Chapter Outline:
9.0 Introduction
9.1 Introduction to the ASA
9.2 ASA Firewall Configuration
9.3 Summary
Section 9.1: Introduction to the ASA
Upon completion of this section, you should be able to:
- Compare ASA solutions to other routing firewall technologies.
- Explain ASA 5505 operation with the default configuration.
Topic 9.1.1: ASA Solutions
ASA Firewall Models
Small Office and Branch Office ASA Models
Internet Edge Models
Enterprise Data Center Models
Advanced ASA Firewall Feature
ASA Virtualization
High Availability
Identity Firewall
ASA Threat Control
Review of Firewalls in Network Design
Permitted Traffic
DeniedTraffic
ASA Firewall Modes of Operation
ASA Licensing Requirements
Base License Specifics
Security Plus License Specifics
show version Command Output
Topic 9.1.2: Basic ASA Configuration
Overview of ASA 5505
ASA 5505 Back Panel
ASA 5505 Front Panel
ASA Security Levels
Security Level Control:
- Network Access
- Inspection Engines
- Application Filtering
ASA 5505 Deployment Scenarios
ASA Deployment in a Small Branch
ASA Deployment in a Small Business
ASA Deployment in an Enterprise
Section 9.2: ASA Firewall Configuration
Topic 9.2.1: The ASA Firewall Configuration
Introduce Basic ASA Settings
Base License Specifics
Security Plus License Specifics
show version Command Output
ASA Default Configuration
ASA 5505 Default Configuration Overview.
ASA Interactive Setup Initialization Wizard
Entering the ASA 5505 Setup Initialization Wizard
Topic 9.2.2: Configuring Management Settings and Services
Enter Global Configuration Mode
Entering Global Configuration Mode Example
Configuring Basic Settings
ASA Basic Configuration Commands
Configuring Basic Settings
Enabling AES Encryption Example
Configuring Logical VLAN Interfaces
Local VLAN Interface Commands
Configuring IP Addresses on VLAN Interfaces
Configuring VLAN Interfaces Example
Assigning Layer 2 Ports to VLANs
Configuring Layer 2 Ports Example
Verifying VLAN Port Assignment Example
Verifying Interfaces Example
Verifying IP Addresses Example
Configuring a Default Static Route
Configuring Remote Access Services
Telnet Configuration Commands
Telnet Configuration Commands Example
SSH Configuration Commands
Configuring SSH Access Example
Configuring Network Time Protocol Services
NTP Authentication Commands
Configuring NTP Example
Configuring DHCP Services
DHCP Server Commands
Configuring DHCP Server Example
Topic 9.2.3: Object Groups
Introduction to Objects and Object Groups
Configuring Network Objects
Network Object Commands
Configuring a Network Object Example
Configuring Service Objects
Service Object Options Example
Common Service Object Commands
Configuring a Service Object Example
Object Groups
Configuring Common Object Groups
Network Object Group Example
ICMP-type Object Group Example
Services Object Group Example
Topic 9.2.4: ACLS
ASA ACLs
ASA ACL and IOS ACL Similarities
ASA ACL and IOS ACL Similarities
Types of ASA ACL Filtering
Higher Levels Allowed To Lower Levels
Lower Levels Denied To Higher Levels
Types of ASA ACLs
Extended ACL Examples
Standard ACL Example
IPv6 ACL Example
Configuring ACLs
ACL Command Parameters
Condensed Extended ACL Syntax
ASA ACL Elements
Applying ACLs
ACLs and Object Groups
ACL Reference Topology
Extended ACL Configuration Example
Verifying the ACL
ACL Using Object Groups Examples
Condensed Extended ACL Syntax with Object Groups
ACL Reference Topology
ACL and Object Group Configuration Example
Verifying the ACL and Object Group Configuration Example
Topic 9.2.5: NAT Services on an ASA
ASA NAT Overview
Types of NAT Deployments:
- Inside NAT
- Outside NAT
- Bidirectional NAT
Configuring Dynamic NAT
Dynamic NAT Reference Topology
Dynamic NAT Configuration Example
Enable Return Traffic Example
Verifying the Dynamic NAT Configuration Example
Configuring Dynamic PAT
Dynamic PAT Configuration Example
Verifying the Dynamic PAT Configuration Example
Configuring Static NAT
Configure the DMZ Interface Example
Static NAT Configuration Example
Verifying the Static NAT Configuration Example
Topic 9.2.6: AAA
AAA Review
Local Database and Servers
RADIUS and TACACS+ Server Commands
Sample AAA TACACS+ Server Configuration
AAA Configuration
Topic 9.2.7: Service Policies on an ASA
Overview of MPF
Configuring Class Maps
Define and Activate a Policy
Implementing Modular Policy Framework
ASA Default Policy
Default Service Policy Configuration
Section 9.3: Summary
Chapter Objectives:
- Explain how the ASA operates as an advanced stateful firewall.
- Implement an ASA firewall configuration.
Download Slide PowerPoint (pptx):
[sociallocker id=”2293″][wpdm_package id=’3324′][/sociallocker]