and access list Commands PIX/ASA : Port Redirection(Forwarding) with nat, global, static and access list Commands Document ID: 63872 Introduction Prerequisites Requirements Components Used Related Products Conventions Network

More information

Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM

Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM This lab has been updated for use on NETLAB+ Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet interfaces.

More information

Configuring Logging for Access Lists

Configuring Logging for Access Lists CHAPTER 17 This chapter describes how to configure access list logging for extended access lists and Webytpe access lists, and it describes how to manage deny flows. This section includes the following

More information

Layer 4 to Layer 7 Design

Layer 4 to Layer 7 Design Service Graphs and Layer 4 to Layer 7 Services Integration, page 1 Firewall Service Graphs, page 5 Service Node Failover, page 10 Service Graphs with Multiple Consumers and Providers, page 12 Reusing a

More information

How to Configure ASA 5500-X Series Firewall to send logs to EventTracker. EventTracker

How to Configure ASA 5500-X Series Firewall to send logs to EventTracker. EventTracker How to Configure ASA 5500-X Series Firewall to send logs to EventTracker EventTracker Publication Date: September 14, 2018 Abstract This guide helps you in configuring ASA 5500-X Series Firewall to send

More information

SecBlade Firewall Cards NAT Configuration Examples

SecBlade Firewall Cards NAT Configuration Examples SecBlade Firewall Cards NAT Configuration Examples Keywords: NAT, PAT, private IP address, public IP address, IP address pool Abstract: This document describes the characteristics, applications scenarios,

More information

VNS3 IPsec Configuration. VNS3 to Cisco ASA ASDM 9.2

VNS3 IPsec Configuration. VNS3 to Cisco ASA ASDM 9.2 VNS3 IPsec Configuration VNS3 to Cisco ASA ASDM 9.2 Site-to-Site IPsec Tunnel IPsec protocol allows you to securely connect two sites together over the public internet using cryptographically secured services.

More information

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified TestOut Network Pro - English 5.0.x COURSE OUTLINE Modified 2018-03-06 TestOut Network Pro Outline - English 5.0.x Videos: 130 (17:10:31) Demonstrations: 78 (8:46:15) Simulations: 88 Fact Sheets: 136 Exams:

More information

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM This lab has been updated for use on NETLAB+ Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet Interfaces.

More information

PIX/ASA/FWSM Platform User Interface Reference

PIX/ASA/FWSM Platform User Interface Reference CHAPTER 50 PIX/ASA/FWSM Platform User Interface Reference The following topics describe the options available for configuring and managing security services and policies for PIX firewalls, Firewall Services

More information

Modular Policy Framework. Class Maps SECTION 4. Advanced Configuration

Modular Policy Framework. Class Maps SECTION 4. Advanced Configuration [ 59 ] Section 4: We have now covered the basic configuration and delved into AAA services on the ASA. In this section, we cover some of the more advanced features of the ASA that break it away from a

More information

Global Information Assurance Certification Paper

Global Information Assurance Certification Paper Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without

More information

ActualTorrent. Professional company engaging Providing Valid Actual Torrent file for qualification exams.

ActualTorrent.   Professional company engaging Providing Valid Actual Torrent file for qualification exams. ActualTorrent http://www.actualtorrent.com/ Professional company engaging Providing Valid Actual Torrent file for qualification exams. Exam : 300-206 Title : Implementing Cisco Edge Network Security Solutions

More information

Interconnecting Cisco Networking Devices Part 1 ICND1

Interconnecting Cisco Networking Devices Part 1 ICND1 Interconnecting Cisco Networking Devices Part 1 ICND1 Course Length: 5 days Course Delivery: Traditional Classroom Online Live Course Overview Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0

More information

CISCO EXAM QUESTIONS & ANSWERS

CISCO EXAM QUESTIONS & ANSWERS CISCO 300-206 EXAM QUESTIONS & ANSWERS Number: 300-206 Passing Score: 800 Time Limit: 120 min File Version: 35.2 http://www.gratisexam.com/ Exam Code: 300-206 Exam Name: Implementing Cisco Edge Network

More information

OSPF. About OSPF. CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.4 1

OSPF. About OSPF. CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.4 1 This chapter describes how to configure the Cisco ASA to route data, perform authentication, and redistribute routing information using the Open Shortest Path First () routing protocol. About, page 1 Guidelines

More information

Sample Configurations

Sample Configurations APPENDIXA This appendix illustrates and describes a number of common ways to implement the ASA, and includes the following sections: Example 1: Multiple Mode Firewall With Outside Access, page A-1 Example

More information

Configuring Logging for Access Lists

Configuring Logging for Access Lists CHAPTER 20 This chapter describes how to configure access list logging for extended access lists and Webytpe access lists, and it describes how to manage deny flows. This chapter includes the following

More information

Router pod documentation

Router pod documentation Router pod documentation Note: DO NOT USE COPY RUNNING STARTUP, as this may reset the privileged password. If you change the privileged password, and save the configuration, please tell your lecturer as

More information

Managing Services Modules

Managing Services Modules CHAPTER 58 This chapter describes how to manage the following module types: Security Services Cards (SSCs) Security Services Modules (SSMs) Security Services Processors (SSPs) Modules run advanced security

More information

Cisco ASA 5500 Series IPS Edition for the Enterprise

Cisco ASA 5500 Series IPS Edition for the Enterprise Cisco ASA 5500 Series IPS Edition for the Enterprise Attacks on critical information assets and infrastructure can seriously degrade an organization s ability to do business. The most effective risk mitigation

More information

Configure the ASA for Dual Internal Networks

Configure the ASA for Dual Internal Networks Configure the ASA for Dual Internal Networks Document ID: 119195 Contributed by Dinkar Sharma, Bratin Saha, and Prashant Joshi, Cisco TAC Engineers. Aug 05, 2015 Contents Introduction Prerequisites Requirements

More information

Hands-On Ethical Hacking and Network Defense 3 rd Edition

Hands-On Ethical Hacking and Network Defense 3 rd Edition Hands-On Ethical Hacking and Network Defense 3 rd Edition Chapter 13 Network Protection Systems Last modified 1-11-17 Objectives Explain how routers are used to protect networks Describe firewall technology

More information

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified TestOut Network Pro - English 4.1.x COURSE OUTLINE Modified 2017-07-06 TestOut Network Pro Outline - English 4.1.x Videos: 141 (18:42:14) Demonstrations: 81 (10:38:59) Simulations: 92 Fact Sheets: 145

More information

Cisco ASA 5500 LAB Guide

Cisco ASA 5500 LAB Guide INGRAM MICRO Cisco ASA 5500 LAB Guide Ingram Micro 4/1/2009 The following LAB Guide will provide you with the basic steps involved in performing some fundamental configurations on a Cisco ASA 5500 series

More information

PIX/ASA 7.x ASDM: Restrict the Network Access of Remote Access VPN Users

PIX/ASA 7.x ASDM: Restrict the Network Access of Remote Access VPN Users PIX/ASA 7.x ASDM: Restrict the Network Access of Remote Access VPN Users Document ID: 69308 Contents Introduction Prerequisites Requirements Components Used Related Products Network Diagram Conventions

More information

CISCO EXAM QUESTIONS & ANSWERS

CISCO EXAM QUESTIONS & ANSWERS CISCO 300-206 EXAM QUESTIONS & ANSWERS Number: 300-206 Passing Score: 800 Time Limit: 120 min File Version: 35.2 http://www.gratisexam.com/ Exam Code: 300-206 Exam Name: Implementing Cisco Edge Network

More information

VLAN Range. Feature Overview

VLAN Range. Feature Overview VLAN Range Feature History Release 12.0(7)XE 12.1(5)T 12.2(2)DD Modification The interface range command was introduced. The interface range command was integrated into Cisco IOS Release 12.1(5)T. The

More information

Access Control Lists and IP Fragments

Access Control Lists and IP Fragments Access Control Lists and IP Fragments Document ID: 8014 Contents Introduction Types of ACL Entries ACL Rules Flowchart How Packets Can Match an ACL Example 1 Example 2 fragments Keyword Scenarios Scenario

More information

CSC 5930/9010 Offensive Security: Lateral Movement

CSC 5930/9010 Offensive Security: Lateral Movement CSC 5930/9010 Offensive Security: Lateral Movement Professor Henry Carter Spring 2019 Recap Symmetric vs. Asymmetric encryption techniques Authentication protocols require proving possession of a secret:

More information

EIGRP. About EIGRP. CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.7 1

EIGRP. About EIGRP. CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.7 1 This chapter describes how to configure the Cisco ASA to route data, perform authentication, and redistribute routing information using the Enhanced Interior Gateway Routing Protocol (). About, page 1

More information

Lab 6.4.2: Challenge Inter-VLAN Routing

Lab 6.4.2: Challenge Inter-VLAN Routing Lab 6.4.2: Challenge Inter-VLAN Routing Topology Diagram Addressing Table Device (Hostname) Interface IP Address Subnet Mask Default Gateway S1 VLAN 99 192.168.99.11 255.255.255.0 192.168.99.1 S2 VLAN

More information

6 Network Security Elements

6 Network Security Elements 6 Network Security Elements http://www.asecuritysite.com/security/information/chapter06 6.1 Objectives The key objectives of this unit are to: Provide an overview of security devices and infrastructures.

More information

Skills Assessment Student Training Exam

Skills Assessment Student Training Exam Skills Assessment Student Training Exam Topology Assessment Objectives Part 1: Initialize Devices (2 points, 5 minutes) Part 2: Configure Device Basic Settings (18 points, 20 minutes) Part 3: Configure

More information

IEEE 802.1Q-in-Q VLAN Tag Termination

IEEE 802.1Q-in-Q VLAN Tag Termination IEEE 802.1Q-in-Q VLAN Tag Termination Encapsulating IEEE 802.1Q VLAN tags within 802.1Q enables service providers to use a single VLAN to support customers who have multiple VLANs. The IEEE 802.1Q-in-Q

More information

Lab Configuring 802.1Q Trunk-Based Inter-VLAN Routing Topology

Lab Configuring 802.1Q Trunk-Based Inter-VLAN Routing Topology Topology 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 7 Addressing Table Device Interface IP Address Subnet Mask Default Gateway R1 G0/1.1 192.168.1.1

More information

Implementing Cisco Network Security (IINS) 3.0

Implementing Cisco Network Security (IINS) 3.0 Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using

More information

Starting Interface Configuration (ASA 5505)

Starting Interface Configuration (ASA 5505) CHAPTER 13 Starting Interface Configuration (ASA 5505) This chapter includes tasks for starting your interface configuration for the ASA 5505, including creating VLAN interfaces and assigning them to switch

More information

VLAN Subinterface Commandsonthe Cisco IOS XR Software

VLAN Subinterface Commandsonthe Cisco IOS XR Software VLAN Subinterface Commandsonthe Cisco IOS XR Software This module provides command line interface (CLI) commands for configuring 802.1Q VLANs on the Cisco CRS Router. The maximum VLAN limit that can be

More information

ASA 7.x/PIX 6.x and Above: Open/Block the Ports Configuration Example

ASA 7.x/PIX 6.x and Above: Open/Block the Ports Configuration Example ASA 7.x/PIX 6.x and Above: Open/Block the Ports Configuration Example Contents Introduction Prerequisites Requirements Components Used Related Products Conventions Configure Network Diagram Blocking the

More information

Implementing Core Cisco ASA Security (SASAC)

Implementing Core Cisco ASA Security (SASAC) 1800 ULEARN (853 276) www.ddls.com.au Implementing Core Cisco ASA Security (SASAC) Length 5 days Price $6215.00 (inc GST) Overview Cisco ASA Core covers the Cisco ASA 9.0 / 9.1 core firewall and VPN features.

More information

PIX/ASA Active/Standby Failover Configuration Example

PIX/ASA Active/Standby Failover Configuration Example PIX/ASA Active/Standby Failover Configuration Example Document ID: 77809 Contents Introduction Prerequisites Requirements Components Used Related Products Conventions Active/Standby Failover Active/Standby

More information

Lab 8: Firewalls ASA Firewall Device

Lab 8: Firewalls ASA Firewall Device Lab 8: Firewalls ASA Firewall Device 8.1 Details Aim: Rich Macfarlane 2015 The aim of this lab is to investigate a Cisco ASA Firewall Device, its default traffic flows, its stateful firewalling functionality,

More information

TestOut Network Pro - English 4.1.x RELEASE NOTES. Modified

TestOut Network Pro - English 4.1.x RELEASE NOTES. Modified TestOut Network Pro - English 4.1.x RELEASE NOTES Modified 2017-07-06 Contents Overview... 2 Version 4.1.2 Release... 2 Entire Course... 2 Text Lessons... 2 Exams and Quizzes... 2 Demos, Videos, and Simulations...

More information

VPN Between Sonicwall Products and Cisco Security Appliance Configuration Example

VPN Between Sonicwall Products and Cisco Security Appliance Configuration Example VPN Between Sonicwall Products and Cisco Security Appliance Configuration Example Document ID: 66171 Contents Introduction Prerequisites Requirements Components Used Related Products Conventions Configure

More information

Advanced Security and Forensic Computing

Advanced Security and Forensic Computing Advanced Security and Forensic Computing Unit 2: Network Security Elements Dr Dr Bill Buchanan, Reader, School of of Computing. >Unit 2: 2: Network Security Elements Advanced Security and Forensic Computing

More information

COPYRIGHTED MATERIAL. Table of Contents. Assessment Test

COPYRIGHTED MATERIAL. Table of Contents. Assessment Test 10089.book Page xi Monday, July 23, 2007 3:17 PM Introduction Assessment Test xxiii xxxiii Chapter 1 Internetworking 1 Internetworking Basics 4 Internetworking Models 11 The Layered Approach 12 Advantages

More information

Access Rules. Controlling Network Access

Access Rules. Controlling Network Access This chapter describes how to control network access through or to the ASA using access rules. You use access rules to control network access in both routed and transparent firewall modes. In transparent

More information

Cisco ASA Software Release 8.2

Cisco ASA Software Release 8.2 Cisco ASA Software Release 8.2 Q. When will the Cisco ASA Software Release 8.2 be available? A. Cisco ASA Software Release 8.2 has a targeted release date of April 13, 2009. Q. How do I obtain Cisco ASA

More information

Policy Based Routing:

Policy Based Routing: This chapter describes how to configure the Cisco ASA to support policy based routing (PBR). The following sections describe policy based routing, guidelines for PBR, and configuration for PBR. About,

More information

PIX Security Appliance Contexts, Failover, and Management

PIX Security Appliance Contexts, Failover, and Management CHAPTER 8 PIX Security Appliance Contexts, Failover, and Management Upon completion of this chapter, you should be able to answer the following questions: How do I configure a Pix Security Appliance to

More information

Palo Alto Networks PCNSE7 Exam

Palo Alto Networks PCNSE7 Exam Volume: 96 Questions Question: 1 Which three function are found on the dataplane of a PA-5050? (Choose three) A. Protocol Decoder B. Dynamic routing C. Management D. Network Processing E. Signature Match

More information

Configuration Examples

Configuration Examples CHAPTER 4 Before using this chapter, be sure that you have planned your site s security policy, as described in Chapter 1, Introduction, and configured the PIX Firewall, as described in Chapter 2, Configuring

More information

VNS3 IPsec Configuration. VNS3 to Cisco ASA ASDM 5.2

VNS3 IPsec Configuration. VNS3 to Cisco ASA ASDM 5.2 VNS3 IPsec Configuration VNS3 to Cisco ASA ASDM 5.2 Site-to-Site IPsec Tunnel IPsec protocol allows you to securely connect two sites together over the public internet using cryptographically secured services.

More information

Chapter 9 Lab A: Configuring ASA Basic Settings and Firewall Using CLI

Chapter 9 Lab A: Configuring ASA Basic Settings and Firewall Using CLI A: Configuring ASA Basic Settings and Firewall Using CLI Topology Note: ISR G2 devices use GigabitEthernet interfaces instead of FastEthernet interfaces. 2015 Cisco and/or its affiliates. All rights reserved.

More information

Information About NAT

Information About NAT CHAPTER 26 This chapter provides an overview of how Network Address Translation (NAT) works on the ASA and includes the following sections: Introduction to NAT, page 26-1 NAT Types, page 26-2 NAT in Routed

More information

NAC Appliance (Cisco Clean Access) In Band Virtual Gateway for Remote Access VPN Configuration Example

NAC Appliance (Cisco Clean Access) In Band Virtual Gateway for Remote Access VPN Configuration Example NAC Appliance (Cisco Clean Access) In Band Virtual Gateway for Remote Access VPN Configuration Example Document ID: 71573 Contents Introduction Prerequisites Requirements Components Used Network Diagram

More information

CompTIA Network+ Study Guide Table of Contents

CompTIA Network+ Study Guide Table of Contents CompTIA Network+ Study Guide Table of Contents Course Introduction Table of Contents Getting Started About This Course About CompTIA Certifications Module 1 / Local Area Networks Module 1 / Unit 1 Topologies

More information

ASA Has High CPU Usage Due to a Traffic Loop When VPN Clients Disconnect

ASA Has High CPU Usage Due to a Traffic Loop When VPN Clients Disconnect ASA Has High CPU Usage Due to a Traffic Loop When VPN Clients Disconnect Contents Introduction Prerequisites Requirements Components Used Background Information Problem: Packets Destined for a Disconnected

More information

Configuring Cisco Adaptive Security Appliance for SIP Federation

Configuring Cisco Adaptive Security Appliance for SIP Federation CHAPTER 6 Configuring Cisco Adaptive Security Appliance for SIP Federation June 18, 2013 Cisco Adaptive Security Appliance Unified Communication Wizard, page 6-1 External and Internal Interface Configuration,

More information

You Can Have My Network When You Pry It From My Cold, Stiff Hands

You Can Have My Network When You Pry It From My Cold, Stiff Hands Raising the Bar for the Attacker You Can Have My Network When You Pry It From My Cold, Stiff Hands 2018.04.14 Greg Scheidel (@greg_scheidel) What Does Nirvana Look Like? Defensible Network [1] Limits an

More information

IPv4 Firewall Rule configuration on Cisco SA540 Security Appliance

IPv4 Firewall Rule configuration on Cisco SA540 Security Appliance IPv4 Firewall Rule configuration on Cisco SA540 Security Appliance Objective The objective of this document to explain how to configure IPv4 firewall rules on Cisco SA540 Security Appliance. Firewall provide

More information

Abstract. Avaya Solution & Interoperability Test Lab

Abstract. Avaya Solution & Interoperability Test Lab Avaya Solution & Interoperability Test Lab Configuring Session Initiated Protocol over Port Network Address Translation for Avaya 4602 SIP IP Telephones using the Kagoor VoiceFlow 200 Application Layer

More information

Chapter 5. Security Components and Considerations.

Chapter 5. Security Components and Considerations. Chapter 5. Security Components and Considerations. Technology Brief Virtualization and Cloud Security Virtualization concept is taking major portion in current Data Center environments in order to reduce

More information

Broadcast Infrastructure Cybersecurity - Part 2

Broadcast Infrastructure Cybersecurity - Part 2 SBE Webinar Series - 2018 Broadcast Infrastructure Cybersecurity - Part 2 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services KAMU FM-TV Broadcast Infrastructure Cybersecurity

More information

Cisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339

Cisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339 Cisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339 Agenda Introduction to Lab Exercises Platforms and Solutions ASA with

More information