OneSource Professional Training Solutions
OneSource Professional Training Solutions, Inc. presents

ASAE - ASA Essentials On-Site Training

This on-site training class is also available as Public Schedule Seminar.

ASAE - ASA Essentials

Course Description/Agenda

If you need to get up to speed quickly with Cisco's Adaptive Security Appliance (ASA), this is the course for you.

We combined the most important content from Cisco's Authorized FIREWALL and VPN courses to hone in on the most crucial aspects of the ASA. In just one week, you'll cover:

  • Firewall basics
  • Network Address Translation (NAT)
  • Access Control Lists (ACLs)
  • Object groups
  • Stateful inspection
  • Modular policy framework
  • Site-to-site and remote access VPN (both IPsec and SSL)
  • Server-based authentication, authorization, and accounting (AAA) and single sign-on (SSO) for clientless SSL VPN

You'll complete your training with high availability failover coverage, including an exclusive demonstration of what happens to your firewall connections and VPN sessions during a device failure.

What You'll Learn

  • Technology and features of the Cisco ASA
  • Cisco ASA product family
  • How ASAs protect network devices from attacks
  • Bootstrap the security appliance
  • Prepare the security appliance for configuration via the Cisco Adaptive Security Device Manager (ASDM)
  • Launch and navigate ASDM
  • Essential security appliance configuration using ASDM and the command-line interface (CLI)
  • Configure dynamic and static address translations
  • Configure access policy based on ACLs
  • Use object groups to simplify ACL complexity and maintenance
  • Use the Modular Policy Framework to provide unique policies to specific data flows
  • Handle advanced protocols with application inspection
  • Troubleshoot with syslog, packet tracer, and packet capture
  • Implement site-to-site IPsec VPN
  • Implement remote access IPsec and SSL VPNs
  • Work with the Cisco IPsec VPN client and the AnyConnect SSL VPN client
  • Deploy clientless SSL VPN access, including portal customization, smart tunnel access, and web-type ACLs
  • Implement SSO for clientless VPN access to internal resources
  • Configure access control policies to implement your security policy across all classes of VPN
  • Configure Active/Standby failure for both firewall and VPN high availability

Who Should Attend

  • Network administrators, managers, coordinators
  • Anyone who requires fundamental training on the ASA
  • Security technicians, administrators, and engineers

Course Outline

1. Introduction to the Cisco ASA

  • Technology and Features
  • Appliance Family

2. Implementing Basic Connectivity and Device Management

  • Cisco ASA and Cisco ASDM and the CLI
  • Configuring Interfaces and Static Routing
  • Configuring Basic Device Management Features

3. Deploying Access Control Features

  • Deploying NAT
  • Configuring Basic Access Control
  • Using Cisco ASA Modular Policy Framework
  • Tuning Basic Stateful Inspection Features

4. Deploying IPsec VPN Solutions

  • IPsec Overview
  • Basic Site-to-Site IPsec VPNs
  • The Cisco VPN Client
  • Basic Cisco Easy VPN Solutions

5. Deploying AnyConnect Remote Access VPN Solutions

  • PKI and SSL Overview
  • Basic AnyConnect Full Tunnel SSL VPN Solution

6. Deploying Clientless Remote Access VPN Solutions

  • Basic Clientlesss VPN Solution
  • Advanced Application Access
  • Advanced Authentication and SSO
  • Customizing the Clientless SSL VPN Portal

7. Failover

  • Deploying Active/Standby High Availability Failover


These labs are enhanced versions of what you'll find in Cisco's FIREWALL and VPN courses. Streamlined and built to work with our unique lab topology, these labs give you hands-on practice that is vital to mastering the course concepts. Each lab builds upon the configurations and policies you set in previous labs better representing your real-world, on-the-job environment.

Lab 1: Enhanced - Preparing the ASA for Administration

  • Prepare the ASA for remote administration by both SSH and HTTPS/ASDM
  • Access the ASA via its physical console port and reset the configuration to factory defaults
  • Use the setup dialog to configure the Inside interface
  • Enable ASDM access via HTTP
  • Enable SSH from the CLI
  • Test SSH access from the Admin PC
  • Install and configure ASDM on the Admin PC and test initial access with ASDM
  • Prepare a persistent self-signed digital certificate for use for ASDM

Lab 2: Enhanced - Fundamental ASA Configuration

  • Configure basic ASA settings
  • Configure the Inside, Outside, and DMZ interfaces
  • Configure authenticated NTP support and Syslog support
  • Use different features to test the behavior of the ASA

Lab 3: Enhanced - Network Address Translation

  • Experiment with nat 0 and no nat-control
  • Implement a temporary PAT configuration
  • Configure dynamic NAT, NAT exemption, and static NAT
  • Test and verify the results of the configuration on the communicating host systems and the ASA
  • Configure and monitor address translation
  • See the difference between the ASA's translation and connection tables

Lab 4: Enhanced - Basic Access Control

  • Configure access policy to allow access to public services running on the DMZ-Srv from the outside
  • Configure access policy to allow unrestricted access from the Inside network
  • Get an introduction to object groups, the packet tracer, and ICMP inspection

Lab 5: Enhanced - Troubleshooting Tools

  • Experiment with syslog, packet tracer, and packet capture
  • Practice using show and debug commands

Lab 6: Enhanced - Basic Protocol Inspection

  • Explore the ASA's simple application layer inspection using FTP and HTTP examples
  • Use the modular policy framework to inspect Layer 3 and Layer 4 packet headers
  • Control traffic based on information received

Lab 7: Enhanced - Basic Site-to-Site VPN

  • Configure a site-to-site tunnel from HQ to Site1
  • Use ASDM to configure the building blocks of the tunnel configuration and see how they work together
  • Modify the NAT configuration on the ASA to conform with tunnel requirements
  • Monitor tunnel status from the CLI, ASDM, and syslog
  • Analyze tunnel establishment by following debug messages
  • Apply a group policy to prevent systems on at Site1 from reaching the management subnet on the HQ network

Lab 8: Enhanced - Basic Cisco Easy VPN

  • Explore basic IPsec remote access VPN (Cisco Easy VPN)
  • Install and configure the Cisco VPN Client on the Outside PC and configure the ASA to allow the remote access connections
  • Address issues such as modifying the NAT configuration to b


    More Seminar Information

    OneSource Professional Training Solutions, Inc.
    OneSource Professional Training Solutions

    Delivery Method

    On-Site Training On-Site Training

    Also Available As

    Seminar Seminar

Add to favorites Add to favorites
Email Email this page

On-Site Training
Information Request Form

Please complete the form for more information and/or a quote for this on-site class.




City and State


Number of students:
(at least 10 for consideration)

When do you want to hold the

How long would you like for the

Additional comments to trainer:

We value your privacy!