Cisco Networking Academy Implementing the Cisco Adaptive Security Appliance PDF
Document Details
Uploaded by Deleted User
2013
Tags
Summary
This document is an instructor presentation about Implementing the Cisco Adaptive Security Appliance. The topics covered include chapter outlines, ASA solutions, firewall models, advanced firewall features and more.
Full Transcript
Chapter 9: Implementing the Cisco Adaptive Security Appliance CCNA Security v2.0 9.0 Introduction 9.1 Introduction to the ASA Chapter Outline...
Chapter 9: Implementing the Cisco Adaptive Security Appliance CCNA Security v2.0 9.0 Introduction 9.1 Introduction to the ASA Chapter Outline 9.2 ASA Firewall Configuration 9.3 Summary © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 Section 9.1: Introduction to the ASA Upon completion of this section, you should be able to: Compare ASA solutions to other routing firewall technologies. Explain ASA 5505 operation with the default configuration. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Topic 9.1.1: ASA Solutions © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 ASA Firewall Models Small Office and Branch Office ASA Models © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 ASA Firewall Models (Cont.) Internet Edge Models © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 ASA Firewall Models (Cont.) Enterprise Data Center Models © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 Advanced ASA Firewall Feature ASA Virtualization © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 Advanced ASA Firewall Feature (Cont.) High Availability © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Advanced ASA Firewall Feature (Cont.) Identity Firewall © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 Advanced ASA Firewall Feature (Cont.) ASA Threat Control © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 Review of Firewalls in Network Design Permitted Traffic DeniedTraffic © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 ASA Firewall Modes of Operation Routed Mode Transparent Mode © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 ASA Licensing Requirements Base License Specifics © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 ASA Licensing Requirements (Cont.) Security Plus License Specifics © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 ASA Licensing Requirements show version Command Output © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 Topic 9.1.2: Basic ASA Configuration © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 Overview of ASA 5505 ASA 5505 Back Panel ASA 5505 Front Panel © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 ASA Security Levels Security Level Control: Network Access Inspection Engines Application Filtering © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 ASA 5505 Deployment Scenarios ASA Deployment in a Small Branch ASA Deployment in a Small Business © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20 ASA 5505 Deployment Scenarios (Cont.) ASA Deployment in an Enterprise © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21 Section 9.2: ASA Firewall Configuration Upon completion of this section, you should be able to: Explain what ASA firewall services are enabled using the default configuration. Configure an ASA to provide basic firewall services. Configure object groups on an ASA. Configure access lists with object groups on an ASA. Configure an ASA to provide NAT services. Configure access control using the local database and AAA server. Explain how the Cisco Modular Framework (MPF) is used to configure ASA policies. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 Topic 9.2.1: The ASA Firewall Configuration © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23 Introduce Basic ASA Settings Base License Specifics Security Plus License Specifics © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24 Introduce Basic ASA Settings (Cont.) show version Command Output © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25 ASA Default Configuration ASA 5505 Default Configuration Overview. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26 ASA Interactive Setup Initialization Wizard Entering the ASA 5505 Setup Initialization Wizard © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 Topic 9.2.2: Configuring Management Settings and Services © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28 Enter Global Configuration Mode Entering Global Configuration Mode Example © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29 Configuring Basic Settings ASA Basic Configuration Commands © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30 Configuring Basic Settings (Cont.) Configuring Basic Settings Enabling AES Encryption Example © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31 Configuring Logical VLAN Interfaces Local VLAN Interface Commands Configuring IP Addresses on VLAN Interfaces © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32 Configuring Logical VLAN Interfaces (Cont.) Configuring VLAN Interfaces Example © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 Assigning Layer 2 Ports to VLANs Configuring Layer 2 Ports Example Verifying VLAN Port Assignment Example © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 Assigning Layer 2 Ports to VLANs (Cont.) Verifying Interfaces Example Verifying IP Addresses Example © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35 Configuring a Default Static Route © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36 Configuring Remote Access Services Telnet Configuration Commands Telnet Configuration Commands Example © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37 Configuring Remote Access Services (Cont.) SSH Configuration Commands Configuring SSH Access Example © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38 Configuring Network Time Protocol Services NTP Authentication Commands Configuring NTP Example © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 Configuring DHCP Services DHCP Server Commands Configuring DHCP Server Example © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40 Topic 9.2.3: Object Groups © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41 Introduction to Objects and Object Groups © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42 Configuring Network Objects Network Object Commands Configuring a Network Object Example © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43 Configuring Service Objects Service Object Options Example © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44 Configuring Service Objects (Cont.) Common Service Object Commands Configuring a Service Object Example © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45 Object Groups © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46 Configuring Common Object Groups Network Object Group Example ICMP-type Object Group Example © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47 Configuring Common Object Groups (Cont.) Services Object Group Example © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48 Configuring Common Object Groups (Cont.) Services Object Group Example © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49 Topic 9.2.4: ACLS © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50 ASA ACLs ASA ACL and IOS ACL Similarities ASA ACL and IOS ACL Similarities © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51 Types of ASA ACL Filtering Higher Levels Allowed To Lower Levels Lower Levels Denied To Higher Levels © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52 Types of ASA ACLs Extended ACL Examples Standard ACL Example IPv6 ACL Example © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53 Configuring ACLs ACL Command Parameters © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54 Configuring ACLs (Cont.) Condensed Extended ACL Syntax © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 55 Configuring ACLs (Cont.) ASA ACL Elements © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 56 Applying ACLs access-group Command Syntax © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 57 ACLs and Object Groups ACL Reference Topology © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 58 ACLs and Object Groups (Cont.) Extended ACL Configuration Example Verifying the ACL © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 59 ACL Using Object Groups Examples Condensed Extended ACL Syntax with Object Groups ACL Reference Topology © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 60 ACL Using Object Groups Examples ACL and Object Group Configuration Example Verifying the ACL and Object Group Configuration Example © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 61 Topic 9.2.5: NAT Services on an ASA © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 62 ASA NAT Overview Types of NAT Deployments: Inside NAT Outside NAT Bidirectional NAT © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 63 Configuring Dynamic NAT Dynamic NAT Reference Topology © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 64 Configuring Dynamic NAT (Cont.) Dynamic NAT Configuration Example Enable Return Traffic Example Verifying the Dynamic NAT Configuration Example © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 65 Configuring Dynamic PAT Dynamic PAT Configuration Example Verifying the Dynamic PAT Configuration Example © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 66 Configuring Static NAT Configure the DMZ Interface Example Static NAT Configuration Example © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 67 Configuring Static NAT (Cont.) Verifying the Static NAT Configuration Example © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 68 Topic 9.2.6: AAA © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 69 AAA Review © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 70 Local Database and Servers RADIUS and TACACS+ Server Commands Sample AAA TACACS+ Server Configuration © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 71 AAA Configuration © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 72 Topic 9.2.7: Service Policies on an ASA © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 73 Overview of MPF © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 74 Configuring Class Maps © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 75 Define and Activate a Policy Implementing Modular Policy Framework © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 76 ASA Default Policy Default Service Policy Configuration © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 77 Section 9.3: Summary Chapter Objectives: Explain how the ASA operates as an advanced stateful firewall. Implement an ASA firewall configuration. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 78 Thank you. Instructor Resources Remember, there are helpful tutorials and user guides available via your NetSpace home page. 1 (https://www.netacad.com) 2 These resources cover a variety of topics including navigation, assessments, and assignments. A screenshot has been provided here highlighting the tutorials related to activating exams, managing assessments, and creating quizzes. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
