(Slides) CCNASv2 - InstructorPPT - CH9-Asa

Chapter 9:
Implementing the Cisco Adaptive

Security Appliance
CCNA Security v2.0

9.0 Introduction
9.1 Introduction to the ASA
9.2 ASA Firewall Configuration
9.3 Summary
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Upon completion of this section, you should be able to:
• Compare ASA solutions to other routing firewall technologies.
• Explain ASA 5505 operation with the default configuration.
Small Office and Branch Office ASA Models
Internet Edge Models
Enterprise Data Center Models
ASA Virtualization
High Availability
Identity Firewall
ASA Threat Control
Permitted Traffic
DeniedTraffic
Routed Mode Transparent Mode
Base License Specifics
Security Plus License
Specifics
show version Command Output
ASA 5505 Back
Panel
ASA 5505 Front

Panel
Security Level Control:
• Network Access
• Inspection Engines
• Application Filtering
ASA Deployment in a Small Branch
ASA Deployment in a Small

Business
ASA Deployment in an Enterprise
Upon completion of this section, you should be able to:
• Explain what ASA firewall services are enabled using the default configuration.
• Configure an ASA to provide basic firewall services.
• Configure object groups on an ASA.
• Configure access lists with object groups on an ASA.
• Configure an ASA to provide NAT services.
• Configure access control using the local database and AAA server.
• Explain how the Cisco Modular Framework (MPF) is used to configure ASA policies.
Base License
Specifics
Security Plus
License Specifics
show version Command Output
ASA 5505 Default
Configuration Overview.
Entering the ASA 5505 Setup Initialization Wizard
Entering Global Configuration Mode Example
ASA Basic Configuration Commands
Configuring Basic Settings
Enabling AES Encryption

Example
Local VLAN Interface
Commands
Configuring IP Addresses
on VLAN Interfaces
Configuring VLAN Interfaces Example
Configuring Layer 2
Ports Example
Verifying VLAN Port

Assignment Example
Verifying Interfaces
Example
Verifying IP
Addresses Example
Telnet Configuration Commands
Telnet Configuration Commands Example
SSH Configuration Commands
Configuring SSH Access Example
NTP Authentication Commands
Configuring NTP Example
DHCP Server Commands
Configuring DHCP Server Example
Network Object Commands
Configuring a Network Object Example
Service Object Options Example
Common Service Object Commands
Configuring a Service Object Example
Network Object Group
Example
ICMP-type Object Group

Example
Services Object Group Example
Services Object Group Example
ASA ACL and IOS ACL
Similarities
ASA ACL and IOS ACL

Similarities
Higher Levels Allowed
To Lower Levels
Lower Levels Denied To

Higher Levels
Extended ACL Examples
Standard ACL
Example
IPv6 ACL Example
ACL Command Parameters
Condensed Extended ACL Syntax
ASA ACL Elements
access-group Command Syntax
ACL Reference Topology
Extended ACL
Configuration
Example
Verifying the ACL
Condensed Extended ACL Syntax with Object Groups
ACL Reference Topology
ACL and Object
Group
Configuration
Example
Verifying the ACL and Object Group Configuration Example
Types of NAT Deployments:
• Inside NAT
• Outside NAT
• Bidirectional NAT
Dynamic NAT Reference Topology
Dynamic NAT Configuration
Example
Enable Return
Traffic Example
Verifying the Dynamic

NAT Configuration
Example
Dynamic PAT Configuration Example
Verifying the Dynamic PAT Configuration Example
Configure the DMZ
Interface Example
Static NAT
Configuration
Example
Verifying the Static NAT Configuration Example
RADIUS and TACACS+ Server Commands
Sample AAA TACACS+ Server Configuration
Implementing Modular Policy Framework
Default Service Policy Configuration
Chapter Objectives:
• Explain how the ASA operates as an advanced stateful firewall.
• Implement an ASA firewall configuration.
Thank you.
• Remember, there are
helpful tutorials and user
guides available via your
NetSpace home page. 1
(https://www.netacad.com) 2
• These resources cover a
variety of topics including
navigation, assessments,
and assignments.
• A screenshot has been
provided here highlighting
the tutorials related to
activating exams, managing
assessments, and creating
quizzes.

(Slides) CCNASv2 - InstructorPPT - CH9-Asa

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

(Slides) CCNASv2 - InstructorPPT - CH9-Asa

Uploaded by

Copyright:

Available Formats

Chapter 9:

Implementing the Cisco Adaptive

CCNA Security v2.0

• Explain ASA 5505 operation with the default configuration.

ASA 5505 Front

ASA Deployment in a Small

• Configure an ASA to provide basic firewall services.

• Configure object groups on an ASA.

• Configure access lists with object groups on an ASA.

• Configure an ASA to provide NAT services.

Enabling AES Encryption

Verifying VLAN Port

Telnet Configuration Commands Example

Configuring SSH Access Example

Configuring NTP Example

Configuring DHCP Server Example

Configuring a Network Object Example

Configuring a Service Object Example

ICMP-type Object Group

ASA ACL and IOS ACL

Lower Levels Denied To

IPv6 ACL Example

Verifying the ACL

ACL Reference Topology

Verifying the ACL and Object Group Configuration Example

Verifying the Dynamic

Verifying the Dynamic PAT Configuration Example

Sample AAA TACACS+ Server Configuration

• Implement an ASA firewall configuration.

You might also like