Professional Documents
Culture Documents
CCNASv2 InstructorPPT CH9
CCNASv2 InstructorPPT CH9
CCNASv2 InstructorPPT CH9
9.3 Resumen
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Al completar esta sección, debería poder:
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Modelos ASA para oficinas pequeñas y sucursales
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Modelos de borde para Internet
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Modelos de centros de datos empresariales
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Virtualización ASA
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Alta disponibilidad
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Identidad Firewall
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
ASA Control de amenazas
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Tráfico permitido
Tráfico denegado
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Modo enrutado Modo transparente
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Especificaciones de la
licencia base
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Especificaciones de la
licencia Security Plus
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
show version
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Panel posterior
Panel frontal
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Control de nivel de seguridad:
Acceso a la red
Motores de inspección
Filtrado de aplicaciones
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Implementación en una sucursal
pequeña del ASA
Implementación en una
pequeña empresa ASA
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Implementación en una empresa ASA
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Al completar esta sección, debería poder:
Explique qué servicios de firewall ASA se habilitan usando la configuración
predeterminada.
Configure un ASA para proporcionar servicios básicos de firewall.
Configure los grupos de objetos en un ASA.
Configure las listas de acceso con los grupos de objetos en un ASA.
Configure un ASA para proporcionar servicios NAT.
Configure el control de acceso usando la base de datos local y el servidor AAA.
Explique cómo se utiliza Cisco Modular Framework (MPF) para configurar las políticas
ASA.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Especificaciones
de la licencia base
Especificaciones
de la licencia
Security Plus
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
show version
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Descripción general de
la configuración
predeterminada del ASA
5505
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Acceso al asistente de inicialización de configuración ASA 5505
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Ejemplo de ingreso al modo de configuración global
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Comandos de configuración básica del ASA
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Configurar los ajustes
básicos
Ejemplo de Habilitación
del cifrado AES
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Comandos de la
interfaz de VLAN local
Configuración de
direcciones IP en
interfaces VLAN
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Ejemplo de configuración de interfaces VLAN
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Ejemplo de
configuración de
puertos de capa 2
Verificación del
ejemplo de
asignación de puertos
de VLAN
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Ejemplo de
verificación de
interfaces
Ejemplo de
verificación de
direcciones IP
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Configuración de servicios de acceso remoto
Comandos de configuración de Telnet
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Configuración de servicios de acceso remoto
Ejemplo de configuración de
acceso SSH
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Comandos de autenticación NTP
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Comandos del servidor DHCP
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Comandos de objetos de red
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Ejemplo de opciones de objeto de servicio
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Comandos de objetos de servicio comunes
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Ejemplo de grupo de
objetos de red
Ejemplo de grupo de
objetos de tipo ICMP
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Ejemplo de grupo de objetos de servicios
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Ejemplo de grupo de objetos de servicios
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Similitudes ASA ACL e
IOS ACL
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Niveles superiores permitidos
a niveles inferiores
Niveles inferiores
denegados a niveles
superiores
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Ejemplos de ACL
extendidos
Ejemplo de
ACL estándar
Ejemplo de ACL de
IPv6
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Parámetros de comando de ACL
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Sintaxis de ACL extendida condensada
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Elementos de la ACL ASA
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
access-group
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Topología de referencia de la ACL
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Ejemplo de
configuración
de ACL
extendida
Verificando la ACL
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Sintaxis de ACL ampliada condensada con grupos de objetos
Topología de referencia
ACL
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Ejemplo de
configuración de
grupo de objetos
y ACL
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Tipos de implementaciones de NAT:
NAT interna
NAT externa
NAT bidireccional
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Topología de referencia de NAT dinámica
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Ejemplo de configuración de
NAT dinámica
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Ejemplo de configuración de PAT dinámica
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
En el ejemplo Configurar la
interfaz DMZ
Ejemplo de
configuración de
NAT estática
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Verificación del ejemplo de configuración de NAT estática
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Comandos de servidor RADIUS y TACACS +
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Implementación del marco de políticas modular
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Configuración de la política de servicio predeterminada
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Objetivos del capítulo:
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Thank you.