Login to Course Campus | Call Us: 1-877-797-2799  

 

Cisco® Course Listings

Securing Networks with PIX and ASA (SNPA) 5.0

Overview
Skills Taught
Audience
 Prerequisites
Outline
Duration:30 hours
Skill Level:Intermediate
Certifications:N/A
Delivery Type:Expert Encore

Description
The Cisco ASA 5500 Series Adaptive Security Appliance is a high-performance, multifunction security appliance family delivering converged firewall, IPS, network anti-virus and VPN services. As a key component of the Cisco Self-Defending Network, it provides proactive threat mitigation that stops attacks before they spread through the network, controls network activity and application traffic, and delivers flexible VPN connectivity. This course offers training on configuring, maintaining and troubleshooting the ASA 5500 appliance as well as the PIX Firewall appliance to implement the best possible fortress of security for your network.

Skills Taught
Upon completion of the Securing Networks with PIX and ASA (SNPA) course, the student will be able to:
  • Describe Firewall technology and Security Appliance features
  • Describe Security Appliance models, option cards, and licenses
  • Configure the Security Appliance to statically and dynamically translate IP addresses
  • Configure the Security Appliance to control inbound and outbound traffic
  • Configure object groups to simplify ACL configuration
  • Explain the routing functionality of the Security Appliance
  • Configure a modular policy in the Security Appliance
  • Configure advanced protocol handling on the Security Appliance
  • Configure AAA on the Security Appliance
  • Configure active/standby, active/active, and stateful failover on the Security Appliance
  • Load and initialize IPS software on the AIP-SSM module
  • Configure Security Appliance for site-to-site VPN, remote access VPN, and Web VPN
  • Configure VPN Client-to-Security Appliance VPN
  • Configure Security Appliance management
  • Install the Adaptive Security Device Manager and use it to configure and monitor a Security Appliance
Audience
This course is a necessity for any student tasked with implementing or maintaining a secure network. SNPA is also important for candidates seeking Cisco security certifications.

Prerequisites
Learners should first complete the following to benefit fully from this course:
  • Cisco Certified Network Associate (CCNA) certification
  • Basic knowledge of the Windows operating system
  • Interconnecting Cisco Network Devices (ICND)
  • Securing Cisco Network Devices (SND)
Outline
Lesson 1: Cisco Security Appliance Technology and Features
  • What Is a Firewall?
  • Security Appliance: What Is It?
Lesson 2: Cisco PIX and ASA Security Appliance Families
  • PIX Security Appliance Family
  • PIX License Types
  • ASA Security Context Licenses
  • FWSM
Lesson 3: Getting Started with the Cisco Security Appliance
  • Security Appliance Access Modes
  • Viewing and Saving Your Configuration
  • Functions of the Security Appliance – Security Algorithm
  • Security Appliance Basic CLI Commands
  • Show Commands
  • Clock Command
  • Configure Syslog Output to a Syslog Server
  • Getting Started with the Cisco Security Appliance
Lesson 4: Translations and Connections
  • Sessions in an IP World
  • Addressing Scenarios
  • Port Address Translation
  • NAT/Global vs. Static Command
  • Connection Limits
  • Connections vs. Translations
  • Additional Interface Support
  • Configuring Access through the Security Appliance
Lesson 5: Access Control Lists and Content Filtering
  • Security Levels Revisited
  • Java Applet Filtering
  • HTTP URL Filtering
  • Configure ACLs on the Security Appliance
Lesson 6: Object Grouping
  • Using Object Groups in ACLs
  • Configuring and Using Object Groups
  • Configuring Network Object Groups
  • Nested Object Groups
  • Configure Object Groups
Lesson 7: Authentication, Authorization, and Accounting
  • Authentication, Authorization, and Accounting
  • Installation Wizard
  • Types of Security Appliance Access Authentication
  • Cut-Through Proxy Operation
  • Tunnel User Authentication
  • Security Appliance User Authorization
  • Security Appliance Downloadable ACL Authorization
  • Authentication, Authorization, and Accounting
  • Configure AAA Using Cisco Secure ACS for Windows 2000
Lesson 8: Switching and Routing
  • Virtual LANs
  • Static Routes
  • OSPF
  • IP Multicasting
Lesson 9: Modular Policy Framework
  • Modular Policy Framework Overview
  • Assign a Class-Map Name
  • Policy-Map Overview
  • Service-Policy
Lesson 10: Advanced Protocol Handling
  • Need for Advanced Protocol Handling
  • FTP Inspection
  • HTTP Inspection
  • Remote Shell
  • Why Multimedia Is an Issue
  • Configure and Test Advanced Protocol Inspection on the Security Appliance
Lesson 11: Virtual Private Network Configuration
  • Overview – VPNs
  • Five Steps of IPSec
  • Tunnel-group command
  • Tasks to Configure IPSec Encryption
  • Prepare for IKE and IPSec
  • Configure IKE
  • Configure IPSec
  • Test and Verify VPN Configuration
  • CA Server Fulfilling Requests from IPSec Peers
  • Configure Security Appliance Site-to-Site VPN
Lesson 12: Configuring Security Appliance Remote Access Using Cisco Easy VPN
  • The Cisco Easy VPN
  • Cisco VPN Software Client for Windows
  • The Easy VPN Remote Connection Process
  • Group Policy
  • Easy VPN Server General Configuration Tasks
  • Hub and Spoke VPN – Benefits
  • Cisco VPN Client Manual Configuration Tasks
  • Cisco VPN Client Program Menu
Lesson 13: Configuring ASA for Web VPN
  • Web VPN Overview
  • Home Page
  • Enabling the HTTP Server
  • Enable Web VPN Protocol for Group Policy
  • Enable Port Forwarding for Web VPN Users
  • Enable E-mail Proxy for Web VPN Users
  • HTML Content Filtering
Lesson 14: Configuring Transparent Firewall
  • Transparent Versus Routed Firewall
  • Viewing the Current Firewall Mode
  • MAC Address Table
  • Configure Security Appliance Transparent Firewall
Lesson 15: Configuring Security Contexts
  • Virtualization
  • Backing Up the Single Mode Configuration
  • Adding a Context
  • Removing a Security Context
Lesson 16: Failover
  • Hardware and Stateful Failover
  • Serial Cable – Active/Standby Failover
  • LAN-Based Failover Overview
  • Active/Active Failover
Lesson 17: Cisco Adaptive Security Device Manager
  • What Is ASDM?
  • Configure the Security Appliance to Use ASDM
  • ASDM Home Window
  • Multimode Home Page
  • Configuring the Security Appliance with ASDM
Lesson 18: AIP-SSM – Getting Started
  • AIP-SSM Front Bezel
  • AIP-SSM Module – No Software
  • IPS Access
  • Create a Security Policy
Lesson 19: Managing Security Appliance
  • Configuring Telnet Access to the Security Appliance Console
  • Command Authorization Overview
  • Viewing Directory Contents
  • Viewing Version Information
Included Labs
  • Getting Started with the Cisco Security Appliance
  • Configuring Access through the Security Appliance
  • Configure ACLs on the Security Appliance
  • Configure Object Groups
  • Configure AAA Using Cisco Secure ACS for Windows 2000
  • Configure and Test Advanced Protocol Inspection on the Security Appliance
  • Configure Security Appliance Site-to-Site VPN
  • Configure Security Appliance Transparent Firewall
  • Configuring the Security Appliance with ASDM