Content
Securing Networks with ASA Advanced v1.0
The Securing Networks with ASA Advanced (SNAA) course teaches how to configure advanced features of the Cisco security appliance ASA 5500 such as: dual-ISP support, VLANs, policy NAT, Cisco Secure Desktop, passing of the multicast traffic and EIGRP, VPNs (Easy VPN, SSL VPN, AnyConnect VPN), Layer 7 class maps and policy maps, initializing the AIP-SSM and CSC-SSM. The course also utilizes the graphical user interface instead of the command line interface for explanation and discussions of configuring the ASA. The SNAA course takes a task-oriented approach to teaching the skills to deploy, configure, and administer the Cisco ASA using a fictional company's deployment of an ASA which is based on real world scenarios.
Objectives
Upon finishing this course, you will be able to:
Configure policy NAT based on traffic type
- Describe the Layer 7 Modular Policy Framework for the security appliance and how it is configured
- Describe the Layer 7 advanced protocol handling capabilities of Modular Policy Framework and how it is configured
- Identify the steps needed to configure the security appliance to segment traffic with VLANs
- Identify the steps need to configure the security appliance for dynamic routing
- Explain the components and functionality of IPsec, and explain what digital certificates are and how they are used
- Identify the steps needed to configure the security appliance to establish LAN-to-LAN tunnels with the digital certificate
- Identify the necessary steps to configure the IPsec VPN client using digital certificates
- Identify the necessary steps to configure the security appliance for remote access using digital certificates
- Explain the advanced remote access features of the security appliance
- Determine the necessary configuration for the ASA 5505 Adaptive Security Appliance to be a VPN hardware client
- Identify the steps to configure QoS for VPN traffic
- List the steps needed to configure the WebVPN functionality of the security appliance
- Identify the basic Clientless SSL VPN features of the security appliance
- Configure full network access SSL VPNs using the Cisco AnyConnect VPN Client
- List the features and functionality of the Cisco Secure Desktop
- Configure Cisco Secure Desktop and DAP for SSL VPN connections on the security appliance
- Identify and list the characteristics of the service modules for the security appliance
- Identify the steps needed to configure, inspect, and filter traffic with the Cisco CSC-SSM
- Identify the steps needed to configure the security appliance to identify, alert, and defend against attacks
Audience
The primary audience for this course comprises Cisco customers who implement and maintain Cisco ASA security appliances. Cisco channel partners who sell, implement, and maintain Cisco ASA security appliances and Cisco engineers who support the sale of Cisco ASA security appliances will benefit from the course as well.
Prerequisite Knowledge
Cisco CCNA certification or the equivalent knowledge
Course Outline
Advanced NAT
- Applying NAT 0 and Policy NAT
Advanced Protocol Handling
- Applying the Cisco Modular Policy Framework
- Handling Advanced Protocols
Dynamic Routing and Switching
- Switching with VLANs
- Routing with Dynamic Protocols
IPsec VPNs
- Understanding IPsec and Digital Certificates
- Implementing Site-to-Site VPNs with Digital Certificates
- Configuring the Cisco VPN Client
- Implementing Remote-Access VPNs with Digital Certificates
- Configuring Advanced Remote-Access Features and Policy
- Configuring the ASA 5505 as a Cisco Easy VPN Hardware Client
- Configuring QoS for IPsec VPNs
SSL VPNs
- Understanding SSL VPN Technology
- Configuring Clientless SSL VPNs
- Configuring Full Network Access SSL VPNs
- Cisco Secure Desktop
- Securing the Desktop with Cisco Secure Desktop and DAP
Security Services Modules
- Examining the Cisco SSMs
- CSC-SSM: Getting Started
- AIP-SSM: Getting Started