Professional Documents
Culture Documents
Implementing The Cisco Adaptive Security Appliance
Implementing The Cisco Adaptive Security Appliance
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Section 9.1:
Introduction to the ASA
Upon completion of this section, you should be able to:
• Compare ASA solutions to other routing firewall technologies.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Topic 9.1.1:
ASA Solutions
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
ASA Firewall Models
Small Office and Branch Office ASA Models
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
ASA Firewall Models (Cont.)
Internet Edge Models
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
ASA Firewall Models (Cont.)
Enterprise Data Center Models
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Review of Firewalls in Network Design
Permitted Traffic
DeniedTraffic
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
ASA Firewall Modes of Operation
Routed Mode Transparent Mode
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
ASA Licensing Requirements
show version Command Output
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Topic 9.1.2:
Basic ASA Configuration
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Overview of ASA 5505
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
ASA Security Levels
Security Level Control:
• Network Access
• Inspection Engines
• Application Filtering
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
ASA 5505 Deployment Scenarios
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
ASA 5505 Deployment Scenarios (Cont.)
ASA Deployment in an Enterprise
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Section 9.2:
ASA Firewall Configuration
Upon completion of this section, you should be able to:
• Explain what ASA firewall services are enabled using the default configuration.
• Configure access control using the local database and AAA server.
• Explain how the Cisco Modular Framework (MPF) is used to configure ASA policies.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Topic 9.2.1:
The ASA Firewall Configuration
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Introduce Basic ASA Settings
Base License
Specifics
Security Plus
License Specifics
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Introduce Basic ASA Settings (Cont.)
show version Command Output
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
ASA Default Configuration
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
ASA Interactive Setup Initialization Wizard
Entering the ASA 5505 Setup Initialization Wizard
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Topic 9.2.2:
Configuring Management Settings and Services
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Enter Global Configuration Mode
Entering Global Configuration Mode Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Configuring Basic Settings
ASA Basic Configuration Commands
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Configuring Basic Settings (Cont.)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Configuring Logical VLAN Interfaces
Configuring IP Addresses
on VLAN Interfaces
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Configuring Logical VLAN Interfaces (Cont.)
Configuring VLAN Interfaces Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Assigning Layer 2 Ports to VLANs
Configuring Layer 2
Ports Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Assigning Layer 2 Ports to VLANs (Cont.)
Verifying Interfaces
Example
Verifying IP
Addresses Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Configuring a Default Static Route
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Configuring Remote Access Services
Telnet Configuration Commands
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Configuring Remote Access Services (Cont.)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Configuring Network Time Protocol Services
NTP Authentication Commands
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Configuring DHCP Services
DHCP Server Commands
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Topic 9.2.3:
Object Groups
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Introduction to Objects and Object Groups
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Configuring Network Objects
Network Object Commands
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Configuring Service Objects
Service Object Options Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Configuring Service Objects (Cont.)
Common Service Object Commands
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Object Groups
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Configuring Common Object Groups
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Configuring Common Object Groups (Cont.)
Services Object Group Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Configuring Common Object Groups (Cont.)
Services Object Group Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Topic 9.2.4:
ACLS
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
ASA ACLs
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Types of ASA ACL Filtering
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Types of ASA ACLs
Standard ACL
Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Configuring ACLs
ACL Command Parameters
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Configuring ACLs (Cont.)
Condensed Extended ACL Syntax
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Configuring ACLs (Cont.)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Applying ACLs
access-group Command Syntax
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
ACLs and Object Groups
ACL Reference Topology
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
ACLs and Object Groups (Cont.)
Extended ACL
Configuration
Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
ACL Using Object Groups Examples
Condensed Extended ACL Syntax with Object Groups
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
ACL Using Object Groups Examples
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Topic 9.2.5:
NAT Services on an ASA
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
ASA NAT Overview
Types of NAT Deployments:
• Inside NAT
• Outside NAT
• Bidirectional NAT
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Configuring Dynamic NAT
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Configuring Dynamic NAT (Cont.)
Enable Return
Traffic Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Configuring Dynamic PAT
Dynamic PAT Configuration Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Configuring Static NAT
Static NAT
Configuration
Example
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Configuring Static NAT (Cont.)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Topic 9.2.6:
AAA
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
AAA Review
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Local Database and Servers
RADIUS and TACACS+ Server Commands
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
AAA Configuration
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Topic 9.2.7:
Service Policies on an ASA
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Overview of MPF
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Configuring Class Maps
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Define and Activate a Policy
Implementing Modular Policy Framework
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
ASA Default Policy
Default Service Policy Configuration
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Section 9.3:
Summary
Chapter Objectives:
• Explain how the ASA operates as an advanced stateful firewall.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Thank you.
Instructor Resources
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 74