Chapter 9: Implementing the Cisco Adaptive Security Appliance

Chapter Outline:

9.0 Introduction
9.1 Introduction to the ASA
9.2 ASA Firewall Configuration
9.3 Summary

Section 9.1: Introduction to the ASA

Upon completion of this section, you should be able to:

• Compare ASA solutions to other routing firewall technologies.
• Explain ASA 5505 operation with the default configuration.

Topic 9.1.1: ASA Solutions

ASA Firewall Models

Small Office and Branch Office ASA Models

Internet Edge Models

Enterprise Data Center Models

Advanced ASA Firewall Feature

ASA Virtualization

High Availability

Identity Firewall

ASA Threat Control

Review of Firewalls in Network Design

Permitted Traffic

DeniedTraffic

ASA Firewall Modes of Operation

ASA Licensing Requirements

Base License Specifics

Security Plus License Specifics

show version Command Output

Topic 9.1.2: Basic ASA Configuration

Overview of ASA 5505

ASA 5505 Back Panel

ASA 5505 Front Panel

ASA Security Levels

Security Level Control:

• Network Access
• Inspection Engines
• Application Filtering

ASA 5505 Deployment Scenarios

ASA Deployment in a Small Branch

ASA Deployment in a Small Business

ASA Deployment in an Enterprise

Section 9.2: ASA Firewall Configuration

Topic 9.2.1: The ASA Firewall Configuration

Introduce Basic ASA Settings

Base License Specifics

Security Plus License Specifics

show version Command Output

ASA Default Configuration

ASA 5505 Default Configuration Overview.

ASA Interactive Setup Initialization Wizard

Entering the ASA 5505 Setup Initialization Wizard

Topic 9.2.2: Configuring Management Settings and Services

Enter Global Configuration Mode

Entering Global Configuration Mode Example

Configuring Basic Settings

ASA Basic Configuration Commands

Configuring Basic Settings

Enabling AES Encryption Example

Configuring Logical VLAN Interfaces

Local VLAN Interface Commands

Configuring IP Addresses on VLAN Interfaces

Configuring VLAN Interfaces Example

Assigning Layer 2 Ports to VLANs

Configuring Layer 2 Ports Example

Verifying VLAN Port Assignment Example

Verifying Interfaces Example

Verifying IP Addresses Example

Configuring a Default Static Route

Configuring Remote Access Services

Telnet Configuration Commands

Telnet Configuration Commands Example

SSH Configuration Commands

Configuring SSH Access Example

Configuring Network Time Protocol Services

NTP Authentication Commands

Configuring NTP Example

Configuring DHCP Services

DHCP Server Commands

Configuring DHCP Server Example

Topic 9.2.3: Object Groups

Introduction to Objects and Object Groups

Configuring Network Objects

Network Object Commands

Configuring a Network Object Example

Configuring Service Objects

Service Object Options Example

Common Service Object Commands

Configuring a Service Object Example

Object Groups

Configuring Common Object Groups

Network Object Group Example

ICMP-type Object Group Example

Services Object Group Example

Topic 9.2.4: ACLS

ASA ACLs

ASA ACL and IOS ACL Similarities

ASA ACL and IOS ACL Similarities

Types of ASA ACL Filtering

Higher Levels Allowed To Lower Levels

Lower Levels Denied To Higher Levels

Types of ASA ACLs

Extended ACL Examples

Standard ACL Example

IPv6 ACL Example

Configuring ACLs

ACL Command Parameters

Condensed Extended ACL Syntax

ASA ACL Elements

Applying ACLs

ACLs and Object Groups

ACL Reference Topology

Extended ACL Configuration Example

Verifying the ACL

ACL Using Object Groups Examples

Condensed Extended ACL Syntax with Object Groups

ACL Reference Topology

ACL and Object Group Configuration Example

Verifying the ACL and Object Group Configuration Example

Topic 9.2.5: NAT Services on an ASA

ASA NAT Overview

Types of NAT Deployments:

• Inside NAT
• Outside NAT
• Bidirectional NAT

Configuring Dynamic NAT

Dynamic NAT Reference Topology

Dynamic NAT Configuration Example

Enable Return Traffic Example

Verifying the Dynamic NAT Configuration Example

Configuring Dynamic PAT

Dynamic PAT Configuration Example

Verifying the Dynamic PAT Configuration Example

Configuring Static NAT

Configure the DMZ Interface Example

Static NAT Configuration Example

Verifying the Static NAT Configuration Example

Topic 9.2.6: AAA

AAA Review

Local Database and Servers

RADIUS and TACACS+ Server Commands

Sample AAA TACACS+ Server Configuration

AAA Configuration

Topic 9.2.7: Service Policies on an ASA

Overview of MPF

Configuring Class Maps

Define and Activate a Policy

Implementing Modular Policy Framework

ASA Default Policy

Default Service Policy Configuration

Section 9.3: Summary

Chapter Objectives:

• Explain how the ASA operates as an advanced stateful firewall.
• Implement an ASA firewall configuration.

Download Slide PowerPoint (pptx):

[sociallocker id=”2293″][wpdm_package id=’3324′][/sociallocker]