Overview

Upon completing this course, the learner will be able to meet these overall objectives:

Essentials of Cisco ASABasic connectivity and device managementNetwork integrationConfigure common features of the Cisco ASA OSCisco ASA policy controlCore Cisco ASA VPN common componentsMain VPN componentsCisco clientless VPN solutionsCisco AnyConnect full tunnel VPN solutionCisco ASA high availability and virtualization optionsFeatures of Cisco ASA 5500-X Series Next-Generation Firewalls

1. Cisco ASA Essentials

Firewall TechnologiesCisco ASA FeaturesCisco ASA HardwareCisco ASA Licensing OptionsCisco ASA Licensing Requirements

2. Basic Connectivity and Device Management

Managing the Cisco ASA Boot ProcessManaging the Cisco ASA Using the CLIManaging the Cisco ASA Using Cisco ASDMNavigating Basic Cisco ASDM FeaturesManaging the Cisco ASA Basic UpgradeManaging Cisco ASA Security LevelsConfiguring and Verifying Basic Connectivity ParametersConfiguring and Verifying Interface VLANsConfiguring a Default RouteConfiguring and Verifying the Cisco ASA Security Appliance DHCP ServerTroubleshooting Basic Connectivity

Implementing Core Cisco ASA Security (SASAC)Length5 days

Price$6215.00 (inc GST)

Cisco ASA Core covers the Cisco ASA 9.0 / 9.1 core firewall and VPN features. This enhanced course contains added depthto the standard labs, using a topology that simulates a typical production network. You'll use ASA 5515 appliances to workthrough configuring access control to and from your network.

Additionally, the PC systems and server systems are an integral part of the lab environment. Here you will use Windows 8,Windows Server 2012, and Kali Linux to manage, test, and even attack your lab network using real-world operatingsystems and applications.

Skills Gained

Key Topics

1800 ULEARN (853 276)www.ddls.com.au

3. Network Integration

NAT on Cisco ASA Security AppliancesConfiguring Object (Auto) NATConfiguring Manual NATTuning and Troubleshooting NAT on the Cisco ASAConnection Table and Local Host TableConfiguring and Verifying Interface ACLsConfiguring and Verifying Global ACLsConfiguring and Verifying Object GroupsConfiguring and Verifying Public ServersConfiguring and Verifying Other Basic Access ControlsTroubleshooting ACLsStatic RoutingDynamic RoutingEIGRP Configuration and VerificationMulticast Support

4. Cisco ASA Policy Control

Cisco MPF OverviewConfiguring and Verifying Layer 3 and Layer 4 PoliciesConfiguring and Verifying a Policy for Management TrafficLayer 5 to Layer 7 Policy Control OverviewConfiguring and Verifying HTTP InspectionConfiguring and Verifying FTP InspectionSupporting Other Layer 5 to Layer 7 ApplicationsTroubleshooting Application Layer Inspection

5. Cisco ASA VPN Common Components

VPN DefinitionKey Threats to WANs and Remote AccessVPN TypesVPN ComponentsCisco ASA VPN Policy ConfigurationCisco ASA Connection ProfilesCisco ASA Group PoliciesCisco ASA VPN AAA and External Policy StorageCisco ASA User AttributesAccess Control MethodsVPN Accounting Using External ServersDynamic Access Policy for SSL VPNUsing PKI • Provisioning Server-Side Certificates on the Cisco ASA Adaptive SecurityApplianceCA ServersDeploying Client-Based Certificate AuthenticationSCEP Proxy OperationsEnable Certificate Authentication in Connection ProfileConfiguring Certificate-to-Connection Profile Mappings

6. Cisco Clientless VPN Solution

Cisco Clientless SSL VPNCisco Clientless SSL VPN Use CasesCisco Clientless SSL VPN Resource Access MethodsSecure Sockets Layer and Transport Layer SecuritySSL Session Setup and Key ManagementSSL Server AuthenticationSSL Client AuthenticationSSL Transmission ProtectionBasic Cisco Clientless SSL VPNServer Authentication in Basic Clientless SSL VPNClient-side Authentication in Basic Clientless SSL VPN

Clientless SSL VPN URL Entry and BookmarksBasic Access Control for Clientless SSL VPNDisabling Content RewritingBasic Clientless SSL VPN Configuration TasksBasic Clientless SSL VPN Configuration ScenarioConfiguring Basic Cisco Clientless SSL VPNVerify Basic Cisco Clientless SSL VPNTroubleshooting Basic Clientless SSL VPN OperationsCisco Clientless SSL VPN Application Access OverviewApplication Plug-InsConfiguring Application Plug-insVerify Clientless SSL VPN Application Plug-InsTroubleshooting Clientless SSL VPN Application Plug-InsSmart TunnelsConfiguring Smart TunnelsVerifying Smart TunnelsTroubleshoot Smart TunnelsClient-side Authentication OptionsClient-side Authentication and Authorization Using AAA ServerDouble Client-side Authentication Using AAA ServersTroubleshooting Client-side AAA Authentication

7. Cisco AnyConnect Full Tunnel VPN Solution

Basic Cisco AnyConnect SSL VPNSSL VPN Clients AuthenticationSSL VPN Clients IP Address AssignmentSSL VPN Split TunnelingConfiguration ScenarioConfiguration TasksEnable AnyConnect SSL VPNDefine IP Address PoolConfigure Identity NATConfigure Group PolicyConfigure Group Policy: Split TunnelingConfigure Connection ProfileMonitor AnyConnect VPN on ClientMonitor AnyConnect VPN on ServerCisco AnyConnect SSL VPN Solution ComponentsDTLS OverviewParallel DTLS and TLS TunnelsConfigure DTLSVerify DTLSCisco AnyConnect Client Configuration ManagementManaging Cisco AnyConnect Software from Cisco ASACisco AnyConnect Client Operating System Integration OptionsDeploying Cisco AnyConnect Trusted Network DetectionCisco AnyConnect Start Before LogonDeploying Cisco AnyConnect Start Before LogonCisco AnyConnect Advanced Authentication ScenariosCertificate-Based Server AuthenticationClient Enrollment MethodsMethods for Revoking CredentialsEnable Certificate-Based AuthenticationEnable Two-Factor AuthenticationTwo-Factor Authentication with Name Pre-FillLocal Authorization OverviewLocal Authorization Configuration ProcedureConfigure Local Authorization Verify Local AuthorizationExternal Authorization ScenarioConfigure Authorization Using LDAP/ADVerify External AuthorizationTroubleshooting Cisco AnyConnect VPNAnyConnect Support for IKEv2

Internet Key Exchange v1 and v2Making IPsec the Primary Protocol for a Host EntryIKEv2 Configuration ProcedureConfigure a Cisco AnyConnect IPsec VPN on a Cisco ASAVerify and Troubleshoot Cisco AnyConnect IPsec VPN on Cisco ASA

8. Cisco ASA High Availability and Virtualization

Configuring and Verifying EtherChannelConfiguring and Verifying Redundant InterfacesTroubleshooting EtherChannel and Redundant InterfacesConfiguring and Verifying Redundant InterfacesTroubleshooting EtherChannel and Redundant InterfacesMultiple-Context Mode • Configuring Security ContextsVerifying and Managing Security ContextsConfiguring and Verifying Resource ManagementTroubleshooting Security ContextsSelf Study (optional)Active/Active FailoverConfiguring and Verifying Active/Active FailoverTuning and Managing Active/Active FailoverTroubleshooting Active/Active Failover

Labs

Lab 1: Remote Lab Environment

Lab 2: ASA Administration and Network Integration

Lab 3: Network Address Translation

Lab 4: Access Control and Troubleshooting

Lab 5: MPF Basic Application Inspections

Lab 6: MPF Advanced Application Inspections

Lab 7: Basic Clientless SSL VPN

Lab 8: Clientless SSL VPN Applications

Lab 9: External AAA for Clientless SSL VPN

Lab 10: Lab: Basic AnyConnect SSL VPN

Lab 11: Advanced AnyConnect SSL VPN

Lab 12: IPSec Remote Access VPN

Lab 13: Active-Standby High Availability

Network engineers supporting Cisco ASA 9.x implementations

We can also deliver and customise this training course for larger groups – saving your organisation time, money and resources. Formore information, please contact us on 1800 853 276.

Knowledge of the Cisco ASAIINS 2.0 - Implementing Cisco IOS Network Security

Target Audience

Prerequisites

© 2015 Dimension Data Learning Solutions. A ll Rights Reserved

The supply of this course by Dimension Data Learning Solutions Pty Ltd is governed by the booking terms and conditions. Please read the terms and conditions carefully before enrolling in thiscourse, as enrolment in the course is conditional on acceptance of these terms and conditions.