SASAC v1.0 Implementing Cre Cisc ASA Security Cisc Training Curse Length: 5 Curse Delivery: Traditinal Classrm Online Live Curse Overview Cisc ASA Cre v1.0 is a new 5-day ILT class that cvers the Cisc ASA 9.0 / 9.1 cre firewall and VPN features. Cisc ASA Cre v1.0 is designed t teach netwrk security engineers wrking n the Cisc ASA Adaptive Security Appliance t implement cre Cisc ASA features, including the new ASA 9.0 and 9.1 features. Audience Netwrk engineers supprting Cisc ASA 9.x implementatins Prerequisites FIREWALL v1.0 r FIREWALL v2.0 r an equivalent knwledge f the Cisc ASA At the end f this CCNA training curse, yu'll be able t: Explain the cre essential features f Cisc ASA 5500-X Series Next-Generatin Firewalls Describe hw t implement Cisc ASA basic cnnectivity and device management Implement basic Cisc ASA netwrk integratin Describe and implement basic Cisc ASA plicy cntrls Describe Cisc ASA cmmn VPN cmpnents Describe and implement Cisc ASA clientless VPN slutins Describe and implement Cisc ASA and Cisc AnyCnnect full tunnel VPN slutins Outline Mdule 1: Cisc ASA Adaptive Security Appliance Essentials Lessn 1: Evaluating Cisc ASA Adaptive Security Appliance Technlgies Firewall Technlgies Cisc ASA Adaptive Security Appliance Features www.leapfxlearning.cm Tel 208.898-9036 2100 E. Fairview Ave Ste 12, Meridian 83642
Lessn 2: Identifying Cisc ASA Adaptive Security Appliance Mdels Cisc ASA Adaptive Security Appliance Hardware Lessn 3: Identifying Cisc ASA Adaptive Security Appliance Licensing Optins Cisc ASA Adaptive Security Appliance Licensing Optins Cisc ASA Adaptive Security Appliance Licensing Requirements Lessn 4: Mdule Summary Mdule 2: Basic Cnnectivity and Device Management Lessn 1: Preparing the Cisc ASA Adaptive Security Appliance fr Netwrk Integratin Managing the Cisc ASA Adaptive Security Appliance Bt Prcess Managing the Cisc ASA Adaptive Security Appliance Using the CLI Managing the Cisc ASA Adaptive Security Appliance Using Cisc ASDM Navigating Basic Cisc ASDM Features Managing the Cisc ASA Adaptive Security Appliance Basic Upgrade Lessn 2: Managing Basic Cisc ASA Adaptive Security Appliance Netwrk Settings Managing Cisc ASA Adaptive Security Appliance Security Levels Cnfiguring and Verifying Basic Cnnectivity Parameters Cnfiguring and Verifying Interface VLANs Cnfiguring a Default Rute Cnfiguring and Verifying the Cisc ASA Security Appliance DHCP Server Trubleshting Basic Cnnectivity Lessn 3: Mdule Summary Mdule 3: Netwrk Integratin Lessn 1: Cnfiguring Cisc ASA Adaptive Security Appliance NAT Features NAT n Cisc ASA Security Appliances Cnfiguring Object (Aut) NAT Cnfiguring Manual NAT Tuning and Trubleshting NAT n the Cisc ASA Adaptive Security Appliance Lessn 2: Cnfiguring Cisc ASA Adaptive Security Appliance Basic Access Cntrl Features Cnnectin Table and Lcal Hst Table Cnfiguring and Verifying Interface ACLs Cnfiguring and Verifying Glbal ACLs www.leapfxlearning.cm Tel 208.898-9036 2100 E. Fairview Ave Ste 12, Meridian 83642 Page 2 f 8
Cnfiguring and Verifying Object Grups Cnfiguring and Verifying Public Servers Cnfiguring and Verifying Other Basic Access Cntrls Trubleshting ACLs Lessn 3: Cnfiguring Cisc ASA Adaptive Security Appliance Ruting Features Static Ruting Dynamic Ruting EIGRP Cnfiguratin and Verificatin Multicast Supprt Lessn 4: Mdule Summary Mdule 4: Cisc ASA Adaptive Security Appliance Plicy Cntrls Lessn 1: Defining the Cisc ASA Adaptive Security Appliance MPF Cisc MPF Overview Cnfiguring and Verifying Layer 3 and Layer 4 Plicies Cnfiguring and Verifying a Plicy fr Management Traffic Lessn 2: Cnfiguring Cisc ASA Adaptive Security Appliance Advanced Applicatin Inspectins Layer 5 t Layer 7 Plicy Cntrl Overview Cnfiguring and Verifying HTTP Inspectin Cnfiguring and Verifying FTP Inspectin Supprting Other Layer 5 t Layer 7 Applicatins Trubleshting Applicatin Layer Inspectin Lessn 3: Mdule Summary Mdule 5: Cisc ASA Adaptive Security Appliance VPN Cmmn Cmpnents Lessn 1: VPN Overview VPN Definitin Key Threats t WANs and Remte Access VPN Types VPN Cmpnents Lessn 2: Implementing Prfiles, Grup Plicies, and User Plicies Cisc ASA VPN Plicy Cnfiguratin Cisc ASA Adaptive Security Appliance Cnnectin Prfiles Cisc ASA Adaptive Security Appliance Grup Plicies www.leapfxlearning.cm Tel 208.898-9036 2100 E. Fairview Ave Ste 12, Meridian 83642 Page 3 f 8
Cisc ASA VPN AAA and External Plicy Strage Cisc ASA Adaptive Security Appliance User Attributes Access Cntrl Methds VPN Accunting Using External Servers DAP fr SSL VPN Lessn 3: Implementing PKI Services Using PKI Prvisining Server-Side Certificates n the Cisc ASA Adaptive Security Appliance CA Servers Deplying Client-Based Certificate Authenticatin SCEP Prxy Operatins Enable Certificate Authenticatin in Cnnectin Prfile Cnfiguring Certificate-t-Cnnectin Prfile Mappings Lessn 4: Mdule Summary Mdule 6: Cisc Clientless VPN Slutin Lessn 1: Intrducing Clientless SSL VPN Cisc Clientless SSL VPN Cisc Clientless SSL VPN Use Cases Cisc Clientless SSL VPN Resurce Access Methds Secure Sckets Layer and Transprt Layer Security SSL Sessin Setup and Key Management SSL Server Authenticatin SSL Client Authenticatin SSL Transmissin Prtectin Lessn 2: Deplying Basic Cisc Clientless SSL VPN n the Cisc ASA Adaptive Security Appliance Basic Cisc Clientless SSL VPN Server Authenticatin in Basic Clientless SSL VPN Client-Side Authenticatin in Basic Clientless SSL VPN Clientless SSL VPN URL Entry and Bkmarks Basic Access Cntrl fr Clientless SSL VPN Disabling Cntent Rewriting Basic Clientless SSL VPN Cnfiguratin Tasks Basic Clientless SSL VPN Cnfiguratin Scenari Cnfiguring Basic Cisc Clientless SSL VPN Verifying Basic Cisc Clientless SSL VPN Trubleshting Basic Clientless SSL VPN Operatins www.leapfxlearning.cm Tel 208.898-9036 2100 E. Fairview Ave Ste 12, Meridian 83642 Page 4 f 8
Lessn 3: Deplying Applicatin Access in Cisc Clientless SSL VPN Cisc Clientless SSL VPN Applicatin Access Overview Applicatin Plug-Ins Cnfiguring Applicatin Plug-ins Verify Clientless SSL VPN Applicatin Plug-Ins Trubleshting Clientless SSL VPN Applicatin Plug-Ins Smart Tunnels Cnfiguring Smart Tunnels Verifying Smart Tunnels Trublesht Smart Tunnels Lessn 4: Deplying Client-Side Authenticatin and Authrizatin in Clientless SSL VPN Client-Side Authenticatin Optins Client-Side Authenticatin and Authrizatin Using AAA Server Duble Client-Side Authenticatin Using AAA Servers Trubleshting Client-Side AAA Authenticatin Lessn 5: Mdule Summary Mdule 7: Cisc AnyCnnect Full Tunnel VPN Slutins Lessn 1: Deplying Basic Cisc AnyCnnect SSL VPN n Cisc ASA Basic Cisc AnyCnnect SSL VPN SSL VPN Clients Authenticatin SSL VPN Client IP Address Assignment SSL VPN Split Tunneling Cnfiguratin Scenari Cnfiguratin Tasks Enable Cisc AnyCnnect SSL VPNs Define IP Address Pl Cnfigure Identity NAT Cnfigure Grup Plicy Cnfigure Grup Plicy: Split Tunneling Cnfigure Cnnectin Prfile Mnitr Cisc AnyCnnect VPN n Client Endpint Mnitr Cisc AnyCnnect VPN n Server Lessn 2: Deplying Advanced Cisc AnyCnnect SSL VPN n Cisc ASA Cisc AnyCnnect SSL VPN Slutin Cmpnents DTLS Overview Parallel DTLS and TLS Tunnels Cnfigure DTLS www.leapfxlearning.cm Tel 208.898-9036 2100 E. Fairview Ave Ste 12, Meridian 83642 Page 5 f 8
Verify DTLS Cisc AnyCnnect Client Cnfiguratin Management Managing Cisc AnyCnnect Sftware frm Cisc ASA Cisc AnyCnnect Client Operating System Integratin Optins Deplying Cisc AnyCnnect Trusted Netwrk Detectin Cisc AnyCnnect Start Befre Lgn Deplying Cisc AnyCnnect Start Befre Lgn Lessn 3: Deplying Advanced Authenticatin and Authrizatin in Cisc AnyCnnect VPNs Cisc AnyCnnect Advanced Authenticatin Scenaris Certificate-Based Server Authenticatin Client Enrllment Methds Methds fr Revking Credentials Enable Certificate-Based Authenticatin Enable Tw-Factr Authenticatin Tw-Factr Authenticatin with Name Prefill Lcal Authrizatin Overview Lcal Authrizatin Cnfiguratin Prcedure Cnfigure Lcal Authrizatin Verify Lcal Authrizatin External Authrizatin Scenari Cnfigure Authrizatin Using LDAP/AD Verify External Authrizatin Trubleshting Cisc AnyCnnect VPN Lessn 4: Deplying Cisc AnyCnnect IPsec/IKEv2 VPNs Cisc AnyCnnect Supprt fr IKEv2 Internet Key Exchange v1 and v2 Making IPsec the Primary Prtcl fr a Hst Entry IKEv2 Cnfiguratin Prcedure Cnfigure a Cisc AnyCnnect IPsec VPN n a Cisc ASA Appliance Verify and Trublesht Cisc AnyCnnect IPsec VPN n Cisc ASA Appliance Lessn 5: Mdule Summary Mdule 8: Cisc ASA Adaptive Security Appliance High Availability and Virtualizatin Lessn 1: Cnfiguring Cisc ASA Adaptive Security Appliance Interface Redundancy Features Cnfiguring and Verifying EtherChannel Cnfiguring and Verifying Redundant Interfaces Trubleshting EtherChannel and Redundant Interfaces www.leapfxlearning.cm Tel 208.898-9036 2100 E. Fairview Ave Ste 12, Meridian 83642 Page 6 f 8
Lessn 2: Cnfiguring Cisc ASA Adaptive Security Appliance Active/Standby High Availability Failver Overview Cnfiguratin Chices, Basic Prcedures, and Required Input Parameters Cnfiguring and Verifying Active/Standby Failver Tuning and Managing Active/Standby Failver Remte Cmmand Executin Trubleshting Active/Standby Failver Lessn 3: Cnfiguring Security Cntexts n the Cisc ASA Adaptive Security Appliance Multiple-Cntext Mde Cnfiguring Security Cntexts Verifying and Managing Security Cntexts Cnfiguring and Verifying Resurce Management Trubleshting Security Cntexts Lessn 4: Mdule Summary Lessn 5: (OPTIONAL) Cnfiguring Cisc ASA Adaptive Security Appliance Active/Active High Availability (Optinal/Self-study) Active/Active Failver Cnfiguring and Verifying Active/Active Failver Tuning and Managing Active/Active Failver Trubleshting Active/Active Failver Lab Outline Lab 1-1: Accessing the Remte Lab Envirnment Task 1: Access the Learning@Cisc-Hsted ASA Remte Lab Lab 2-1: Cnfiguring the Cisc ASA Adaptive Security Appliance Task 1: Verify Cisc ASA Adaptive Security Appliance and Cisc ASDM Versins Task 2: Initialize the Cisc ASA Adaptive Security Appliance frm the CLI Task 3: Launch Cisc ASDM and Test SSH Access Task 4: Cnfigure and Verify Interfaces Task 5: Cnfigure System Management Parameters Lab 3-1: Cnfiguring NAT Task 1: Cnfigure Object NAT fr the Client Netwrk and DMZ Server Task 2: Cnfigure Manual NAT fr the DMZ Server and Client Netwrk Lab 3-2: Cnfiguring Basic Cisc Access Cntrl Features Task 1: Trublesht Basic Cnnectivity Task 2: Cnfigure Netwrk and Service Object Grups Task 3: Cnfigure Access Lists www.leapfxlearning.cm Tel 208.898-9036 2100 E. Fairview Ave Ste 12, Meridian 83642 Page 7 f 8
Task 4: Cnfigure Public Servers Task 5: Cnfigure Glbal Access Lists Task 6: (Optinal) Cnfigure Unicast Reverse Path Frwarding Check Lab 4-1: Cnfiguring MPF, Basic Stateful Inspectins, and QS Task 1: Cnfigure ICMP and FTP Inspectin Task 2: Enable TTL Decrement and Disable TCP Initial Sequence Randmizatin Task 3: Tune TCP Timeuts, Enable TCP DCD, and Cnfigure TCP Nrmalizatin Task 4: Cnfigure a Pririty Queue and Traffic Plicing Lab 4-2: Cnfiguring MPF Advanced Applicatin Inspectins Task 1: Cnfigure HTTP Inspectin t Prtect the DMZ Server Task 2: Cnfigure FTP Inspectin t Prtect the DMZ Server Task 3: Return the Cisc ASA Security Appliance t the Default Inspectin Plicies Lab 6-1: Implementing Basic Clientless SSL VPN n the Cisc ASA Task 1: Cnfigure the Cisc ASA t Use DNS Task 2: Enable Clientless SSL VPN Cnnectins Task 3: Prvisin an Identity Certificate fr the Cisc ASA Task 4: Cnfigure Lcal User Authenticatin Task 5: Cnfigure Bkmarks and Access Cntrl Lab 6-2: Cnfiguring Applicatin Access fr Clientless SSL VPN n the Cisc ASA Task 1: Cnfigure Applicatin Access Using Plug-ins Task 2: Cnfigure Applicatin Access Using Smart Tunnels Lab 6-3: Implementing External Authenticatin and Authrizatin fr Clientless SSL VPNs Task 1: Cnfigure External Authenticatin Using Micrsft Active Directry Task 2: Cnfigure External Authrizatin Using Micrsft Active Directry Lab 7-1: Implementing Basic Cisc AnyCnnect SSL VPN n the Cisc ASA Task 1: Enable Cisc AnyCnnect SSL VPN Cnnectins Task 2: Cnfigure the VPN IP Address Pl and Identity NAT Task 3: Cnfigure a VPN User and Create a Cnnectin Prfile Task 4: Cnfigure Grup Plicy: IP Pl, DNS, and Split Tunneling Task 5: Test Cisc AnyCnnect SSL VPNs Lab 7-2: Cnfiguring Advanced Authenticatin fr Cisc AnyCnnect SSL VPNs Task 1: Review LDAP and Active Directry Server Settings n the Cisc ASA Task 2: Deply Lcal Authrizatin fr Lcal VPN Users Task 3: Deply External Authrizatin Using Micrsft Active Directry Task 4: Deply a Standalne Cisc AnyCnnect Client n the Outside PC Lab 7-3: Implementing Cisc AnyCnnect IPsec/IKEv2 VPNs Task 1: Deply Cisc AnyCnnect IPsec/IKEv2 VPN with WebLaunch Lab 8-1: Cnfiguring Active/Standby High Availability Task 1: Prepare the Secndary Appliance fr Failver Cnfiguratin via the CLI and Cisc ASDM Task 2: Cnfigure Active/Standby Failver Task 3: Cnfigure Standby IP Addresses n the Active Appliance and Test Failver Task 4: Tune Active/Standby Failver Task 5: Enable Stateful Active/Standby Failver T register r fr mre infrmatin call ur ffice (208) 898-9036 r email register@leapfxlearning.cm www.leapfxlearning.cm Tel 208.898-9036 2100 E. Fairview Ave Ste 12, Meridian 83642 Page 8 f 8