Scribd Logo
Upload

Welcome to Scribd!

  • 25 views

    CCNASv2 InstructorPPT CH9

    Uploaded by

    Raul Bareño Gutierrez

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    CCNASv2 InstructorPPT CH9

    Uploaded by

    Raul Bareño Gutierrez
    25 views79 pages

    Original Title

    CCNASv2_InstructorPPT_CH9

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    25 views79 pages

    CCNASv2 InstructorPPT CH9

    Uploaded by

    Raul Bareño Gutierrez

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 79

    Chapter 9:

    Implementing the Cisco Adaptive


    Security Appliance

    CCNA Security v2.0


    Raul Bareño Gutierrez
    UCC
    9.0 Introducción

    9.1 Introducción al ASA

    9.2 Configuración del firewall ASA

    9.3 Resumen

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
    Al completar esta sección, debería poder:

    Compare las soluciones ASA con otras tecnologías de firewall de enrutamiento.

    Explique el funcionamiento de ASA 5505 con la configuración predeterminada.

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
    Modelos ASA para oficinas pequeñas y sucursales

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
    Modelos de borde para Internet

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
    Modelos de centros de datos empresariales

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
    Virtualización ASA

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
    Alta disponibilidad

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
    Identidad Firewall

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
    ASA Control de amenazas

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
    Tráfico permitido

    Tráfico denegado

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
    Modo enrutado Modo transparente

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
    Especificaciones de la
    licencia base

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
    Especificaciones de la
    licencia Security Plus

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
    show version

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
    Panel posterior

    Panel frontal

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
    Control de nivel de seguridad:

    Acceso a la red

    Motores de inspección

    Filtrado de aplicaciones

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
    Implementación en una sucursal
    pequeña del ASA

    Implementación en una
    pequeña empresa ASA

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
    Implementación en una empresa ASA

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
    Al completar esta sección, debería poder:
    Explique qué servicios de firewall ASA se habilitan usando la configuración
    predeterminada.
    Configure un ASA para proporcionar servicios básicos de firewall.
    Configure los grupos de objetos en un ASA.
    Configure las listas de acceso con los grupos de objetos en un ASA.
    Configure un ASA para proporcionar servicios NAT.
    Configure el control de acceso usando la base de datos local y el servidor AAA.
    Explique cómo se utiliza Cisco Modular Framework (MPF) para configurar las políticas
    ASA.

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
    Especificaciones
    de la licencia base

    Especificaciones
    de la licencia
    Security Plus

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
    show version

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
    Descripción general de
    la configuración
    predeterminada del ASA
    5505

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
    Acceso al asistente de inicialización de configuración ASA 5505

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
    Ejemplo de ingreso al modo de configuración global

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
    Comandos de configuración básica del ASA

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
    Configurar los ajustes
    básicos

    Ejemplo de Habilitación
    del cifrado AES

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
    Comandos de la
    interfaz de VLAN local

    Configuración de
    direcciones IP en
    interfaces VLAN

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
    Ejemplo de configuración de interfaces VLAN

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
    Ejemplo de
    configuración de
    puertos de capa 2

    Verificación del
    ejemplo de
    asignación de puertos
    de VLAN

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
    Ejemplo de
    verificación de
    interfaces

    Ejemplo de
    verificación de
    direcciones IP

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
    Configuración de servicios de acceso remoto
    Comandos de configuración de Telnet

    Ejemplo de comandos de configuración de Telnet

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
    Configuración de servicios de acceso remoto

    Comandos de configuración SSH

    Ejemplo de configuración de
    acceso SSH

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
    Comandos de autenticación NTP

    Ejemplo de configuración de NTP

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
    Comandos del servidor DHCP

    Ejemplo de configuración de servidor DHCP

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
    Comandos de objetos de red

    Configuración de un ejemplo de objeto de red

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
    Ejemplo de opciones de objeto de servicio

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
    Comandos de objetos de servicio comunes

    Configuración de un ejemplo de objeto de servicio

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
    Ejemplo de grupo de
    objetos de red

    Ejemplo de grupo de
    objetos de tipo ICMP

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
    Ejemplo de grupo de objetos de servicios

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
    Ejemplo de grupo de objetos de servicios

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
    Similitudes ASA ACL e
    IOS ACL

    Similitudes ASA ACL e


    IOS ACL

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
    Niveles superiores permitidos
    a niveles inferiores

    Niveles inferiores
    denegados a niveles
    superiores

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
    Ejemplos de ACL
    extendidos

    Ejemplo de
    ACL estándar

    Ejemplo de ACL de
    IPv6

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
    Parámetros de comando de ACL

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
    Sintaxis de ACL extendida condensada

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
    Elementos de la ACL ASA

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
    access-group

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
    Topología de referencia de la ACL

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
    Ejemplo de
    configuración
    de ACL
    extendida

    Verificando la ACL

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
    Sintaxis de ACL ampliada condensada con grupos de objetos

    Topología de referencia
    ACL

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
    Ejemplo de
    configuración de
    grupo de objetos
    y ACL

    Verificación del ejemplo de configuración de grupo de objetos y ACL

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
    Tipos de implementaciones de NAT:
    NAT interna
    NAT externa
    NAT bidireccional

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
    Topología de referencia de NAT dinámica

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
    Ejemplo de configuración de
    NAT dinámica

    Ejemplo para Habilitar


    el tráfico de retorno

    Verificación del ejemplo


    de configuración de
    NAT dinámica

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
    Ejemplo de configuración de PAT dinámica

    Verificación del ejemplo de configuración de PAT dinámica

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
    En el ejemplo Configurar la
    interfaz DMZ

    Ejemplo de
    configuración de
    NAT estática

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
    Verificación del ejemplo de configuración de NAT estática

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
    Comandos de servidor RADIUS y TACACS +

    Sample AAA TACACS+ Server Configuration

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
    Implementación del marco de políticas modular

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
    Configuración de la política de servicio predeterminada

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
    Objetivos del capítulo:

    Explique cómo funciona el ASA como un cortafuegos con estado avanzado.

    Implemente una configuración de firewall ASA.

    © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
    Thank you.

    You might also like