Network Training - Course Details

ASAEv20-ASAEv20 ASAE v2.0 - ASA Essentials v2.0

Network Training Course Description:
If you need to get up to speed quickly with Cisco's Adaptive Security Appliance (ASA), this is the course for you. We combined the most important content from Cisco's Authorized FIREWALL v2.0 and VPN v2.0 courses to hone in on the most crucial aspects of the ASA
Network Training Course Duration:
5 DAYS
Network Training Course Target Audience:
Network administrators, managers, and coordinators,Anyone who requires fundamental training on the ASA,Security technicians, administrators, and engineers
Network Training Course Prerequisite:
NONE
Course Content:

  • 1. Cisco ASA Essentials

    • Evaluating Cisco ASA Technologies
    • Identifying Cisco ASA Families

  • 2. Basic Connectivity and Device Management

    • Preparing the Cisco ASA for Network Integration
    • Managing Basic Cisco ASA Network Settings
    • Configuring Cisco ASA Device Management Features

  • 3. Network Integration

    • Configuring Cisco ASA NAT Features
    • Configuring Cisco ASA Basic Access Control Features

  • 4. Cisco ASA Policy Control

    • Cisco ASA Modular Policy Framework
    • Configuring Cisco ASA Connection Policy

  • 5. Cisco ASA VPN Architecture and Common Components

    • Implementing Profiles, Group Policies, and User Policies
    • Implementing PKI Services

  • 6. Cisco ASA Clientless Remote Access SSL VPN Solutions

    • Deploying Basic Clientless VPN Solutions
    • Deploying Advanced Application Access for Clientless SSL VPNs

  • 7. Cisco AnyConnect Remote Access SSL Solutions

    • Deploying a Basic Cisco AnyConnect Full-Tunnel SSL VPN Solution

  • 8. Cisco ASA Remote Access IPsec VPNs

    • Deploying Cisco Remote Access VPN Clients
    • Deploying Basic Cisco Remote Access IPsec VPN Solutions

  • 9. Cisco ASA Site-to-Site IPsec VPN Solutions

    • Deploying Basic Site-to-Site IPsec VPNs
    • Deploying Advanced Site-to-Site IPsec VPNs

  • 10. Cisco ASA High Availability and Virtualization

    These labs are enhanced versions of what you'll find in Cisco's FIREWALL and VPN courses. Streamlined and built to work with our unique lab topology, these labs give you hands-on practice that is vital to mastering the course concepts. Each lab builds upon the configurations and policies you set in previous labs better representing your real-world, on-the-job environment.

  • Lab 1: Prepare the ASA for Administration

    • Prepare the ASA for remote administration by both SSH and HTTPS/ASDM
    • Access the ASA via its physical console port and reset the configuration to factory defaults
    • Use the setup dialog to configure the inside interface
    • Enable ASDM access via HTTP
    • Enable SSH from the CLI
    • Test SSH access from the Admin-PC
    • Install and configure ASDM on the Admin-PC and test initial access with ASDM
    • Prepare a persistent self-signed digital certificate for use for ASDM

  • Lab 2: Fundamental ASA Configuration

    • Configure basic ASA settings including static routes
    • Configure the Inside, Outside, and DMZ interfaces
    • Configure authenticated NTP support, syslog, and SNMP support
    • Configure DHCP Server
    • Use different features to test the behavior of the ASA

  • Lab 3: Network Address Translation (NAT)

    • Configure object NAT for dynamic PAT
    • Configure object NAT for dynamic NAT
    • Configure object NAT for static NAT
    • Configure twice NAT
    • Test and verify the results of the configuration on the communicating host systems and the ASA
    • Configure and monitor address translation
    • Differences between the ASA's translation and connection tables

  • Lab 4: Basic Access Control

    • Object groups
    • Configure global policy
    • Configure access policy to allow access to public services running on the DMZ-Srv from the outside
    • Configure access policy to allow unrestricted access from the Inside network

  • Lab 5: Basic Protocol Inspection

    • Explore the ASA's simple application layer inspection using FTP and HTTP
    • Use the modular policy framework to inspect Layer 3 and Layer 4 packet headers
    • Control traffic based on information received
    • Work with TTL Decrementation and TCP Maps
    • Configure the ASA to work with custom dynamic applications

  • Lab 6: Licensing, ACS, and Public CA

    • Work with licensing scenario design challenges
    • Configure the ASA and ACS 5.2 integration for AAA
    • Configure ACS 5.2 integration with Active Directory
    • Create an ACS 5.2 identity sequence and test authentication
    • Manually Obtain SSL certificates from a public CA

  • Lab 7: Basic Clientless SSL VPN

    • Enable DNS lookups to facilitate the portal
    • Enable and test clientless SSL VPN
    • Connection profiles and group policies
    • Connection profile lock using ACS 5.2
    • Browsing policies for group policies
    • Bookmark lists for group policies
    • Navigating without using the URL entry field
    • Work with WebType ACLs

  • Lab 8: Clientless SSL VPN - Thin Apps

    • Implement and test port forwarding
    • Implement and test smart tunnels
    • Implement and test SSL VPN plug-ins

  • Lab 9: Basic AnyConnect Full Tunnel SSL VPN

    • Configure address assignment policy and pools
    • Enable AnyConnect and upload client to the ASA
    • Configure SSL protocols
    • Modify Connection profiles and group policies
    • Install the AnyConnect client using WebLaunch
    • Configure NAT for remote access VPN
    • Allow Internet access via Split Tunneling
    • Allow Internet access via Hairpin
    • Modify local as well as centralized group policy

  • Lab 10: Remote Access IPSec VPN

    • Enable IKEv2 IPSec remote access VPN
    • Reset the AnyConnect Client on the Win7-PC
    • Download and test the IPSec AnyConnect profile
    • Implement IKEv2 with certificate-based authentication
    • Enable and test IKEv1 IPSec remote access VPN

  • Lab 11: IPSec Site-to-Site VPN

    • Configure a site-to-site tunnel from HQ to Site1
    • Use ASDM to configure the building blocks of the tunnel configuration and see how they work together
    • Modify the NAT configuration on the ASA to conform with tunnel requirements
    • Monitor tunnel status from the CLI, ASDM, and syslog
    • Analyze tunnel establishment by following debug messages
    • Apply a group policy to prevent systems on at Site1 from reaching the management subnet on the HQ network
    • Update the VPN configuration for PKI support

  • Lab 12: Active/Standby Failover

    • Configure two ASAs for Active/Standby failover
    • Prepare the primary ASA for failover using ASDM and configure the secondary ASA via the CLI
    • Verify failover status and perform a failover scenario to see how services resume when the standby systems assume the active role
    • Return the systems back to their base failover state