Content
Securing Networks with ASA Advanced v1.0
This set of lab exercises contains all exercises associated with the Securing Networks with Cisco ASA Advanced (SNAA) v1.0 course. The lab exercises address a wide range of the Cisco ASA features, from the configuration of NAT, Advanced Protocol Inspection, and routing. Exercises address static and dynamic routing configuration on the ASA. In the exercises, you will also configure different types of the access, ranging from site-to-site VPN tunnels, remote access, clientless access, SSL access, and Cisco Secure Desktop. In one of the exercises you will set and configure Cisco ASA AIP-SSM module. Exercises in this bundle are using ASDM and CLI for configuration and verification of the ASA, and are designed for advanced administrators.
Content
This set of lab exercises contains the following exercises:
- Implementing Advanced NAT
- Implementing MPF for FTP and HTTP
- Dynamic Routing with EIGRP and OSPF
- Site-to-Site with Digital Certificates
- Remote Access with Digital Certificates
- Cisco ASA Clientless SSL VPN
- SSL VPNs with Cisco AnyConnect Client
- Cisco Secure Desktop and Dynamic Access Policy
- Initializing the Cisco ASA AIP-SSM
Objectives
Upon finishing this set of exercises, you will be able to:
- Configure Cisco ASA security appliance for dynamic policy NAT
- Configure Cisco ASA security appliance for static policy NAT
- Verify security appliance NAT configuration using the show commands
- Configure and test advanced FTP inspection
- Configure and test advanced HTTP inspection
- Configure security appliance for dynamic routing using OSPF
- Configure security appliance for dynamic routing using EIGRP
- Redistribute EIGRP routes into the OSPF process
- Verify security appliance dynamic routing configuration
- Troubleshoot EIGRP routing configuration
- Configure the Cisco ASA security appliance for digital certificates
- Configure a LAN-to-LAN IPsec connection profile
- Map an identity certificate to a specific connection profile
- Use the show commands to verify site-to-site VPN operation
- Use the debug commands to troubleshoot site-to-site VPN operation
- Configure the Cisco ASA security appliance for remote access
- Configure the Cisco VPN Client for remote access
- Use the show commands to verify remote-access VPN operation
- Use the debug commands to troubleshoot remote-access VPN operation
- Configure the Cisco ASA security appliance as a Cisco Easy VPN Remote client
- Enable Clientless SSL VPN on the Cisco ASA security appliance
- Configure the Clientless SSL VPN group and user policies
- Configure the client SSL features of file and web browsing, and port forwarding for e-mail access
- Verify SSL VPN access
- Configure the ASA to be a certificate authority (CA)
- Configure an identity certificate from the Cisco ASA local CA
- Configure the Cisco ASA security appliance for Cisco AnyConnect client SSL VPN connections that are installed on the remote system
- Install and configure the Cisco AnyConnect client
- Configure the Cisco ASA security appliance for Cisco AnyConnect client SSL VPN connections through Web Launch
- Verify network connectivity
- Enable the Cisco Secure Desktop on the ASA
- Configure the policies for the Cisco Secure Desktop
- Verify the Cisco Secure Desktop configuration
- Configure a DAP for Cisco AnyConnect client connections
- Verify the DAP for Cisco AnyConnect clients connections
- Verify the AIP-SSM module
- Load IPS recovery software on the AIP-SSM module
- Configure the AIP-SSM setup parameters
- Verify your ability to access AIP-SSM module via IDM and ASDM
- Configure an IPS security policy
- Verify the IPS security policy
Importance
The lab exercises in this set are important for all network engineers, administrators, and designers involved in designing, implementing, and operating security solutions based on Cisco ASA devices.
Target Audience
The primary audience for this course comprises network and system engineers responsible for security solutions deployment and troubleshooting using Cisco ASA devices. Because most of the exercises are done using the Cisco ASDM, labs are also suitable for administrators who wish to expedite and simplify a Cisco ASA configuration process.
Prerequisite Knowledge
To successfully complete exercises, a good knowledge of basic TCP/IP principles, as well as advanced knowledge of Cisco security appliance features and security technologies, such as NAT, IPsec VPNs, IPS, and protocol inspection, is needed. This knowledge is best gained by attending the Securing Networks with Cisco ASA Advanced (SNAA) v1.0 course.