OneSource Professional Training Solutions
OneSource Professional Training Solutions, Inc. presents
 

ASAE v2.0 - ASA Essentials v2.0 On-Site Training

This on-site training class is also available as Public Schedule Seminar.

ASAE v2.0 - ASA Essentials v2.0

Course Description/Agenda


If you need to get up to speed quickly with Cisco's Adaptive Security Appliance (ASA), this is the course for you.

We combined the most important content from Cisco's Authorized FIREWALL and VPN courses to hone in on the most crucial aspects of the ASA. In just one week, you'll cover:

  • Firewall basics
  • Network Address Translation (NAT)
  • Access Control Lists (ACLs)
  • Object groups
  • Stateful inspection
  • Modular policy framework
  • PKI Integration
  • Site-to-site and remote access VPN (both IPsec and SSL)
  • Active/Standby Failover
  • Server-based authentication, authorization, and accounting (AAA) using ACS 5.2

You'll complete your training with high availability failover coverage, including an exclusive demonstration of what happens to your firewall connections and VPN sessions during a device failure.

A Global Knowledge Exclusive: Bonus Lab Credits

You'll receive five extra ASAE e-lab credits (good for 30 days) to review a topic after class, refine your skills, or get in extra practice-whatever lab activities complete your training.

What You'll Learn

  • Technology and features of the Cisco ASA
  • Cisco ASA product family
  • How ASAs protect network devices from attacks
  • Bootstrap the security appliance
  • Prepare the security appliance for configuration via the Cisco Adaptive Security Device Manager (ASDM)
  • Launch and navigate ASDM
  • Essential security appliance configuration using ASDM and the command-line interface (CLI)
  • Configure dynamic and static address translations
  • Configure access policy based on ACLs
  • Use object groups to simplify ACL complexity and maintenance
  • Use the Modular Policy Framework to provide unique policies to specific data flows
  • Handle advanced protocols with application inspection
  • Troubleshoot with syslog and tcp ping
  • Configure the ASA to work with Cisco Secure ACS 5.2 for RADIUS-based AAA of VPNs
  • Implement site-to-site IPsec VPN
  • Implement remote access IPsec and SSL VPNs using the Cisco AnyConnect 3.0 Secure Mobility Client
  • Work with the 5.x Legacy Cisco IPsec VPN client
  • Deploy clientless SSL VPN access, including smart tunnels, plug-ins, and web-type ACLs
  • Configure access control policies to implement your security policy across all classes of VPN
  • Configure Active/Standby failover for both firewall and VPN high availability

Who Should Attend

  • Network administrators, managers, and coordinators
  • Anyone who requires fundamental training on the ASA
  • Security technicians, administrators, and engineers

Course Outline

1. Cisco ASA Essentials

  • Evaluating Cisco ASA Technologies
  • Identifying Cisco ASA Families

2. Basic Connectivity and Device Management

  • Preparing the Cisco ASA for Network Integration
  • Managing Basic Cisco ASA Network Settings
  • Configuring Cisco ASA Device Management Features

3. Network Integration

  • Configuring Cisco ASA NAT Features
  • Configuring Cisco ASA Basic Access Control Features

4. Cisco ASA Policy Control

  • Cisco ASA Modular Policy Framework
  • Configuring Cisco ASA Connection Policy

5. Cisco ASA VPN Architecture and Common Components

  • Implementing Profiles, Group Policies, and User Policies
  • Implementing PKI Services

6. Cisco ASA Clientless Remote Access SSL VPN Solutions

  • Deploying Basic Clientless VPN Solutions
  • Deploying Advanced Application Access for Clientless SSL VPNs

7. Cisco AnyConnect Remote Access SSL Solutions

  • Deploying a Basic Cisco AnyConnect Full-Tunnel SSL VPN Solution

8. Cisco ASA Remote Access IPsec VPNs

  • Deploying Cisco Remote Access VPN Clients
  • Deploying Basic Cisco Remote Access IPsec VPN Solutions

9. Cisco ASA Site-to-Site IPsec VPN Solutions

  • Deploying Basic Site-to-Site IPsec VPNs
  • Deploying Advanced Site-to-Site IPsec VPNs

10. Cisco ASA High Availability and Virtualization

  • Configuring Cisco ASA Active/Standby High Availability

Labs

These labs are enhanced versions of what you'll find in Cisco's FIREWALL and VPN courses. Streamlined and built to work with our unique lab topology, these labs give you hands-on practice that is vital to mastering the course concepts. Each lab builds upon the configurations and policies you set in previous labs better representing your real-world, on-the-job environment.

Lab 1: Prepare the ASA for Administration

  • Prepare the ASA for remote administration by both SSH and HTTPS/ASDM
  • Access the ASA via its physical console port and reset the configuration to factory defaults
  • Use the setup dialog to configure the inside interface
  • Enable ASDM access via HTTP
  • Enable SSH from the CLI
  • Test SSH access from the Admin-PC
  • Install and configure ASDM on the Admin-PC and test initial access with ASDM
  • Prepare a persistent self-signed digital certificate for use for ASDM

Lab 2: Fundamental ASA Configuration

  • Configure basic ASA settings including static routes
  • Configure the Inside, Outside, and DMZ interfaces
  • Configure authenticated NTP support, syslog, and SNMP support
  • Configure DHCP Server
  • Use different features to test the behavior of the ASA

Lab 3: Network Address Translation (NAT)

  • Configure object NAT for dynamic PAT
  • Configure object NAT for dynamic NAT
  • Configure object NAT for static NAT
  • Configure twice NAT
  • Test and verify the results of the configuration on the communicating host systems and the ASA
  • Configure and monitor address translation
  • Differences between the ASA's translation and connection tables

Lab 4: Basic Access Control

  • Object groups
  • Configure global policy
  • Configure access policy to allow access to public services running on the DMZ-Srv from the outside
  • Configure access policy to allow unrestricted access from the Inside network

Lab 5: Basic Protocol Inspection

  • Explore the ASA's simple application layer inspection using FTP and HTTP
  • Use the modular policy framework to inspect Layer 3 and Layer 4 packet headers
  • Control traffic based on information received
  • Work with TTL Decrementation and TCP Maps
  • Configure the ASA to work with custom dynamic applications

Lab 6: Licensing, ACS, and Public CA

  • Work with licensing scenario design challenges
  • Configure the ASA and ACS 5.2 integration for AAA
  • Configure ACS 5.2 integration with Active Directory
  • Create an ACS 5.2 identity sequence and test authentication
  • Manually Obtain SSL certificates from a public CA

Lab 7: Basic Clientless SSL VPN

Add to favorites Add to favorites
Email Email this page
 

On-Site Training
Information Request Form

Please complete the form for more information and/or a quote for this on-site class.

Name:

Email

Phone:

City and State

Company:

Number of students:
(at least 10 for consideration)

When do you want to hold the
seminar?

How long would you like for the
seminar?

Additional comments to trainer:

We value your privacy!