Podcast
Questions and Answers
What is the maximum number of physical interfaces that an ASA 5505 can support?
What is the maximum number of physical interfaces that an ASA 5505 can support?
8
What are the three modes of operation for the ASA?
What are the three modes of operation for the ASA?
The ASA uses a wildcard mask for network addresses.
The ASA uses a wildcard mask for network addresses.
False
What is the command used to configure an extended access list?
What is the command used to configure an extended access list?
Signup and view all the answers
What is the name of the command that configures the ASA to provide NAT services?
What is the name of the command that configures the ASA to provide NAT services?
Signup and view all the answers
What is the maximum number of concurrent firewall connections supported by the ASA with a base license?
What is the maximum number of concurrent firewall connections supported by the ASA with a base license?
Signup and view all the answers
What is the default security level for the "outside" interface?
What is the default security level for the "outside" interface?
Signup and view all the answers
What is the name of the command used to assign an IP address to a VLAN interface?
What is the name of the command used to assign an IP address to a VLAN interface?
Signup and view all the answers
What is the command used to configure a default static route on the ASA?
What is the command used to configure a default static route on the ASA?
Signup and view all the answers
What are the three components of the Cisco Modular Framework (MPF)?
What are the three components of the Cisco Modular Framework (MPF)?
Signup and view all the answers
What is the command used to apply an ACL to an interface?
What is the command used to apply an ACL to an interface?
Signup and view all the answers
The ASA supports IPv6 ACLs.
The ASA supports IPv6 ACLs.
Signup and view all the answers
What are the two main types of NAT deployments?
What are the two main types of NAT deployments?
Signup and view all the answers
What is the key word used to activate a service policy on the ASA?
What is the key word used to activate a service policy on the ASA?
Signup and view all the answers
The ASA only supports traditional ACLs and not object groups.
The ASA only supports traditional ACLs and not object groups.
Signup and view all the answers
The ASA operates in a stateless mode by default.
The ASA operates in a stateless mode by default.
Signup and view all the answers
What is the name of the ASA configuration mode that is used to configure ACLs?
What is the name of the ASA configuration mode that is used to configure ACLs?
Signup and view all the answers
What is the name of the ASA configuration mode that is used to configure object groups?
What is the name of the ASA configuration mode that is used to configure object groups?
Signup and view all the answers
What is the command used to configure the ASA to enable SSH?
What is the command used to configure the ASA to enable SSH?
Signup and view all the answers
Study Notes
Chapter 9: Implementing the Cisco Adaptive Security Appliance
- This chapter covers the implementation of the Cisco Adaptive Security Appliance (ASA)
- The CCNA Security v2.0 curriculum is referenced.
Chapter Outline
- Introduction to the ASA
- ASA Firewall Configuration
- Summary
Section 9.1: Introduction to the ASA
- Upon completion of this section, students will be able to compare ASA solutions to other routing firewall technologies.
- Students will also be able to explain ASA 5505 operation with the default configuration.
Topic 9.1.1: ASA Solutions
- Various ASA firewall models are available
- ASA 5505 / Security Plus: Up to 150 Mbps
- ASA 5506-X/Security Plus: 750 Mbps
- ASA 5512-X/Security Plus: 1 Gbps
- ASA 5515-X: 1.2 Gbps
- ASA 5525-X: 2 Gbps
- ASA 5545-X: 3 Gbps
- ASA 5555-X: 4 Gbps
- ASA 5585-X SSP10: 4 Gbps
- ASA 5585-X SSP20: 10 Gbps
- ASA 5585-X SSP40: 20 Gbps
- ASA 5585-X SSP60: 40 Gbps
- ASA Service Module: 20 Gbps
- These are for small office and branch office and internet edge models
- Enterprise data center models are also covered.
Advanced ASA Firewall Features
- ASA Virtualization: A single ASA device can support multiple security contexts.
- High Availability: The ASA supports high availability through failover links.
- Identity Firewall: The ASA can use the Microsoft Active Directory for identity checking.
- ASA Threat Control: The ASA incorporates advanced threat control measures.
Review of Firewalls in Network Design
- Diagrams show firewall placements for permitted and denied traffic.
ASA Firewall Modes of Operation
- Routed Mode
- 10.2.1.0/24
- Transparent Mode
- 10.1.1.3
- 10.1.1.0/24
- Connection between two networks
ASA Licensing Requirements
- Various licenses are available, some are time-based or permanent, others disabled.
- Firewall licenses (Bot-net traffic filter, firewall connections, concurrent, GTP/GPRS, Intercompany Media Engine, Unified Comm Sessions)
- VPN licenses (Various AnyConnect, combined VPN sessions, and other VPNs)
- Encryption and Failover
- Security contexts, users, concurrent, VLANs, maximum VLAN trunks.
- Routed/transparent modes and limitations
Topic 9.1.2: Basic ASA Configuration
- ASA 5505 Deployment in a small branch
- ASA 5505, network printer, workstations, IP Phones (diagram)
- ASA deployment in a small business (diagram)
- Deployment scenarios for an enterprise (diagram)
ASA 5505 Deployment Scenarios (cont.)
- ASA deployment in an enterprise (diagram of corporate headquarters with multiple ASAs and telecommuters using IPsec VPN)
Section 9.2: ASA Firewall Configuration
- Upon completion of this section, students will be able to:
- Explain what ASA firewall services are enabled with default configuration
- Configure ASA firewalls with basic services
- Configure object groups
- Configure access lists with object groups
- Configure ASA for NAT services
- Configure access control using the local database and AAA server
- Explain how Cisco Modular Framework (MPF) is used to configure ASA policies
Topic 9.2.1: The ASA Firewall Configuration
- Introduce basic ASA settings
- Provide IOS Router commands and their equivalents in ASA commands for enabling, passwords, interfaces(e.g., e0/0), exiting configuration mode, etc
Topic 9.2.2: Configuring Management Settings and Services
- Provides methods for entering global configuration mode and additional configuration steps
Topic 9.2.3: Object Groups
Topic 9.2.4: ACLs
- How ACLs operate. ACLs are comprised of ACEs and are hierarchical.
- Similarities between ASA ACLs and IOS ACLs
- Overview of various types of ASA ACL filtering and examples
Topic 9.2.5: NAT Services on an ASA
- Overview of Inside NAT, Outside NAT, and Bidirectional NAT
- Configuring Dynamic NAT
- The dynamic NAT configuration example includes the enabling of return traffic.
Topic 9.2.6: AAA
- Overview of AAA features
- Local database and servers
- RADIUS and TACACS+ server commands
- AAA Configuration example for TACACS+ Servers
Topic 9.2.7: Service Policies on an ASA
- Overview of MPF
- Configuring Class Maps
- Define and Activate a Policy
- ASA Default Policy
Section 9.3: Summary
- Chapter Objectives
- Explain how the ASA operates
- Implement an ASA firewall configuration
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
This quiz focuses on Chapter 9 of the CCNA Security v2.0 curriculum, specifically addressing the implementation of Cisco Adaptive Security Appliances (ASA). Students will learn about various ASA models and their capabilities, as well as how to compare ASA technologies to other firewall solutions. Understanding the configuration of ASA firewalls is essential for networking professionals.
