NIL Data Communications Ltd.

1. Navigation
2. Main Menu
3. Left sidebar
4. Content
5. Right sidebar
6. Footer

Content

Deploying Cisco ASA Firewall Features Remote Labs v1.0

This set of lab exercises contains all exercises associated with the Deploying Cisco ASA Firewall (FIREWALL) v1.0 course. The lab exercises address a wide range of the Cisco ASA features, from the configuration of NAT, access control and stateful inspection features. In the exercises, you will also configure application-layer and user-based policies. In two of the exercises you will deploy a Cisco ASA Active/Active and Active/Standby failover. Exercises in this bundle are using ASDM for configuration and CLI for verification of the ASA, and are designed for advanced administrators.

Content

This set of lab exercises contains the following exercises:

• Configuring Basic Connectivity
• Configuring Management Features
• Configuring Basic Access Control
• Tuning Basic Cisco ASA Stateful Inspection Features
• Configuring Application-Layer Policies
• Configuring Advanced Access Controls
• Configuring User-Based Policies (Cut-Through Proxy)
• Configuring Cisco ASA NAT
• Configuring Transparent Firewall Mode
• Deploying a Cisco ASA Active/Standby Failover
• Deploying a Cisco ASA Active/Active Failover
• Configuring Dynamic Routing (optional)

Objectives

Upon finishing this set of exercises, you will be able to:
Change logging settings

• Tune and observe basic threat detection
• Enable, tune, and observe scanning threat detection
• Enable TCP Intercept
• Configure and verify Botnet Traffic Filter

• Configure HTTP inspection to verify conformance to HTTP protocol and to prevent HTTP requests to specific URIs
• Configure HTTP inspection to block bad MIME types
• Verify DMZ server and client HTTP protection

• Enable multiple context mode on both Cisco ASA adaptive security appliances
• Create security context on the primary Cisco ASA adaptive security appliance
• Configure security contexts on the primary Cisco ASA adaptive security appliance
• Configure active/active failover on the primary Cisco ASA adaptive security appliance
• Configure active/active failover on the secondary Cisco ASA adaptive security appliance
• Verify active/active failover

• Configure active/standby failover on the primary Cisco ASA adaptive security appliance
• Configure active/standby failover on the secondary Cisco ASA adaptive security appliance
• Tune failover timers to achieve sub-second failover
• Enable stateful failover on the Cisco ASA adaptive security appliance
• Verify active/standby failover

• Configure NAT control on the Cisco ASA adaptive security appliance
• Configure static NAT on the Cisco ASA adaptive security appliance
• Configure dynamic PAT on the Cisco ASA adaptive security appliance
• Configure dynamic policy PAT on the Cisco ASA adaptive security appliance
• Verify connectivity between hosts and use related show commands on the security appliance

• Troubleshoot basic connectivity using packet capture tool
• Configure service object groups
• Configure access lists
• Trobleshoot access list using packet tracer tool
• Configure uRPF to prevent IP spoofing
• Verify accessibility between hosts
• Verify connection state on the Cisco ASA adaptive security appliance

• Prepare Cisco ASA adaptive security appliance for Cisco ASDM configuration
• Configure interfaces
• Configure static routing
• Configure DHCP server
• Test and verify connectivity between Cisco ASA adaptive security appliance and adjacent hosts, and connectivity over the Cisco ASA adaptive security appliance

• Configure ICMP and FTP inspection
• Enable TTL decrement and disable TCP initial sequence randomization for specific traffic flow
• Change TCP timeouts and enable TCP DPD for specific traffic flow
• Configure TCP normalization for specific traffic flow
• Verify configured stateful inspection features

• Configure OSPF routing protocol on the Cisco ASA adaptive security appliance
• Configure OSPF authentication the Cisco ASA adaptive security appliance
• Configure EIGRP routing protocol on the Cisco ASA adaptive security appliance
• Configure EIGRP authentication the Cisco ASA adaptive security appliance
• Configure EIGRP route filtering the Cisco ASA adaptive security appliance
• Verify dynamic routing protocols on the Cisco ASA adaptive security appliance

• Upgrade Cisco ASA adaptive security appliance and Cisco ASDM software
• Configure Cisco ASA adaptive security appliance logging to Syslog server, and Cisco ASDM
• Configure SNMP on the Cisco ASA adaptive security appliance to browse the MIB on the Cisco ASA adaptive security appliance
• Enable NTP synchronization with external NTP server
• Enable SSH access
• Configure management access authentication and accounting using external TACACS+ server
• Test and verify logging, NTP synchronization, SSH access and authentication and accounting of management traffic

• Enable transparent firewall mode on the Cisco ASA adaptive security appliance
• Configure the Cisco ASA adaptive security appliance’s interfaces and management IP address for transparent firewall mode
• Allow ICMP traffic through the transparent firewall using application inspection
• Configure access list to allow HTTP and ICMP traffic only
• Verify connectivity over the transparent firewall
• Disable transparent firewall mode on the Cisco ASA adaptive security appliance

• Configure AAA RADIUS server group and RADIUS server on the Cisco ASA adaptive security appliance
• Configure authentication on the Cisco ASA adaptive security appliance
• Configure virtual telnet feature on the Cisco ASA adaptive security appliance
• Configure authorization using downloadable ACLs
• Configure accounting on the Cisco ASA adaptive security appliance
• Verify user-based policies

Importance

The lab exercises in this set are important for all network engineers, administrators, and designers involved in designing, implementing, and operating security solutions based on Cisco ASA devices.

Target Audience

The primary audience for this course comprises network and system engineers responsible for security solutions deployment and troubleshooting using Cisco ASA devices. Because most of the exercises are done using the Cisco ASDM, labs are also suitable for administrators who wish to expedite and simplify a Cisco ASA configuration process.

Prerequisite Knowledge

To successfully complete exercises, a good knowledge of basic TCP/IP principles, as well as advanced knowledge of Cisco security appliance features and security technologies, such as NAT, stateful inspection, access controls, is needed. This knowledge is best gained by attending the Deploying Cisco ASA Firewall (FIREWALL) v1.0 course.

Left sidebar

• Learning Options
  • Classroom Training
  • E-Learning
  • Remote Labs
  • Virtual Classrooms
• Technology Area
• Cisco Certifications
• Cisco Specializations

Right sidebar