Cisco ASA/Pix Operation

• Delegates should be familiar with network technologies and have a good understanding of TCP/IP.
• Previous experience of Cisco IOS would be an advantage.

A 4 day instructor-led practical course designed to familiarise delegates with the Cisco ASA Firewall CLI and ASDM. The course details the key commands used to configure and secure networks using the ASA Firewall with v8 of the operating system and version 6 of the ASDM.

Delegates will configure the ASA using the console port, TFTP server, telnet and SSH using local and RADIUS authentication. The device will be configured to utilise Syslog and SNMP.

ASA Firewalls will also be configured to use Access-Lists, Network Address Translation and VPN's utilising IPSec protocols. The course will cover the theory of Public/Private Keys, shared secret keys and their use in forming Site to site VPN's between ASA Firewalls using IKE and IPSec. Students will configure the units to create site to site VPN's, remote access VPN's using the Cisco Secure VPN Client and Web VPN's. The course will cover the theory of failover and delegates will configure Active/Standby failover on the ASA.

Privileged commands and protocol analyser traces will be used, where necessary, to debug protocols and ensure proper operation of the ASA Firewall. Students will also perform password recovery operations.

This course will involve interfacing the ASA with other network equipment, such as routers and switches, as would be expected in a network environment.

Audience:

Course is suitable for anyone involved in ASA firewall configuration and network security

Course is approximately 50% practical

Objectives:

At the end of this course the student will be able to configure ASA Firewalls to:

• Allow configuration via console port, telnet and SSH
• Copy configurations and upgrade OS image.
• Authenticate users using RADIUS and local authentication.
• Act as a DHCP Server, Client and Relay.
• Operate as a Routed or Transparent Firewall.
• Operate in Failover mode.
• Support VLANs.
• Run routing protocols (OSPF and RIP) and exchange routing information with Cisco routers.
• Support Access Control Lists and content filtering.
• Support Object Grouping.
• Establish Internet connections using NAT and PAT.
• Setup site to site VPN's using IKE and IPSec.
• Setup Remote Access VPN's using Cisco secure VPN client.
• Setup Web VPN's
• Log access-list activity using a syslog server.
• Send traps to an SNMP Server.
• Password recovery

Practical Exercises

• Lab Exercise 1: Basic Configuration of Cisco ASA.
• Lab Exercise 2: Configure support for VLANs on ASA.
• Lab Exercise 3: Connectivity via Telnet and Local/RADIUS authentication.
• Lab Exercise 4: Configure Static and Dynamic routing on ASA.
• Lab Exercise 5: Filter traffic using Access Control Lists.
• Lab Exercise 6: Configure NAT on ASA.
• Lab Exercise 7: Configure VPN's on ASA.
• Lab Exercise 8: Configure Active/Standby Failover on ASA/Pix.
• Lab Exercise 9: Password Recovery on Cisco ASA.

Equipment Used in Practical Exercises:

• 4 Cisco ASA 5505 Firewalls running v8 of the CLI and capable of Active/Standby Failover. Pix 515E firewalls running v8 of the CLI, Cisco routers, switches and hubs as required.