Professional Documents
Culture Documents
(Slides) CCNASv2 - InstructorPPT - CH9-Asa
(Slides) CCNASv2 - InstructorPPT - CH9-Asa
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Upon completion of this section, you should be able to:
• Compare ASA solutions to other routing firewall technologies.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Small Office and Branch Office ASA Models
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Internet Edge Models
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Enterprise Data Center Models
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
ASA Virtualization
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
High Availability
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Identity Firewall
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
ASA Threat Control
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Permitted Traffic
DeniedTraffic
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Routed Mode Transparent Mode
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Base License Specifics
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Security Plus License
Specifics
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
show version Command Output
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
ASA 5505 Back
Panel
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Security Level Control:
• Network Access
• Inspection Engines
• Application Filtering
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
ASA Deployment in a Small Branch
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
ASA Deployment in an Enterprise
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Upon completion of this section, you should be able to:
• Explain what ASA firewall services are enabled using the default configuration.
• Configure access control using the local database and AAA server.
• Explain how the Cisco Modular Framework (MPF) is used to configure ASA policies.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Base License
Specifics
Security Plus
License Specifics
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
show version Command Output
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
ASA 5505 Default
Configuration Overview.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Entering the ASA 5505 Setup Initialization Wizard
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Entering Global Configuration Mode Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
ASA Basic Configuration Commands
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Configuring Basic Settings
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Local VLAN Interface
Commands
Configuring IP Addresses
on VLAN Interfaces
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Configuring VLAN Interfaces Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Configuring Layer 2
Ports Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Verifying Interfaces
Example
Verifying IP
Addresses Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Telnet Configuration Commands
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
SSH Configuration Commands
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
NTP Authentication Commands
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
DHCP Server Commands
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Network Object Commands
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Service Object Options Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Common Service Object Commands
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Network Object Group
Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Services Object Group Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Services Object Group Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
ASA ACL and IOS ACL
Similarities
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Higher Levels Allowed
To Lower Levels
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Extended ACL Examples
Standard ACL
Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
ACL Command Parameters
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Condensed Extended ACL Syntax
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
ASA ACL Elements
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
access-group Command Syntax
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
ACL Reference Topology
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Extended ACL
Configuration
Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Condensed Extended ACL Syntax with Object Groups
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
ACL and Object
Group
Configuration
Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Types of NAT Deployments:
• Inside NAT
• Outside NAT
• Bidirectional NAT
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Dynamic NAT Reference Topology
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Dynamic NAT Configuration
Example
Enable Return
Traffic Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Dynamic PAT Configuration Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Configure the DMZ
Interface Example
Static NAT
Configuration
Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Verifying the Static NAT Configuration Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
RADIUS and TACACS+ Server Commands
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Implementing Modular Policy Framework
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Default Service Policy Configuration
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Chapter Objectives:
• Explain how the ASA operates as an advanced stateful firewall.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Thank you.
• Remember, there are
helpful tutorials and user
guides available via your
NetSpace home page. 1
(https://www.netacad.com) 2
• These resources cover a
variety of topics including
navigation, assessments,
and assignments.
• A screenshot has been
provided here highlighting
the tutorials related to
activating exams, managing
assessments, and creating
quizzes.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 80