Deploying Cisco ASA Firewall Solutions (FIREWALL) v2.0. Global Knowledge European Remote Labs Instructor Guide

Similar documents
Deploying Cisco ASA Firewall Features (FIREWALL) v1.0. Global Knowledge European Remote Labs Instructor Guide

Lab Student Lab Orientation

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Lab 3.4.6a Configure the PIX Security Appliance using Setup Mode and ASDM Startup Wizard

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM

Lab Student Lab Orientation

Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM

Skills Assessment Student Training

Your partner for Success. CCIE Security Lab Access Guide

ASACAMP - ASA Lab Camp (5316)

Your partner for Success. CCIE Security Lab Access Guide

Lab Configuring the PIX Security Appliance as a DHCP Server

Student Guide. Document Version: This guide documents features available in NETLAB+ VE version and later.

Your partner for Success. CCIE Security v5 Lab Access Guide

Lab - Create User Accounts in Windows 8

Device Interface IP Address Subnet Mask Default Gateway

Cisco - ASA Lab Camp v9.0

Cisco CISCO Securing Networks with ASA Advanced. Practice Test. Version

8.9.2 Lab: Configure an Ethernet NIC to use DHCP in Windows Vista

Lab 1.3.2: Review of Concepts from Exploration 1 - Challenge

Interconnecting Cisco Network Devices, Part 2 (ICND2) v2.0 Global Knowledge European n Remote Labs Instructor Guide Revision Draft 0.

Exam Actual. Higher Quality. Better Service! QUESTION & ANSWER

Lab Router Configuration Using Setup Instructor Version 2500

To access the Startup Wizard, choose one of the following options: Wizards > Startup Wizard.

Upgrade ASA and ASDM Cisco ASA Firewall

Implementing Core Cisco ASA Security (SASAC)

Lab Configure Basic AP security through GUI

Lab Configuring an ISR with SDM Express

Installation procedure for Connect Tunnel client: Windows operating systems

Configuring GNS3 for CCNA Security Exam (for Windows) Software Requirements to Run GNS3

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

CCIE Security v5 Lab Access Guide

Getting Started. Access the Console for the Command-Line Interface. Access the Appliance Console

Your partner for Success. CCIE Security v5 Lab Access Guide

Multiple Context Mode

IBM Cloud Client Technical Engagement Education Network Columbus, Ohio

Getting Started. About the ASA for Firepower How the ASA Works with the Firepower 2100

Lab Configure Basic AP Security through IOS CLI

Basic Router Pod Planning and Installation Guide

Lab 9.6.3: EIGRP Troubleshooting Lab

Lab 7.5.1: Basic Wireless Configuration

Exam Name: Implementing Cisco Edge Network Security Solutions

SonicWALL Security Appliances. SonicWALL SSL-VPN 200 Getting Started Guide

Use NAT to Hide the Real IP Address of CTC to Establish a Session with ONS 15454

Lab Configure Cisco IOS Firewall CBAC

PT Activity: Configuring a Zone-Based Policy Firewall (ZPF)

UniNets CCNA Security LAB MANUAL UNiNets CCNA Cisco Certified Network Associate Security LAB MANUAL UniNets CCNA LAB MANUAL

Chapter 10 Lab B: Configuring ASA Basic Settings and Firewall Using ASDM

Getting Started. Getting Started with Your Platform Model. Factory Default Configurations CHAPTER

Licenses: Product Authorization Key Licensing

Lab - Remote Desktop in Windows 8

Identity Firewall. About the Identity Firewall

CISCO EXAM QUESTIONS & ANSWERS

Lab - Building a Switch and Router Network

SASSL v1.0 Managing Advanced Cisco SSL VPN. 3 days lecture course and hands-on lab $2,495 USD 25 Digital Version

Skills Assessment Student Training Exam

Troubleshooting the Security Appliance

Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0)

Lab - Remote Desktop in Windows 7 and Vista

PIX/ASA: PPPoE Client Configuration Example

Managing Services Modules

CTCOLLAB. Troubleshooting Cisco IP Telephony &Video (CTCOLLAB) v1.0. Remote Lab Administration Guide

DEPLOYING BASIC CISCO WIRELESS LANS (WDBWL)

This study aid describes the purpose of security contexts and explains how to enable, configure, and manage multiple contexts.

Lab Troubleshooting VTP Configuration

Lab : OSPF Troubleshooting Lab

This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and

Customer Management Instructions: Check Point vsec Virtual Security

Configuring Web-Based Authentication

Implementing Cisco Network Security (IINS) 3.0

About Router esim Student Version 1.1: Instructor FAQ

202 Lab Introduction Connecting to the Lab Environment

Introduction to Networks: Case Study, Option 2

Lab Configuring and Verifying Extended ACLs Topology

Deploying Cisco ASA VPN Solutions v2.0 (VPN)

Lab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology

Laboration 2 Troubleshooting Switching and First-Hop Redundancy

Deploy the ExtraHop Discover 3000, 6000, or 8000 Appliances

Release Notes for Cisco ASDM Version 5.2(5)

Skills Assessment Student Practice

Symantec NetBackup Appliances Hands-On Lab

Security Router Pod Planning and Installation Guide

CYAN SECURE WEB Installing on Windows

Lab - Connect to a Router for the First Time

Lab Configure Cisco IOS Firewall CBAC on a Cisco Router

Cisco ASA 5500 LAB Guide

1. Which OSI layers offers reliable, connection-oriented data communication services?

DOWNLOAD PDF CISCO ASA 5505 CONFIGURATION GUIDE

Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release

Table of Contents. Cisco IPSec Tunnel through a PIX Firewall (Version 7.0) with NAT Configuration Example

Cisco Unity Express Windows and Menus

Lab 7 Configuring Basic Router Settings with IOS CLI

Abstract. Avaya Solution & Interoperability Test Lab

Lab - Troubleshooting ACL Configuration and Placement Topology

Remote Access to the CIS VLab (308)

Introduction, and Connecting to and Using the Remote Lab Environment

Network Controller 3500 Quick Start Guide

F.A.Q for TW100-S4W1CA

Load Balancing Sage X3 ERP. Deployment Guide v Copyright Loadbalancer.org, Inc

Transcription:

Deploying Cisco ASA Firewall Solutions (FIREWALL) v2.0 Global Knowledge European Remote Labs Instructor Guide

1. Contents 1. Contents... 2 2. Introduction... 3 3. Remote Labs Topology, Connections and Setup... 4 4. Initial Lab Configuration Set-up... 5 5. Lab Clear Down Procedure... 6 6. Lab Exercises... 8 7. Support Information... 11 Web Support Portal... 15 E-Mail... 15 Telephone... 15 Other Contact Methods... 15 Copyright Global Knowledge Page 2

2. Introduction This guide has been developed to complement the existing Cisco CAG and Lab Guides, relating to the Deploying Cisco ASA Firewall Solutions v2.0 course. As such, this document should ONLY be read and utilised in conjunction with those Cisco guides. The Global Knowledge FIREWALL v2.0 European Remote Lab has been built to mirror, as closely as possible, the Cisco lab configuration. You may therefore assume that any detail not contained in this Remote Lab Instructor Guide will remain as documented in the Cisco manuals. Instructions and login/connection details for access to the Global Knowledge European Remote lab solution will be provided via an Access E-Mail. This will contain links to any required documentation, along with detail of contact methods to obtain further information and Support services. Copyright Global Knowledge Page 3

3. Remote Labs Topology, Connections and Setup FIREWALL v2.0 Instructor Web Page - Figure 3-1 Core Devices The RBB router is common to all pods and provides the Internet Backbone connection. There are 2 Core Switches deployed for the 8 pod, 8 delegate racks, but only 1 Core Switch for the 4 pod, 4 delegate racks. Core Switch 2 is not required for the smaller racks. Lab IP Addressing The Pod Addressing scheme follows the Cisco Lab Guide, with each Pod using an identical addressing scheme. The RBB and Core Switch(es) are configured with vlans and vrf routing to allow for this. Copyright Global Knowledge Page 4

4. Initial Lab Configuration Set-up PC Logins Load the Base configurations for all devices from the Device Management tool on the Instructor Web Access page. All PC s will have been reset to default, prior to the lab being available for use. It is recommended for the ASA s to first run the Erase Device then Load Base Config occasionally a previous class may not have cleared down correctly and the Erase will ensure no configuration corruption. Note: The initial configuration for the Pod ASA Firewalls will ensure that the correct starting IOS and ASDM files are loaded. The Core RBB Router is used as an NTP Master Clock for the ASA s Ensure that the Router clock is set to the current time/date. The Pod Client and Server logins for all pods are: Core Device Logins Username: administrator Password: cisco Core Router logins are: VTY password: cisco Enable password: globalk For several labs, the students are required to login to the Core RBB router: Username: student Password: cisco Core Switch logins are: Enable password: globalk Copyright Global Knowledge Page 5

IMPORTANT NOTE Loading Lab Start Configurations The course lab exercises are written such that each lab builds on the configuration completed in the previous lab exercise. It is therefore not normally necessary to load the Lab Start configuration for each lab However, there may be circumstances where the lab has not been completed fully and successfully. To assist in these circumstances, Lab Start Configurations have been provided, via the Device Management tool, for each lab. There are 2 important points to remember when using these Lab Start Configs, however: 1. A number of lab exercises may demand the uploading of additional software to the ASA Flash memory. Loading a Lab Start Configuration will not install these files. The Instructor/Student(s) should identify whether these files are in place and, where necessary, identify and perform, from previous lab exercises, the lab steps required to upload/construct these files. 2. The Student ASDM sessions to the ASA s should be closed down, prior to loading the Lab Start Configs for the next lab. Failure to do this could result in cached config data from the ASDM sessions overwriting the new Lab Start Config and cause lab errors. Copyright Global Knowledge Page 6

5. Lab Clear Down Procedure Load the Base configurations for all of the Core Devices and Erase all of the ASA devices, from the Device Management tool on the Instructor Web Access page. The PC clear down/revert will be performed by the Remote Lab Support team. Notify Remote Lab Support that you have finished using the equipment by replying to the End of Course Confirmation e-mail, which will have been sent to you during the class. Please do NOT reply to the End of Course Confirmation e-mail for ANY OTHER purpose this may cause confusion, it may be taken that you have completed your class and your rack may be disconnected or cleared as a result..!! If, for any reason, you have not received the above e-mail, please send an e-mail to the Support e-mail address (Section 2 above), confirming the Course and Rack used, that you have completed the class and finished using the equipment. IMPORTANT NOTE It is normally expected that your class will finish at 5pm in your local time zone. If for ANY reason, you anticipate requiring a later finish, please ENSURE that you notify the Support team as early as possible, CLEARLY stating the need to extend access after normal class hours. Please ensure that you receive a RESPONSE from the Support team confirming this. Copyright Global Knowledge Page 7

6. Lab Exercises Lab 2-1: Preparing the Cisco ASA Adaptive Security Appliance for Network Integration Setup Setup is completed as part of the Initial Lab Setup (as detailed in Section 4 of this guide). Task 1 Step 6: Verify that the running image and the Cisco ASDM image are correct. For this lab, you should have a Cisco ASA device image of 8.4(2) and a Cisco ASDM image of 6.4(5) Task 2 Step 2: Set the interface Speed to 100 and the Duplex to Full. Task 3 Step 2: From a Web Browser, start Cisco ASDM with a URL of: https://10.0.1.1 Step 3: The Cisco ASDM 6.4(5) window appears. Step 4: Click on the Run ASDM button in the Run Cisco ASDM as a Java Web Start Application window. Copyright Global Knowledge Page 8

Lab 2-2: Configuring the Cisco ASA Adaptive Security Appliance for Secure Network Integration Setup No setup required. Lab configs used are as at completion of previous lab (Lab 2-1). However, if necessary, load Lab 2-2 configs onto appropriate ASA devices. Task 1 Steps 1 & 3: Set the interface Speed and Duplex to 100 & Full (Configure Hardware Properties). Ignore Step 2..!! Lab 2-3: Configuring Management Features Setup No setup required. Lab configs used are as at completion of previous lab (Lab 2-2). However, if necessary, load Lab 2-3 configs onto appropriate ASA devices. Task 1 All OK Task 3 All OK Task 4 All OK Task 5 Step 10: You may be asked to login in order to Save the configuration. Use can the new student account to do this. Lab 3-1: Configuring NAT Setup No setup required. Lab configs used are as at completion of previous lab (Lab 2-3). However, if necessary, load Lab 3-1 configs onto appropriate ASA devices. Task 1 All OK Copyright Global Knowledge Page 9

Lab 3-2: Configuring Basic Cisco Access Control Features Setup No setup required. Lab configs used are as at completion of previous lab (Lab 3-1). However, if necessary, load Lab 3-2 configs onto appropriate ASA devices. Task 1 All OK Task 3 All OK Task 4 All OK Task 5 All OK Task 6 All OK Lab 3-3: Configuring Transparent Firewall (Optional) Setup Students should complete the setup as described in the Cisco Lab Guide. ENSURE students have properly backed up their ASA configurations and made a note of the original PC interface settings.. Task 1 Step 1: Select the Class LAB Interface. Task 3 Steps 2 & 3: Set the interface Speed and Duplex to 100 & Full Task 4 All OK Task 5 All OK Task 6 All OK Copyright Global Knowledge Page 10

Lab 4-1: Configuring MPF, Basic Stateful Inspections and QoS Setup No setup required. Lab configs used are as at completion of Lab 3-2 or students should have successfully reloaded their saved configs on completion of Lab 3-3, if the Optional lab was completed. However, if necessary, load Lab 4-1 configs onto appropriate ASA devices. Task 1 All OK Task 3 All OK Task 4 All OK Task 5 BOTNET licenses are currently unavailable in the lab, therefore this Optional exercise cannot be completed at this time. Lab 4-2: Configuring MPF Advanced Application Inspections Setup No setup required. Lab configs used are as at completion of previous lab (Lab 4-1). However, if necessary, load Lab 4-2 configs onto appropriate ASA devices. Task 1 Step 9: It is recommended to view the Real Time Log Viewer in Cisco ASDM. Step 15: This regular expression was temperamental in testing. Recommended to use the following: Regular expression that matches /welcome.png (welcome\.png) Task 3 All OK Copyright Global Knowledge Page 11

Lab 4-3: Configuring Cut-Through Proxy Setup No setup required. Lab configs used are as at completion of previous lab (Lab 4-2). However, if necessary, load Lab 4-3 configs onto appropriate ASA devices. Task 1 Step 9: It is recommended to view the Real Time Log Viewer in Cisco ASDM. Task 3 All OK Task 4 All OK Copyright Global Knowledge Page 12

Lab 5-1: Configuring Active/Standby High Availability Setup From the Device Management tool, load the Lab 5-1 Configs for Core Switch 1, Core Switch 2 (SW2 is not used for the smaller, 4 pod racks) and all EVEN numbered Pod ASA s (Pods 2, 4 etc.). Note: Loading the Lab 5-1 configurations on the even numbered Pod ASA s will erase any previous configuration. At this stage, students will be paired up in order to provide the required pair of ASA s for the Failover Labs (Lab 5-1 and Lab 5-2), as follows: Pod 1 pairs with Pod 2 Pod 3 pairs with Pod 4 Pod 5 pairs with Pod 6 Pod 7 pairs with Pod 8 Students should now switch their Web Access page view, via the drop-down menu at the top right of the page, selecting Lab 5-1 Active/Standby Failover. Note: Even-numbered pod students should close down all PC and ASA sessions to their devices and then open the Web Access page for their odd-numbered partners pod. E.g. Pod 2 will now open Pod 1 web page and select the Lab 5-1 diagram. The required devices will all be accessed via this diagram, in conjunction with their Pod 1 partner. Note: Even numbered pods web pages only have the Main Lab Diagram. Task 1 Step 2: Set the interface Speed and Duplex to 100 & Full Task 2 Steps 6 & 12: The config save will fail via the ASDM perform save via the CLI Task 3 All OK Task 4 Step 8: Close the commands prompt on the client PC and return the Primary firewall to active Task 5 All OK Copyright Global Knowledge Page 13

Lab 5-1: Configuring Active/Standby High Availability Setup From the Device Management tool, load the Lab 5-2 Configs for Shared Core Router, Core Switch 1 and Core Switch 2 (SW2 is not used for the smaller, 4 pod racks). Students will continue to work in the pod pairs as for the previous lab (Lab 5-1). The pod diagram Lab 5-2 Active/Active Failover should be selected for the Web Access page. Task 1 All OK Task 2 Step 13: Ensue that ALL interfaces Hardware Properties are set to Duplex = Full and Speed = 100. Step 21: Change the IP address of the CLASS LAB INTERFACE on the DMZ Server to 172.16.11.11/24 and the default gateway to 172.16.11.1. Task 3 All OK Task 4 All OK Task 5 All OK Task 6 All OK Copyright Global Knowledge Page 14

7. Support Information Web Support Portal The Web Support Portal provides the following: Direct logging of Support Calls into the Support Call database Direct Real-time monitoring of your logged Support Call progress Recall of previous logged Support Calls (max. 30 days) Knowledge Base Self-Help FAQ s on Common Support Questions and Calls, Course information and Guides, Hints and Tips Bulletin Board Current Lab Status, New Course Information, New Document Releases Access to User and Setup Guides, Classroom Kit Lists and other information (access to some data will require valid Event credentials) For login information and details of how to use our Web-based Support Portal, please access the User Guide at the following URL: http://rlsupport.globalknowledge.net/docs/portal-userguide.pdf To access the Web Support Portal, go to: http://rlsupport.globalknowledge.net E-Mail The Support Team E-Mail address is: rls@globalknowledge.net Telephone Support Direct Telephone Line: +44 (0)118 989 7735 Other Contact Methods We do not normally encourage contact methods (e.g. Skype, MSN etc.), other than the above, as these other methods often do not easily provide a means to record and track support information. Such information is important to us, as it allows us to continually monitor and improve our support service to you. Copyright Global Knowledge Page 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback