Cisco ASA Lab Camp v9.0

In this course you will acquire the knowledge and experience regarding the Adaptive Security Appliance (ASA) 9.x and ASA CX.

The focus of this course will be hands-on experience and lab scenarios with Cisco security hardware and software like ASA v9.x, ASA 5515 NGFW, Access Control Server, Context Directory Agent, Catalyst switch Integrated Services Router and ASA 55×5.

Who needs to attend

Who needs to attend?
This course is aimed at network engineers whose responsibilities include implementing Cisco ASA 9.x.

what you will learn

What you will learn
Upon completion you will know how to:

  • Fundamental ASA Configuration from the CLI and ASDM
  • Administrative Access using AAA, TACACS+ and Cisco ACS 5.x
  • Object (Auto) NAT and Manual (Twice) NAT
  • Access Control and Troubleshooting Tools
  • Application Inspection and Control (Deep Packet Inspection)
  • Bootstrapping and configuring CX and IPS software modules
  • Deploying Cisco Context Directory Agent (CDA) with Active Directory
  • Features of Cisco ASA 5500-X Series Next-Generation Firewalls (NGFW ASA CX)
  • SFR (FirePOWER Services) software module integration using FireSIGHT Management Center and access control, intrusion prevention, file policy, network discovery, Active Directory integration, and user based access control
  • CX software module integration using Prime Security Manager (PRSM)
  • CX access policies for URL and application filtering
  • CX identity policies using active and passive authentication
  • CX decryption policies
  • Cloud Web Security (ScanSafe) integration
  • Threat and Botnet Detection
  • Dynamic Routing
  • Transparent Firewall and bridge groups
  • Basic and Advanced Clientless SSL VPN
  • Full tunnel SSL VPN using AnyConnect 3.x Secure Mobility Client
  • Remote Access IPsec IKEv2 using AnyConnect 3.x
  • Easy VPN remote for the SOHO using ASA 5505
  • External AAA authentication of VPN users
  • PKI and VPN integration
  • Host Scan and Dynamic Access Policies (DAP) for VPN
  • IPsec VPN Site-to-site between ASAs and with IOS router
  • ASA and ISE integration for TrustSec Firewall using Security Group Tags
  • Active/Standby Failover
  • ASA clustering including local and spanned EtherChannel

Students need to have:

Course outline

Course Outline

1. Cisco ASA v9.x Essentials

Firewall Technologies
Cisco ASA Features, Hardware, and Licenses

2. Basic Connectivity and Device Management

Managing the Cisco ASA Boot Process
Configuring the Cisco ASA Using the CLI and ASDM
Managing the Cisco ASA Basic Upgrade
Managing Cisco ASA Security Levels and Interfaces
Cisco ASA as DHCP Client and DHCP Server

3. Network Integration

Configuring Object (Auto) NAT and Manual NAT
Connection Table and Local Host Table
Configuring and Verifying Interface and Global ACLs
Configuring and Verifying Object Groups and Public Servers
Static and Dynamic Routing
Multicast Support

4. Cisco ASA Policy Control

Cisco Modular Policy Framework (MPF) Overview
Configuring Layer 3 and Layer 4 Policies
Configuring Layer 5 to Layer 7 Policies including HTTP and FTP inspection

5. Cisco ASA VPN Common Components

VPN Types and Components
VPN Connection Profiles and Group Policies
AAA Including External Policy Storage
Dynamic Access Policy for SSL VPN
PKI for VPN Including Provisioning Server-Side Certificates
Client-Based Certificate Authentication Including SCEP proxy

6. Cisco Clientless VPN Solution

Cisco Clientless SSL VPN
Basic Cisco Clientless SSL VPN
Cisco Clientless SSL VPN Application Access with Application Plug-Ins and Smart Tunnels
Client-side Authentication and Authorization Using AAA Server
Double Client-side Authentication Using AAA Servers

7. Cisco AnyConnect Full Tunnel VPN Solution

Cisco AnyConnect SSL VPN
Split Tunneling
IP Address Pools and Identity NAT
DTLS and TLS Tunnels
Cisco AnyConnect Client Configuration Management
Trusted Network Detection and Start Before Logon options
Certificate-Based Server Authentication
Client Enrollment Methods and Certificate-Based Authentication
Two-Factor Authentication
Local Authorization and External Authorization
AnyConnect Support for IKEv2
Making IPsec the Primary Protocol for a Host Entry

8. Cisco ASA High Availability and Virtualization

EtherChannel and Redundant Interfaces
Multiple-Context Mode

9. Cisco Next Generation Firewall

Introducing the Cisco ASA 5500-X Series NGFW
Introducing the Cisco ASA 1000V Cloud Firewall
Introducing the Cisco ASAv
Introducing the Cisco ASASM

10. Cisco ASA Identity Firewall

Describing the Cisco IDFW Solution
Setting Up Cisco CDA
Configuring Cisco CDA
Configuring Cisco ASA IDFW
Verifying and Troubleshooting Cisco ASA IDFW

11. Cisco ASA FirePOWER (SFR) Module

Installing Cisco ASA 5500-X Series FirePOWER (SFR) Module
Cisco Virtual FireSIGHT Management Center

12. Cisco ASA Cloud Web Security Integration

Introducing Cisco ASA with Cisco Cloud Web Security
Licensing Cisco ASA with Cisco Cloud Web Security
Configuring Cisco ASA with Cisco Cloud Web Security
Verifying Cisco ASA with Cisco Cloud Web Security
Describing the Web Filtering Policy in Cisco ScanCenter
Cisco Cloud Web Security Advanced Malware Protection and Threat Analytics

13. Cisco ASA Cluster

Describing Cisco ASA Cluster Features
Describing Cisco ASA Cluster Terminology and Data Flows
Using the CLI to Configure a Cisco ASA Cluster
Using the ASDM to Configure a Cisco ASA Cluster
Verifying Cisco ASA Cluster Operations
Troubleshooting a Cisco ASA Cluster Operations
Describing Cisco ASA v9.1.4 and later Clustering Features

14. Cisco ASA CX

Cisco ASA CX (Next-Generation Firewall)
Cisco Off-Box PRSM and Cisco ASA CX
PRSM Device Discovery and Configuration Import
Cisco ASA CX Policy Objects
Cisco ASA CX Access Policies
Cisco ASA CX Identity Policies
Cisco ASA CX Decryption Policies
Cisco PRSM for Administration

15. Cisco ASA IPv6 Enhancements

Cisco ASA IPv4 and IPv6 Unified ACL
Other Cisco ASA IPv6 Support Enhancements

16. Cisco ASA Security Group Firewall

Cisco Security Group Tagging Overview
Configuring Cisco ASA Security Group Firewall

17. Cisco ASA Multicontext Enhancements

Cisco ASA Multicontext Mode
Multicontext Enhancements in Cisco ASA Software Release 9.0