Implementing Advanced Cisco ASA Security 1.0 (SASAA) Training
Introduction:
This course provides Cisco ASA firewall administrators and engineers with update training on the main post-8.4.1 release Cisco ASA features including most 9.x features such as CX and Clustering. The course includes detailed coverage of Cisco ASA 5500-X Series Next-Generation Firewalls, the Cisco Catalyst 6500 Series ASA Services Module (ASASM), and the ASA 1000v Cloud Firewall. It also provides a hands-on experience with installing and setting up the Cisco IPS and Cisco ASA CX software modules, implementing Identity Firewall policies with Cisco CDA, implementing CX policies, and integrating Cisco Cloud Web Security
Customize It:
With onsite Training, courses can be scheduled on a date that is convenient for you, and because they can be scheduled at your location, you don’t incur travel costs and students won’t be away from home. Onsite classes can also be tailored to meet your needs. You might shorten a 5-day class into a 3-day class, or combine portions of several related courses into a single course, or have the instructor vary the emphasis of topics depending on your staff’s and site’s requirements.
Audience/Target Group
Network engineers supporting Cisco ASA 9.x implementations.
Related Courses:
Duration: 5 days
Skilled Gained:
Explain the features of Cisco ASA 5500-X Series Next-Generation Firewalls, ASASM, and ASA 1000V Cloud Firewall, and install and set up the Cisco IPS and Cisco ASA CX software modules
Describe how to implement Cisco ASA Identity Firewall policies by using Cisco CDA and Cisco ASA
Demonstrate how to implement Cisco ASA CX policies
Demonstrate how to implement Cisco ASA and Cisco Cloud Web Security integration
Describe the IPv6 features in Cisco ASA Software Release 9.0
Describe SGACL support in Cisco ASA Software Release 9.0
Describe the multicontext enhancements in Cisco ASA Software Release 9.0
Demonstrate how to implement a Cisco ASA cluster
Course Content:
Module 1: Cisco ASA Product Family
Lesson 1 Introducing the Cisco ASA 5500-X Series Next-Generation Firewalls
Cisco ASA 5500-X Series Next-Generation Firewalls
Cisco ASA 5500-X Series USB 2.0 Ports
Cisco ASA 5500-X Series SSDs
Cisco ASA NGE Support
Cisco ASA 5585-X Dual Firewall Support
Lesson 2 Installing Cisco ASA 5500-X Series IPS Software Module
IPS Software Module
IPS Software Module Installation
sw-module module ips Command
IPS Software Module CLI Access
setup Command
IPS Software Module Management Interface Configuration
Cisco ASA-to-IPS Software Module Traffic Redirection
IPS Software Licenses
Lesson 3 Introducing the Cisco ASASM
Cisco ASASM Supported Platforms
Cisco ASASM Performance Numbers
Cisco ASASM Architecture
Cisco ASASM Features Parity
Cisco ASASM VLAN Interface Configurations
Lesson 4 Introducing the Cisco ASA 1000V Cloud Firewall
Cisco ASA 1000V and VSG Cloud Firewall Roles
Cisco ASA 1000V Firewall Deployment Scenario
Cisco ASA 1000V Cloud Firewall Performance Numbers
Cisco ASA 1000V Environment
Cisco ASA 1000V Management
Module 2: Cisco ASA
Lesson 1 Describing the Cisco ASA Identity Firewall Solution
Cisco ASA Identity Firewall Benefits
Cisco ASA Identity Firewall Flow
Cisco Identity Firewall Policies
Lesson 2 Setting Up Cisco CDA
Cisco CDA versus Active Directory Agent
Cisco CDA Hardware Appliance and VM Requirements
Cisco CDA Installation
Cisco CDA Setup
Cisco CDA Application Status Verification
Cisco CDA CLI Operations
Cisco CDA GUI
Lesson 3 Configuring Cisco CDA
Active Directory Server Configuration
Cisco ASA Configuration
Syslog Server Configuration
Cisco CDA User-Account Configuration
Cisco CDA GUI Password Policy Configuration
Cisco CDA Session Timeout Configuration
IP-to-Identity Mapping Display
Registered-Device Verification
Lesson 4 Configuring Cisco ASA Identity Firewall
Identity-Based Firewall Configuration Tasks
Active Directory Server Configuration
Cisco CDA Configuration
User-Identity Options Configuration Using Cisco ASDM
User-Identity Option Configuration Using the CLI
User-Identity-Based Access Rules
User Object Group Configuration
FQDN Network Object Configuration
Identity Firewall with Cut-Through Proxy Use Case
Identity Firewall with Remote-Access VPN Use Case
Lesson 5 Verifying and Troubleshooting Cisco Identity Firewall
Cisco CDA and Active Directory Server Connectivity Test
show user-identity Command
show user-identity Command for Cisco CDA Verification
show user-identity Command for Active Directory User Verification
show user-identity Command for Active Directory Group Verification
show user-identity Command for Memory-Usage Verification
Identity-Based Firewall Cisco ASDM Monitoring Panes
Cisco CDA Management with the CLI
Cisco CDA Live Log Monitoring
Cisco CDA Troubleshooting
Module 3: Cisco ASA CX
Lesson 1 Introducing Cisco ASA CX (Next-Generation Firewall)
Cisco ASA CX Benefits and Components
Cisco ASA CX Broad and Web AVC
Cisco ASA CX Policy Types
Compatibility with Existing Cisco ASA Features
Cisco ASA 5585-X CX-SSP Hardware Module
Cisco ASA 5500-X CX Software Module
Lesson 2 Describing the Cisco ASA CX Management Architecture
Cisco ASA CX Management Architecture
On-Box and Off-Box Cisco PRSM
On-Box and Off-Box Cisco PRSM GUI Differences
Lesson 3 Installing the Cisco Off-Box PRSM and Cisco ASA CX
Off-Box Cisco PRSM Setup
Cisco PRSM GUI Basic Functions
Cisco ASA CX System Package Installation
Cisco ASA CX Status Verification
Cisco ASA CX Management Interface
Cisco ASA CX CLI Operations
Lesson 4 Redirecting Cisco ASA-to-Cisco ASA CX Traffic
Cisco ASA-to-Cisco ASA CX Traffic Redirection
Lesson 5 Performing Cisco PRSM Device Discovery and Configuration Import
Cisco ASA CX Policy Structure
Off-Box Cisco PRSM Device Discovery
Off-Box Cisco PRSM Device Groups
Lesson 6 Configuring Cisco ASA CX Policy Objects
Cisco ASA CX Policy Object Types
Cisco ASA CX Network Objects
Cisco ASA CX Service Objects and Service Groups
Cisco ASA CX Application Objects and Application Service Objects
Cisco ASA CX URL Objects
Cisco ASA CX User Agent Objects
Cisco ASA CX Identity Objects
Cisco ASA CX Source Object and Destination Object Groups
Cisco ASA CX Secure Mobility Objects
Cisco ASA CX Action Profile Objects
Policy Objects in Cisco ASA CX Policies
Tags, Ticket IDs, and Metadata
Lesson 7 Configuring Cisco ASA CX Access Policies
Cisco ASA CX Access Policy Configuration
Cisco ASA CX Application Control Configuration
Cisco ASA CX URL Filtering Configuration
Cisco ASA CX File Filtering Profile Configuration
ASA CX Web Reputation Profile Configuration
Lesson 8 Configuring Cisco ASA CX Identity Policies
Cisco ASA CX Active and Passive Authentications
Cisco ASA CX Authentication Realms
Cisco ASA CX ADI
Cisco ASA CX Identity-Based Policy Configuration
LDAP Authentication Realm and Server Configurations
Active Directory Authentication Realm and Server Configurations
Cisco ASA CX-to-Cisco CDA Integration Configurations
Cisco ASA CX Identity Policies with Active Authentication
Cisco ASA CX Identity Policies with Passive Authentication
Cisco ASA CX Authentication Settings Configuration
Cisco ASA CX Access and Decryption Policies with Identity Objects
Cisco ASA CX User Identity in Event Viewer
Lesson 9 Configuring Cisco ASA CX Decryption Policies
Cisco ASA CX Decryption Policies
Cisco ASA CX Decryption Configurations
Cisco ASA CX Decryption Policy Configuration
Cisco ASA CX Identity, Decryption, and Access Policy Interactions
Lesson 10 Licensing Cisco ASA CX and Cisco PRSM
Cisco ASA CX Licenses
Cisco PRSM License
Cisco ASA CX and Off-Box Cisco PRSM License Management
Lesson 11 Monitoring Cisco ASA CX
Cisco PRSM Dashboards and Reports
Cisco PRSM Event Viewer
Cisco SIO Update Verifications
Lesson 12 Using Cisco PRSM for Administration
Cisco PRSM Administration Menu Options
Configuration Database Backup and Restore
Cisco PRSM Change History
Cisco PRSM User-Account Configuration
Cisco PRSM Server Certificate
Certificate Management Options
Cisco ASA CX and Cisco PRSM Logging-Level Configurations
Lesson 13 Troubleshooting Cisco ASA CX
Cisco ASA CX Access Policies Troubleshooting
Cisco ASA CX Identity-Policy Troubleshooting
Cisco ASA CX Decryption-Policy Troubleshooting
Cisco ASA CX Module Troubleshooting
Module 4: Cisco ASA Cloud Web Security Integration
Lesson 1 Introducing Cisco ASA with Cisco Cloud Web Security
Cisco ASA with Cisco Cloud Web Security
Cisco ScanCenter
Lesson 2 Licensing Cisco ASA with Cisco Cloud Web Security
Cisco ASA with Cloud Web Security Authentication Keys
Lesson 3 Configuring Cisco ASA with Cisco Cloud Web Security
Cisco ASA and Cloud Web Security Proxy-Server Configuration
ScanCenter Generation of an Authentication Key for Cisco ASA
Traffic Redirection from Cisco ASA to Cloud Web Security Proxy Servers
Cisco ASA and Cloud Web Security Proxy Server User-Identity Configuration
Lesson 4 Verifying Cisco ASA and Cloud Web Security Operations
Cisco ASA and Cloud Web Security Operations Verification with the CLI
Cisco ASA and Cloud Web Security Operations Verification by Using Cisco ASDM
Verification of Traffic Redirection from Cisco ASA to Cloud Web Security Proxy Servers
Cisco ASA and Cloud Web Security Syslog Messages
Cisco ASA and Cloud Web Security Operations Verification with debug scansafe
Module 5: Cisco ASA IPv6 Enhancements
Lesson 1: Describing the Cisco ASA IPv4 and IPv6 Unified ACL
IPv4 and IPv6 Unified ACL
IPv4 and IPv6 Unified ACL Migration
Mixed IPv6 and IPv4 Object Groups
IPv4 and IPv6 FQDN Objects
Lesson 2 Describing Other Cisco ASA IPv6 Support Enhancements
NAT46, NAT64, and DNS Doctoring
NAT66 Support
DHCPv6 Relay
OSPFv3 Support
IPv6 Application Inspections
Cisco ASA and Cisco AnyConnect IPv6 VPN Support
Module 6: Cisco ASA Security Group Firewall
Lesson 1 Introducing Cisco Security Group Tagging
Cisco Secure Access Architecture
Lesson 2 Configuring Cisco ASA Security Group Firewall
SG Firewall Configuration
SGACL Operations Monitoring
Module 7: Cisco ASA Multicontext Enhancements
Lesson 1 Describing Cisco ASA Multicontext Mode
Cisco ASA Multicontext Mode
Cisco ASA Security-Context Resource Management
Lesson 2 Describing Multicontext Enhancements in Cisco ASA Software Release 9.0
Mixed-Mode Support in Multicontext Mode
Dynamic-Routing Support in Multicontext Mode
Site-to-Site VPN Support in Multicontext Mode
Module 8: Cisco ASA Cluster
Lesson 1 Describing Cisco ASA Cluster Features
Cluster Performance Figures and Supported Platforms
Cluster Data-Interface Modes
Cluster Data-Interface Connections
CCL Functions
Cluster Master and Slave Unit Election
Centralized, Distributed, and Unsupported Cisco ASA Features
Cluster Dynamic-Routing Operations
Cluster NAT and PAT Operations
Lesson 2 Describing Cisco ASA Cluster Terminology and Data Flows
Cluster Terminology
TCP Sequence Number Randomization
TCP Traffic Flows
Asymmetric UDP Traffic Flows
Short-Lived Traffic Flows
Centralized-Feature Traffic Flows
Traffic Flows with Secondary Connections
TCP Flow Rebalancing
Cluster Health-Check Mechanisms
Lesson 3 Using the CLI to Configure a Cisco ASA Cluster
Cluster Management
Cluster Configuration with the CLI
Cluster Interface-Mode Configuration on Each Unit
CCL Configuration on Each Unit
Cluster Management Interface Configuration from the Master Unit
Spanned EtherChannel (Layer 2) Interface Configuration from the Master Unit
Individual (Layer 3) Interface Configuration from the Master Unit
Cluster Bootstrap Configuration and Enabling Clustering on Each Unit
Sample Configuration of a Two-Unit Cluster with Spanned EtherChannel Interface
Sample Configuration of a Two-Unit Cluster with Individual Interface
How to Configure Other Cluster Options
Lesson 4 Using Cisco ASDM to Configure a Cisco ASA Cluster
Cisco ASDM Cluster Dashboards
Cluster Configuration via Cisco ASDM
Cisco ASDM High Availability and Scalability Wizard
Cisco ASDM ASA Cluster Pane
Lesson 5 Verifying Cisco ASA Cluster Operations
Cluster Licensing
Cluster Interface-Mode Verification
Cluster Member-Status Verification
Cluster Health-Status Verification
Cluster Connections State Table Verification
Cluster EtherChannel Status Verification
Cluster Aggregated ACL Hit-Count Verification
Cluster Memory and CPU Usage Verification
Cluster Traffic-Distribution Verification
TCP Flow-Rebalancing Verification
Cluster Operation Verification via Cisco ASDM
Lesson 6 Troubleshooting a Cisco ASA Cluster
Cluster Packet Captures
Cluster Syslog Messages
The debug cluster CLI Command
Cluster Crashinfo and Coredump
Split-Cluster Scenario
Labs:
Lab 1-1 Remote Lab Environment Access
Lab 1-2 Cisco ASA 5500-X IPS and CX Software Module Installation and Setup
Lab 2-1 Context Directory Agent Configuration
Lab 2-2 ASA Identity-Based Firewall Configuration
Lab 3-1 ASA CX and PRSM Exploration
Lab 3-2 ASA CX Access Policy Configuration
Lab 3-3 ASA CX Identity Policy Configuration
Lab 3-4 ASA CX Decryption Policy Configuration
Lab 3-5 PRSM Administration
Lab 4-1 Cisco ASA and Cloud Web Security Integration