Cisco ASA Firewall Training Course

Public Classroom

Summary

Cisco ASA Security Appliance

The Cisco ASA Security Appliance training course includes two intensive days filled with hands-on lab exercises that plunge you deep into the inner workings of the security appliance. You’ll learn how to reset the administrator password (even when you don’t know it) and how to build a basic firewall configuration from scratch in the command-line and in the GUI. You’ll learn how to write and manage access-control lists, set up VPNs, DMZ, and a lot more. You’ll practice backing-up and restoring your configuration files and the firewall’s operating system image. We’ll show you how to set up centralized logging with a syslog server. You’ll practice configuring login banners. You’ll configure local usernames and privilege levels, plus you’ll practice using Active Directory for authentication. You’ll set up a DHCP server for automatic address assignment. You’ll practice building different types of VPNs and configure various types of filtering. You’ll actually practice configuring filters to block Java applet calls.

Duration

2 days

Course Objectives

By the completion of this Cisco ASA Security Firewall training course the participants should be able to have a solid understanding of:

  • Practice password recovery techniques for the Cisco ASA security appliance
  • Practice techniques for building a basic firewall configuration
  • Gain an understanding of logging configurations
  • Practice backing up and restoring device’s configurations
  • Practice backing up and restoring device’s software image (operating system)
  • Practice configuring and using remote management
  • Gain an understanding of Network Address Translation and Port Address Translation on the ASA Security Appliance and practice using them in your configurations
  • Gain an understanding of Cisco privilege levels and practice configuring local usernames and privilege levels
  • Practice configuring your security appliance to authenticate via Windows Active Directory using RADIUS
  • Practice building and troubleshooting a DHCP server
  • Practice building VPNs
  • Gain an understanding of DMZs and practice building one with a Web server
  • Practice testing security configurations with a port scanner
  • Gain an understanding of filtering techniques and practice blocking Java applets
  • Practice building a transparent (layer 2) firewall

Audience

This class is intended for network personnel who install, configure, support, and troubleshoot Cisco ASA Security Appliances. Network administrators, network engineers, IT managers, CIOs, CTOs, and anyone responsible for network security will benefit from attending this Cisco ASA Security Appliance training class.

Pre-requisites

A solid understanding of networking concepts and technologies is highly beneficial. This knowledge can be obtained by enrolling in our Networking Overview for Managers training course. Familiarity with router configurations is also very helpful.

Outline

Module 1: Understanding Firewall Fundamentals

  • What do firewalls do?
  • Types of Firewalls
  • Classification of Firewalls
  • AAA: Authentication, Authorization, and Accounting
  • Basics of Encryption including Single Key and PKI
  • Stateful Inspection
  • Adaptive Security Algorithm
  • Network Address Translation
  • An Overview of Cisco Security Appliances
  • Understanding VLANs
  • Understanding the Eight Basic Commands on a Cisco ASA Security Appliance
  • Controlling the Appliance from its Console
  • Password Recovery
  • Labs
    • Password Recovery and Initial Configuration
    • Removing the Existing Configuration
    • Using the Eight Commands Required to Enable Basic Firewall Functionality
    • Building a Base Configuration on the ASA Security Appliance
    • Building an Initial Configuration on the ASA Security Appliance

Module 2: Backing Up and Restoring Configurations and Software Images

  • Analyzing the Base Configuration of the Security Appliance
  • Labs
    • Analyzing the Base Configuration and Saving It
    • Backing Up and Restoring the Configuration
    • Backing Up and Restoring the Software Image

Module 3: Sending Logging Output to a Syslog Server

  • Using syslogd with the Security Appliance
  • Labs
    • Sending Logging Output to a Syslog Server

Module 4: Remote Management Options

  • Remote Console Access
  • Telnet
  • SSH (Secure Shell)
  • Configuring and Managing Remote Management through ASDM
  • Labs
    • Telnet and Secure Shell (SSH)

Module 5: Configuring Logon Banners, Usernames, and Authentication, Authorization, and Accounting (AAA)

  • How to Configure a Banner
  • Configuring Authentication, Authorization, and Accounting (AAA)
  • Remote Authentication Technologies
  • Cisco Secure Access Control Server
  • Installing and Configuring CACS
  • Authentication of Clients
  • Labs
    • Creating Banners on the Security Appliance
    • Configuring Usernames and Local Authentication
    • Configuring Privilege Levels on the Security Appliance
    • Authenticating Through Windows Active Directory

Module 6: Configuring the Appliance as a DHCP Server

  • Understanding the DHCP commands on the security appliance
  • Labs
    • Reconfiguring Your DHCP Server

Module 7: Access-Control Lists

  • The importance of order of entries
  • The difference between standard and extended lists
  • Hidden implicit statements in ACLs
  • Editing ACLs
  • Re-naming ACLs
  • Using time-ranges with ACLs
  • How to use object groups with ACLs

Module 8: Virtual Private Networking (VPNs)

  • PPTP
  • L2TP
  • IPSec
  • Encryption Algorithms
  • Hashing Algorithms
  • Authentication Methods
  • Troubleshooting VPN Connections
  • Configuring the Cisco AnyConnect VPN Client and Connecting to Your VPN
  • Creating a Web-Based SSL VPN
  • Labs
    • Site-to-Site VPNs
    • Remote Access VPNs
    • Configuring a Web-Based SSL VPN
    • Configuring the Cisco AnyConnect Client
    • Logging Off VPN Users through the ASDM

Module 9: DMZs (De-Militarized Zones)

  • Understanding DMZ concepts
  • Security Levels
  • Access Control Lists
  • Static Routes
  • Port Scanning
  • Labs
    • Configuring a DMZ
    • Analyzing Potential Vulnerabilities with Port Scanning

Module 10: Filtering Content

  • Configuring Unicast RPF
  • Fragmented Packets
  • Intrusion Prevention
  • URL Filtering
  • Dynamic Content Filtering
  • Labs
    • Filtering Dynamic Java Content

Module 11: Configuring Transparent Mode

  • Understanding transparent mode
  • Labs
    • Viewing and changing the mode