Skip Navigation Links

Course Length:
5 Days
Course Description:
Securing Networks with ASA Fundamentals (SNAF) v1.0 is a five-day, instructor-led, lab-intensive course. This task-oriented course teaches the knowledge and skills needed to configure, maintain, and operate Cisco ASA 5500 Series Adaptive Security Appliances. The course updates Securing Networks with PIX and ASA (SNPA) v5.0. In SNAF 1.0, the ASDM 6.0 graphical user interface (GUI) is used for configuration and monitoring. Although all lessons and labs are now GUI-based, the commands for each configuration task are also presented in the lessons for those who prefer to configure the security appliance via the command line interface (CLI). In SNAF 1.0, lessons have been updated to cover new features in Cisco ASA and PIX Security Appliance Software Version 8.0(2), including Threat detection, Secure logging, Remote command execution in failover pairs, Redundant interfaces, Modular policy framework enhancements, Access control list renaming capability, FTP support for SSL VPN, Onscreen keyboard for the SSL VPN, Administrator-defined customization of all SSL VPN user-visible content, and Personal bookmarks for SSL VPN users.
Who Should Attend:
This course is for Cisco customers who implement and maintain Cisco ASA security appliances, Cisco channel partners who sell, implement, and maintain ASA security appliances, and Cisco engineers who support the sale of ASA security appliances.
Benefits of Attendance:
Upon completion of this course, students will be able to:
  • Explain the functions of the three types of firewalls used to secure today’s computer networks.
  • Describe the technology and features of Cisco security appliances.
  • Explain how appliances protects network devices from attacks and why each is an appropriate choice for the example network.
  • Bootstrap the security appliance, prepare the security appliance for configuration via the Cisco Adaptive Security Device Manager (ASDM), and launch and navigate ASDM.
  • Use ASDM and the CLI to perform essential security appliance configuration.
  • Use ASDM to configure dynamic and static address translations in the security appliance.
  • Use ASDM to configure switching and routing on the security appliance.
  • Use ASDM to configure access control lists, filter malicious active codes, and filter URLs to meet the requirements of the security policy.
  • Use the packet tracer for troubleshooting.
  • Use ASDM to configure object groups that meet the requirements of the security policy.
  • Use ASDM to configure AAA as needed to meet the requirements of the security policy.
  • Use ASDM to configure a modular policy that supports the security policy.
  • Use ASDM to configure protocol inspection to meet the requirements of the security policy.
  • Use ASDM and the CLI to configure threat detection to meet the requirements of the security policy.
  • Use ASDM to configure the security appliance to support a site-to-site VPN that meets the requirements of the security policy.
  • Use ASDM to configure the security appliance to provide secure connectivity using remote access VPNs.
  • Configure the security appliance to run in transparent firewall mode as needed to meet the requirements of the security policy.
  • Enable, configure, and manage multiple contexts as needed to meet the requirements of the security policy.
  • Select and configure the type of failover that best suits the network topology.
  • Monitor and manage an installed security appliance.
Prerequisites:
Students should have Cisco CCNA® certification or the equivalent knowledge, basic knowledge of the Microsoft Windows operating system, and familiarity with networking and security terms and concepts.
Course Outline:
  • Lesson 1: Introducing Cisco Security Appliance Technology and Features
    1. Firewalls
    2. Security Appliance Overview
  • Lesson 2: Introducing the Cisco ASA and PIX Security Appliance Families
    1. Models and Features of Cisco Security Appliances
    2. ASA Licensing
  • Lesson 3: Getting Started with Cisco Security Appliances
    1. User Interface
    2. File Management
    3. Security Appliance Security Levels
    4. ASDM Overview and Operating Requirements
    5. Preparing to Use ASDM
    6. Navigating ASDM Windows
  • Lesson 4: Configuring a Security Appliance
    1. Basic Security Appliance Configuration
    2. Examining Security Appliance Status
    3. Time Setting and NTP Support
    4. Syslog Configuration
  • Lesson 5: Configuring Translations and Connection Limits
    1. Transport Protocols
    2. Network Address Translation
    3. Port Address Translation
    4. Static Translations
    5. SYN Cookies and Connection Limits
    6. Connections and Translations
  • Lesson 6: Using ACLs and Content Filtering
    1. ACLs
    2. Malicious Active Code Filtering
    3. URL Filtering
    4. Packet Tracer
  • Lesson 7: Configuring Object Grouping
    1. Overview of Object Grouping
    2. Configuring Object Groups and Using Them in ACLs
  • Lesson 8: Switching and Routing on Cisco Security Appliances
    1. VLAN Capabilities
    2. Static Routing
    3. Dynamic Routing
  • Lesson 9: Configuring AAA for Cut-Through Proxy
    1. Introduction to AAA
    2. Configuring the Local User Database
    3. Installing Cisco Secure ACS for Windows
    4. Cut-Through Proxy Authentication Configuration
    5. Authentication Prompts and Timeouts
    6. Authorization Configuration
    7. Accounting Configuration
  • Lesson 10: Configuring the Cisco Modular Policy Framework
    1. Modular Policy Framework Overview
    2. Class Map Overview
    3. Policy Map Overview
    4. Using ASDM to Configure a Modular Policy
    5. Configuring a Management Policy
    6. Displaying Modular Policy Framework Commands
  • Lesson 11: Configuring Advanced Protocol Handling
    1. Advanced Protocol Handling
    2. Protocol Application Inspection
    3. Multimedia Support
  • Lesson 12: Configuring Threat Detection
    1. Threat Detection Overview
    2. Basic Threat Detection
    3. Scanning Threat Detection
    4. Configuring and Viewing Threat Detection Statistics
  • Lesson 13: Configuring Site-to-Site VPNs Using Pre-Shared Keys
    1. Secure VPNs
    2. How IPsec Works
    3. Prepare to Configure an IPsec VPN
    4. Configuring a Site-to-Site VPN Using Pre-shared Keys
    5. Modifying the Site-to-Site VPN Configuration
    6. Test and Verify VPN Configuration
  • Lesson 14: Configuring Security Appliance Remote-Access VPNs
    1. Introduction to Cisco Easy VPN
    2. Overview of Cisco VPN Client
    3. Configuring Remote Access VPNs
    4. Configuring Users and Groups
  • Lesson 15: Configuring the Cisco ASA Security Appliance for SSL VPN
    1. SSL VPN Overview
    2. Using the SSL VPN Wizard to Configure Clientless SSL VPN
    3. Verifying Clientless SSL VPN Operations
  • Lesson 16: Configuring Transparent Firewall Mode
    1. Transparent Firewall Mode Overview
    2. How Data Traverses a Security Appliance in Transparent Mode
    3. Configuring Transparent Firewall Mode
    4. Monitoring and Maintaining Transparent Firewall Mode
  • Lesson 17: Configuring Security Contexts
    1. Security Context Overview
    2. Enabling Multiple Context Mode
    3. Configuring Security Contexts
    4. Managing Security Contexts
  • Lesson 18: Configuring Failover
    1. Understanding Failover
    2. Configuring Redundant Interfaces
    3. LAN-Based Active/Standby Failover Configuration
    4. Active/Active Failover Configuration
    5. Remote Command Execution
  • Lesson 19: Managing the Security Appliance
    1. Managing System Access
    2. Configuring Command Authorization
    3. Managing Configurations
    4. Managing Images and Activation Keys
  • Lab 3-1: Prepare to Use ASDM to Configure the Security Appliance
  • Lab 4-1: Configure the Security Appliance with ASDM
  • Lab 5-1: Configure Translations
  • Lab 6-1: Configure Access Lists
  • Lab 7-1: Configure Object Groups
  • Lab 9-1: Configure AAA on the Security Appliance Using Cisco Secure ACS for Windows
  • Lab 11-1: Configure Advanced Protocol Inspection on the Security Appliance
  • Lab 12-1: Configure Threat Detection on the Security Appliance
  • Lab 13-1: Configure Security Appliance Site-to-Site VPN
  • Lab 14-1: Configure a Secure VPN Using IPsec Between a Security Appliance and a Cisco VPN Client
  • Lab 15-1: Configure the Security Appliance to Provide Secure Clientless SSL VPN Connectivity
  • Lab 16-2: Configure Security Appliance Transparent Firewall
  • Lab 18-1: Configure LAN-Based Active/Standby Failover
  • Lab 18-2: Configure LAN-Based Active/Active Failover
  • Lab 19-1: Manage the Security Appliance