Network Training - Course Details

ASACAMP-ASALC ASACAMP - ASA Lab Camp

Network Training Course Description:
Based on our enhanced FIREWALL v2 and VPN v2 courses, this exclusive, lab-based course is designed to provide you with the most Adaptive Security Appliance (ASA) 8.4-based lab experience possible in just five days.
Network Training Course Duration:
5 DAYS
Network Training Course Target Audience:
Security professionals looking for the most hands-on experience possible in five days,Network security engineers who prefer to learn by doing,Motivated self-starters looking to get all the materials required to prepare for the FIREWALL v2 and VPN v2 CCNP Security certification exams
Network Training Course Prerequisite:
NONE
Course Content:

  • FIREWALL v2

  • 1. Cisco ASA Adaptive Security Appliance Essentials

    • Technologies
    • Families
    • Licensing Options

  • 2. Basic Connectivity and Device Management

    • Preparing the Cisco ASA Adaptive Security Appliance for Network Integration
    • Managing Basic Cisco ASA Adaptive Security Appliance Network Settings
    • Configuring Cisco ASA Adaptive Security Appliance Device Management Features

  • 3. Network Integration

    • Configuring Cisco ASA Adaptive Security Appliance NAT Features
    • Configuring Cisco ASA Adaptive Security Appliance Basic Access Control Features
    • Configuring Cisco ASA Adaptive Security Appliance Routing Features
    • Configuring the Cisco ASA Adaptive Security Appliance Transparent Firewall

  • 4. Cisco ASA Adaptive Security Appliance Policy Control

    • Cisco ASA Adaptive Security Appliance MPF
    • Configuring Cisco ASA Adaptive Security Appliance Connection Policy and QoS Settings
    • Configuring Cisco ASA Adaptive Security Appliance Advanced Application Inspections
    • Configuring Cisco ASA Adaptive Security Appliance User-Based Policies

  • 5. Cisco ASA Adaptive Security Appliance High Availability and Virtualization

    • Configuring Cisco ASA Adaptive Security Appliance Interface Redundancy Features
    • Configuring Cisco ASA Adaptive Security Appliance Active/Standby High Availability
    • Configuring Cisco ASA Adaptive Security Appliance Security
    • Configuring Cisco ASA Adaptive Security Appliance Active/Active High Availability

  • VPN v2

  • 1. Cisco ASA Adaptive Security Appliance VPN Architecture and Common Components

    • Evaluating the Subsystem Architecture
    • Evaluating the Software Architecture
    • Implementing Profiles, Group Policies, and User Policies
    • Implementing PKI Services

  • 2. Cisco ASA Adaptive Security Appliance Clientless Remote Access SSL VPN Solutions

    • Deploying Basic Clientless VPN Solutions
    • Deploying Advanced Application Access for Clientless SSL VPNs
    • Deploying Advanced Authentication and SSO for Clientless SSL VPNs
    • Customizing the Clientless S SL VPN User Interface and Portal

  • 3. Cisco AnyConnect Remote Access SSL Solutions

    • Deploying a Basic Cisco AnyConnect Full-Tunnel SSL VPN Solution
    • Deploying an Advanced Cisco AnyConnect Full-Tunnel SSL VPN Solution
    • Deploying Advanced AAA in Cisco Full-Tunnel VPNs

  • 4. Cisco ASA Adaptive Security Appliance Remote Access IPsec VPNs

    • Deploying Cisco Remote Access VPN Clients
    • Deploying Basic Cisco Remote Access IPsec VPN Solutions

  • 5. Cisco ASA Adaptive Security Appliance Site-to-Site IPsec VPN Solutions

    • Deploying Basic Site-to-Site IPsec VPNs
    • Deploying Advanced Site-to-Site IPsec VPNs

  • 6. Endpoint Security and High Availability for Cisco ASA VPNs

    Remember, you can repeat labs, test scenarios of your own creation, and experiment with the ASA 8.4 operating system. Besides having access from within the classroom with the support of your instructor during normal class hours, you will also have 24-hour Internet access to your pod during the week of class.

  • FIREWALLv2:

  • Lab 1: Preparing the ASA for Administration

    • Access the ASA Console Port
    • Clear the Existing Configuration
    • Take Inventory of the ASA
    • The Setup Dialog
    • Set the Environment Variables
    • Enable SSH
    • Setup ASDM
    • Persistent Self-Signed Certificate
    • Verify the ASA Configuration

  • Lab 2: Fundamental ASA Configuration

    • Configure Interfaces
    • Configure Static Routes
    • Test Connectivity
    • Configure NTP
    • Configure Syslog
    • Configure SNMP
    • Configure DHCP Server
    • Verify the ASA Configuration

  • Lab 3: AAA for Administrative Access

    • Privilege Level Authorization
    • Configure ACS and ASA Communication
    • Configure ACS Integration with Active Directory
    • User Authentication using TACACS+
    • User Authorization using TACACS+
    • Command Authorization using TACACS+
    • Command Accounting using TACACS+
    • Verify the ASA Configuration

  • Lab 4: Network Address Translation

    • Object NAT (for Dynamic PAT)
    • Object NAT (for Dynamic NAT)
    • Object NAT (for Static NAT)
    • Twice NAT
    • Verify the ASA Configuration

  • Lab 5: Basic Access Control

    • Understand the Policy Objectives
    • Configure Object Groups
    • Configure Global Policy
    • Configure Outside Policy
    • Configure DMZ Policy
    • Configure Inside Policy
    • Verify the ASA Configuration

  • Lab 6: ICMP, uRPF, and Troubleshooting Tools

    • Configure ICMP Policy
    • Configure uRPF Policy
    • Ping TCP
    • Debug Commands
    • Packet Tracer
    • Packet Capture

  • Lab 7: Transparent Firewall

    • Scenario
    • Access the Security Appliance Console
    • Configure Transparent Firewall Mode
    • Bridge Groups, Interfaces, and Management Address
    • Configure the Switching Fabric
    • Test Connectivity Through the Security Appliance
    • Prepare the ASA for and Launch ASDM
    • Test Inbound Policy with ASDM
    • Verify the ASA Configuration
    • Revert the Configuration

  • Lab 8: Basic Protocol Inspection

    • Basic FTP Inspection
    • Basic HTTP Inspection
    • TTL Manipulation
    • Troubleshoot Traceroute
    • TCP Maps
    • Legacy Application Support
    • Verify the ASA Configuration

  • Lab 9: Advanced Protocol Inspection

    • Enforcing HTTP RFC Compliance
    • Block an Undesirable HTTP Application
    • Filter Content within HTTP
    • Verify the ASA Configuration

  • Lab 10: User-Based Policies

    • Configure ACS and ASA Communication
    • Configure ACS Integration with Active Directory
    • Cut-Through Authentication
    • Exclusive - User Authentication Timeouts
    • Virtual Telnet Server
    • Downloadable ACLs
    • Per User Override
    • AAA Accounting
    • Verify the ASA Configuration

  • Lab 11: Active/Standby Failover

    • Prepare the Primary ASA for Failover via ASDM
    • Configure the Failover Prompt
    • Prepare the Secondary ASA for Failover via the CLI
    • Turn Failover On and Verify Status
    • Test Failover Operation
    • Return to a Normal State
    • Demonstrate Configuration Replication
    • Verify the ASA Configuration

  • Lab 12: Active/Active Failover

    • Prepare the Primary ASA for Failover via ASDM
    • Prepare the Secondary ASA for Failover via the CLI
    • Turn Failover On and Verify Status
    • Demonstrate Command Replication and Failover Exec
    • Enable Preemption
    • Test Failover Operation
    • Return to a Normal State
    • Verify the ASA Configuration

  • VPN v2:

  • Lab 1: Licensing, ACS, and Public CA

    • Licensing Scenario Design Challenges
    • Configure ACS and ASA Communication
    • Configure ACS Integration with Active Directory
    • Create an ACS Identity Sequence and Test Authentication
    • Manually Obtain SSL Certificates from a Public CA
    • Verify the ASA Configuration
    • Design Challenge Answers

  • Lab 2: Basic Clientless SSL VPN

    • Enable DNS Lookups to Facilitate the Portal
    • Enable and Test Clientless SSL VPN
    • Connection Profiles and Group Policies
    • Connection Profile Lock Using ACS
    • Browsing Policies for Group Policies
    • Bookmark Lists for Group Policies
    • Navigating without Using the URL Entry Field
    • WebType ACLs
    • Verify the ASA Configuration

  • Lab 3: Clientless SSL VPN

    • Implement and Test Port Forwarding
    • Implement and Test Smart Tunnels
    • Implement and Test SSL VPN Plug-Ins
    • Verify the ASA Configuration

  • Lab 4: Customizations and Auto Sign-On

    • Update the Customization used by DfltGrpPolicy
    • Update the Customization used by Partner-Policy
    • Auto Sign-On
    • Variable Substitution in URLs
    • OWA with Single Sign-On
    • Verify the ASA Configuration

  • Lab 5: Basic AnyConnet Full Tunnel SSL VPN

    • Configure Address Assignment Policy and Pools
    • Enable AnyConnect and Upload Client to the ASA
    • Configure SSL Protocols
    • Modify Connection Profiles and Group Policies
    • Install the AnyConnect Client using WebLaunch
    • Configure NAT for Remote Access VPN
    • Allow Internet Access via Split Tunneling
    • Allow Internet Access via Hairpin
    • Modify a Local Group Policy
    • Configure a Centralized Group Policy
    • Verify the ASA Configuration

  • Lab 6: AnyConnect Centralized Management

    • Upgrade the AnyConnect Client
    • Customize AnyConnect Icons
    • AnyConnect XML Profiles
    • DTLS and TLS Fallback
    • Install a Pre-Deployed Image of AnyConnect and DART
    • Verify the ASA Configuration

  • Lab 7: Local CA and SCEP Proxy

    • Manually Obtain SSL Certificate from a Public CA
    • Prepare the ASA to Accept SSL VPN Connections
    • Install the AnyConnect Client and Test Connectivity
    • Configure a New Local Group Policy
    • Configure a Centralized Group Policy
    • Verify the ASA Configuration

  • Lab 8: Remote Access IP Sec VPN

    • Enable IKEv2 IPSec Remote Access VPN
    • Reset the AnyConnect Client on the Win7-PC
    • Download and Test the IPSec AnyConnect Profile
    • IKEv2 with Certificate-Based Authentication
    • Enable IKEv1 IPSec Remote Access VPN
    • Verify the ASA Configuration

  • Lab 9: IP Sec Site-to-Site VPN

    • Existing Configuration
    • Verify an IKEv1 Policy
    • Build the Site-to-Site Connection Profile
    • Adjust NAT Policies for VPN
    • Verify Tunnel Status
    • Monitor Session Establishment with Debug
    • Control Site-to-Site Traffic with a Filter
    • Update the VPN Configuration for PKI Support
    • Verify the ASA Configuration

  • Lab 10: Cisco Secure Desktop and Dynamic Access Policies

    • Enable the Cisco Secure Desktop
    • Configure CSD Prelogin Policy
    • Test Pre-Login Policy Operation
    • Test the Secure Desktop Operation
    • Extended Configuration of CSD
    • Host Scan and Dynamic Access Policy
    • AAA Attributes and DAP
    • Priority of Dynamic Access Policies
    • Verify the ASA Configuration

  • Lab 11: VPN Server Load Balancing

    • Configure Dynamic Routing and RRI
    • Configure the Load Balancing Cluster
    • Verify Load Balancing with Clientless SSL VPN
    • Verify Load Balancing with AnyConnect
    • Verify Load Balancing with Easy VPN IPsec Remote Access
    • Explore High Availability Behavior
    • Default Route for Tunneled Traffic
    • Verify the ASA Configuration

  • Exclusive ASA e-Labs:

  • e-Lab 1: Troubleshooting with Syslog and Show Commands

    • Syslog
    • Show Commands

  • e-Lab 2: Threat Detection

    • Basic Threat Detection
    • Threat Detection Statistics
    • Enable TCP Intercept
    • TCP Intercept in Action

  • e-Lab 3: Dynamic Routing - EIGRP and OSPF

    • Scenario
    • Configure Non-ASA Devices for EIGRP and OSPF
    • Modify the ASA in Preparation for Dynamic Routing
    • Configure OSPF on the ASA
    • Configure EIGRP on the ASA
    • Verify Routing Operations
    • Enable Route Redistribution and Verify the Results

  • e-Lab 4: AIP-SSM

    • Recover the AIP-SSM Image
    • Initial Setup of the AIP-SSM
    • AIP-SSM Management Connection Options
    • Configure the ASA MPF to use the AIP-SSM Inline
    • Verify IPS Operation
    • Tune a Signature and Verify the Result
    • Verify the ASA and AIP-SSM Configurations

  • e-Lab 5: Redundant Interfaces and EtherChannel

    • Configure the Switch Fabric
    • Configure a Redundant Outside Interface on the ASA
    • Verify the Configuration
    • Configure EtherChannel on the Inside Interface of the ASA
    • Configure EtherChannel on the Switch Fabric
    • Verify the Configuration

  • e-Lab 6: Easy VPN - HW Client (5505)

    • Initial Configuration of Easy VPN Server
    • Easy VPN Remote on the 5505
    • Easy VPN Network Extension Mode
    • Easy VPN Extended Authentication Options
    • Verify the ASA Configuration

  • e-Lab 7: Upgrade 8.2 to 8.4

    • Save the 8.2 Configurations
    • Perform the 8.2 to 8.4 Upgrade
    • Test Functionality After the Upgrade
    • Compare the 8.2 and 8.4 Configurations
    • Clean Up the Network Object Names
    • Explore New Features in ASDM 6.4

  • E-Lab 4: Exclusive - Network Address Translation (ASA 8.3(2)/ASDM 6.3(4))

    • Configure PAT
    • Configure Dynamic NAT
    • Configure Static NAT
    • Configure Twice NAT
    • Emulate NAT Control
    • Verify the ASA Configuration

  • E-Lab 5: Exclusive - Basic Access Control (ASA 8.3(2)/ASDM 6.3(4))

    • Policy Objectives
    • Configure Object Groups
    • Configure Outside Policy
    • Configure ICMP Policy
    • Configure DMZ Policy
    • Configure Inside Policy
    • Unicast Reverse Path Forwarding Enforcement
    • Verify the ASA Configuration