Based on our enhanced Cisco FIREWALL 1.0 and VPN 1.0 courses, our ASA e-Camp allows you to gain a solid foundation of practical knowledge of the Cisco ASA 5500 Series Adaptive Security Appliance (ASA) at your own pace. You will learn how to configure, maintain, and operate firewall features and VPN solutions.

The bundle includes:

• Interactive and engaging self-paced FIREWALL and VPN study materials
• Pre- and post-assessment questions that test your knowledge and help you concentrate on specific learning objectives
• Knowledge checks interspersed throughout the course content to ensure you understand lessons as you go
• 30 e-Lab credits good for one year, so you can practice on live labs at your own pace

What You'll Learn

• Technology and features of the Cisco ASA
• Cisco ASA product family
• How ASAs and Cisco PIX Security Appliances protect network devices from attacks
• Bootstrap the security appliance
• Prepare the security appliance for configuration via the Cisco Adaptive Security Device Manager (ASDM)
• Launch and navigate ASDM
• Perform essential security appliance configuration using ASDM and the CLI
• Configure dynamic and static address translations
• Configure access policy based on Access Control Lists (ACLs)
• Use object groups to simplify ACL complexity and maintenance
• Use the Modular Policy Framework to provide unique policies to specific data flows
• Handle advanced protocols with application inspection
• Deep packet inspection of application layer traffic
• Troubleshoot with Syslog, Packet Tracer, and packet capture
• Configure access-control based on authenticated users
• Configure threat detection to meet security policy requirements
• Configure the security appliance to run in transparent firewall mode
• Enable, configure, and manage multiple contexts to meet security policy requirements
• Select and configure the type of failover that best suits the network topology
• Monitor and manage an installed security appliance
• Initialize ASA Security Service Modules including the AIP-SSM and CSC-SSM
• Implement site-to-site IPsec VPN
• Implement remote access IPsec and SSL VPNs
• Work with both the Cisco IPsec VPN client software and the hardware client built into the ASA 5505
• Deploy clientless SSL VPN access, including portal customization, smart tunnel access, and web-type ACLs
• Implement single sign-on for clientless VPN access to internal resources
• Deploy full tunnel SSL VPN using the Cisco AnyConnect VPN Client
• Determine and enhance the security posture of remote SSL VPN systems using Cisco Secure Desktop
• Use digital certificates and PKI infrastructure for peer identity management in all classes of VPN
• Configure the ASA as a Certificate Authority for SSL VPN access
• Configure access control policies to implement your security policy across all classes of VPN
• Use Dynamic Access Policies (DAP) to adapt a remote user's VPN policy to the user's current situation
• Implement High Availability and scalability features for Cisco ASA VPN solutions

Who Needs to Attend

• Anyone who implements and maintains VPN features and firewalls on Cisco ASA
• Network security specialists and technicians
• Candidates seeking CCNP Security certification

Prerequisites

There are no prerequisites for this course.

Follow-On Courses

• IPS - Implementing Cisco Intrusion Prevention System v7.0
• SECURE - Securing Networks with Cisco Routers and Switches

Course Outline

FIREWALL

1. Cisco ASA Adaptive Security Appliance

• Technology and Features
• ASA Family

2. Basic Connectivity and Device Management

• Cisco ASA and Cisco ASDM
• Interfaces and Static Routing
• Basic Device Management Features
• Management Access

3. Cisco ASA Access Control Features

• Basic Access Control
• Modular Policy Framework
• Basic Stateful Inspection Features
• Application-Layer Policies
• Advanced Access Controls
• Resource Limits and Guarantees
• User-Based Policies

4. Cisco ASA Network Integration Features

• Network Address Translation
• Transparent Firewall Operations

5. Cisco ASA Virtualization and High Availability Features

• Virtualization Features
• Redundant Interfaces
• Active/Standby High Availability Failover
• Active/Active High Availability Failover

6. Cisco ASA Security Service Modules

• AIP-SSM and AIP-AIP-SSC Module Integration
• CSC-SSM Module Integration

VPN

1. Evaluating the Cisco ASA VPN Subsystem

• ASA Software Architecture
• Common Cisco ASA Remote Access VPN Concepts

2. ASA IPsec VPN Solutions

• Basic Site-to-Site IPsec VPNs
• Certificate Authentication in Site-to-Site IPsec VPNs
• Cisco IPsec VPN Client
• Basic Easy VPN Solutions
• Advanced Authentication
• Cisco ASA 5505

3. ASA AnyConnect Remote Access VPN Solutions

• Basic AnyConnect Full Tunnel SSL VPN Solution
• Advanced Deployment
• Advanced Authentication in AnyConnect Full Tunnel SSL VPNs

4. ASA Clientless SSL Remote Access VPN Solutions

• Basic Clientless SSL VPN Solution
• Advanced Application Access for Clientless SSL VPN
• Advanced Authentication
• Single Sign-On in a Clientless SSL VPN
• Customize the Clientless SSL VPN User Interface and Portal

5. Advanced Cisco ASA VPN Solutions

• VPN Authorization and Accounting
• Cisco Secure Desktop in SSL VPNs
• Dynamic Access Policies
• High Availability and High Performance in SSL and IPsec VPNs

Labs

FIREWALL

Lab 1: Enhanced - Preparing for Administration

Lab 2: Enhanced - Fundamental Configuration

Lab 3: Enhanced - AAA for Administrative Access

Lab 4: Enhanced - Network Address Translation

Lab 5: Enhanced - Basic Access Control

Lab 6: Exclusive - Troubleshooting Tools

Lab 7: Enhanced - Basic Protocol Inspection

Lab 8: Enhanced - Advanced Protocol Inspection

Lab 9: Enhanced - Advanced Access Control

Lab 10: Enhanced - User Based Policies

Lab 11: Enhanced - Transparent Firewall and Security Contexts

Lab 12: Enhanced - Active/Standby Failover

Lab 13: Enhanced - Active/Active Failover

VPN

Lab 1: Enhanced - Basic Cisco ASA IPsec Site-to-Site VPN

Lab 2: Enhanced - Certificate-Based Cisco ASA IPsec Site-to-Site VPN

Lab 3: Enhanced - Basic Easy VPN

Lab 4: Enhanced - Advanced Easy VPN Server AAA Features

Lab 5: Enhanced - Cisco ASA 5505 as a Hardware Easy VPN Client

Lab 6: Enhanced - Basic Cisco AnyConnect Full Tunnel SSL VPN

Lab 7: Enhanced - ASA Local Certificate Authority

Lab 8: Enhanced - Centralized Management of the Cisco AnyConnect Client

Lab 9: Enhanced - Basic Clientless SSL VPN

Lab 10: Enhanced - Advanced Application Access with Clientless SSL VPN

Lab 11: Enhanced - Customizing the SSL VPN Portal

Lab 12: Enhanced - Advanced SSL VPN Access Policies

Lab 13: Enhanced - Cisco Secure Desktop and Dynamic Access Policies

Lab 14: Enhanced - High Availability and Scalability with VPN Server Load Balancing