Cisco ASA Firewall Fundamentals 3rd Edition

Today I have officially launched my new ebook “Cisco ASA Firewall Fundamentals – 3rd Edition” which is probably the most updated and practical Cisco ASA tutorial out there. It covers the newest ASA version 9.x (plus older versions as well) and all content in the book is applicable for both ASA 5500 and 5500-X series.

I wrote the original First Edition of “Cisco ASA Firewall Fundamentals” in 2008. Since then, I have been updating and enhancing the ebook with all new developments and features that Cisco adds to the ASA product line.

This Third Edition of the book is completely updated to cover the latest ASA version 9.x. All configuration commands, features etc will work on the newest ASA 9.x (in addition to older 8.x versions) and also on the newest ASA 5500-X models. This updated book Edition includes also extensive new content, making it one of the most complete ASA books available in the market. I believe that the Third Edition ebook will be a valuable resource for both beginners and experienced ASA professionals.

This ebook (PDF Format) is filled with raw practical concepts, step-by-step configuration tutorials, more than 50 colorful network diagrams to explain the scenarios, Complete Configuration Examples, real-world cases that you will not find anywhere else etc. There is no fluff or redundant information.

Some of the new topics added in the book include:

  • Basic, Advanced, and Scanning Threat Detection
  • IKEv2 IPSEC VPN (site-to-site)
  • IKEv2 Remote Access VPN (Using Anyconnect Secure Mobility Client)
  • Anyconnect SSL VPN using Self-Signed ASA Certificate
  • Anyconnect SSL VPN using Certificates from the Local CA on ASA for Certificate Based Authentication together with username/password (two factor)
  • Anyconnect SSL VPN using 3rd Party CA Certificates.
  • Per-Session PAT and multi-session PAT for version 9.x
  • Access Control List (ACL ) changes introduced in ASA v9.x
  • Time-based ACLs
  • Master Passphrase Configuration.
  • Identity Firewall Configuration (ASA configuration, AD Agent Configuration etc).
  • IPv6 Routing (static IPv6, OSPFv3 for IPv6)
  • Quality of Service Configuration (Traffic Policing, Traffic Shaping, Priority Queuing)
  • Cisco ASA 5505 chapter (hardware, license, configuration)
  • etc

Those are the additional topics added in 3rd Edition. The rest of the book covers much more content which comprise the most important features and configurations that you will encounter in Cisco ASA firewalls.

I believe that this ASA Configuration Guide will be a valuable resource for any Cisco Professional for years to come. Again, keep in mind that by purchasing this ebook you will be getting huge discounts of the future updated editions of the book that I will be publishing. Just make sure to subscribe to my “Customers’ email list” (at the download page after purchasing the book) in order to be eligible for the discounts.

GET “CISCO ASA FIREWALL FUNDAMENTALS 3RD EDITION” HERE

Cisco VPN Configuration Book available on Amazon

I wanted to let you know that my second book “Cisco VPN Configuration Guide” is now available in Paperback format on Amazon. Take advantage of Amazon’s free shipping with Prime and order the book with fast and free two-day delivery. The “Cisco VPN Configuration Guide” is a great practical reference for configuring almost any kind of Cisco VPNs. Having, therefore, a printed book on hand will be very useful on the field or on your desk for quick reference. Below are the direct links on the … [Continue reading]

Cisco ASA Firewall Fundamentals Book now available on Amazon

I’m excited to announce today that my ASA book “Cisco ASA Firewall Fundamentals-3rd Edition” is now available on Amazon as a physical Paperback book. I have had numerous requests from people to publish my book in printed format as well, so here we go. The book is available on almost all Amazon websites and you get free shipping as well (see links below). If you have already purchased the book (3rd Edition) in electronic format and you are interested to get the physical book as well, please … [Continue reading]

Six DoS Vulnerabilities in Cisco IOS Software – Patch your devices ASAP

On March 26, 2014 Cisco has announced six serious security vulnerabilities (five vulnerabilities in Cisco IOS software and one in Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks). If the vulnerabilities are exploited they can result in Denial of Service condition for the devices. All six vulnerabilities have a CVSS base score of greaten than 7 (with maximum of 10) which means they are high risk since they can be exploited remotely without authentication. Here … [Continue reading]

What is Currently the best Cisco Training for Certification Exams?

books-vs-video-training

Read until the end of this article to see how you can get a complete CCNA Training for only $44 and a complete CCNP Training for only $99. Cisco Certifications have always been among the most valuable professional qualifications to obtain since they offer huge opportunities in career advancement. Earning a certification like CCNA, CCNP, CCIE, CCNA Security, CCNP Security etc, will show to your potential employer that you are a highly skilled and motivated professional. A lot of my colleagues … [Continue reading]

Cisco ASA5510 Vs ASA5512-X or 5515-X

The Cisco ASA product line for small and branch offices includes 4 ASA models: ASA5505 (either Basic License or Security Plus License) ASA5510 (either Basic License or Security Plus License) ASA5512-X (either Basic License or Security Plus License) ASA5515-X In this article I will describe the main differences between the ASA5510 and the newest generation ASA5512-X and ASA5515-X models. I have chosen these 3 models because Cisco ASA5512-X and 5515-X are recommended by Cisco as … [Continue reading]

Cisco ASA CX Security Module

The new series of Cisco ASA devices (ASA 5500-X models which include 5512-X, 5515-X, 5525-X, 5545-X, 5555-X and 5585-X) have the capabilities to support Next Generation Firewall Security Services. They support these security services as cloud-based services (such as Cloud Web Security and Web Security Essentials) or as software based modules which do not need additional hardware (only a license to use the module). One of the prevalent security services modules is the ASA CX. This module has … [Continue reading]

Site-to-Site IPSEC VPN Between Cisco ASA and pfSense

pfSense Login

IPSEC is a standardized protocol (IETF standard) which means that it is supported by many different vendors. Therefore if you want to create a VPN between different vendor devices, then IPSEC VPN is the way to go. In this article we will see a site-to-site VPN using the IPSEC protocol between a Cisco ASA and a pfSense firewall. PfSense is an open source distribution of FreeBSD customized for use as a firewall and router. You can install pfSense on a PC with two (or more) NICs, essentially … [Continue reading]

Site-to-Site IPSEC VPN Between Two Cisco ASA – one with Dynamic IP

asa5520 picture

Cisco ASA 5500 Series appliances deliver IPsec and SSL VPN, firewall, and several other networking services on a single platform. Cisco ASA 5520, a member of the Cisco ASA 5500 Series, is shown in Figure 1 below. Figure 1 Cisco Adaptive Security Appliance (ASA) In this article, we will focus on site-to-site IPsec implementation between two Cisco ASA 5520 appliances, as shown in Figure 2. The outside interface of ASA1 is assigned a dynamic IP address by the service provider over DHCP, while … [Continue reading]

Which new Cisco ASA Topics Are You Interested in-Vote Below

I have published “Cisco ASA Firewall Fundamentals” in 2008 and have already updated the ebook to 2nd Edition a few years after its initial launch. However, Cisco is continuously evolving the ASA Firewall line both in terms of hardware capabilities and software features as well. I’m planning therefore to update my ebook and create a 3rd Edition of “Cisco ASA Firewall Fundamentals” in the near future. I would like to ask for your feedback regarding the topics you would like to see in the new … [Continue reading]

Cisco VPN Configuration Guide – By Harris Andrea

I wanted to let you know about my new eBook “Cisco VPN Configuration Guide” which I have launched recently. This ebook (PDF Format) consists of 240 pages filled with raw practical concepts, step-by-step configuration tutorials, around 40 colorful network diagrams to explain the scenarios, troubleshooting instructions, 20 complete configurations on actual devices etc. There is no fluff or redundant information. There is a little bit (2-3 pages) of basic theory (especially on IPSEC Protocol) … [Continue reading]

Cisco Spanning Tree Protocol Discussion

spanning tree protocol

Spanning Tree Protocol (STP) ensures a loop-free topology in a local area network (LAN) made up of switches. It is desirable to have redundant links in a switched LAN so that a single link failure cannot interrupt normal operation of the network. But redundant links may also introduce physical switching loops that are undesirable. STP allows to have physical redundancy while preventing loops and associated drawbacks. Spanning Tree Protocol is standardized as IEEE 802.1D. Cisco introduced several … [Continue reading]

How to Configure DDNS on Cisco Routers

dynamic dns - ddns

The Internet uses IP addresses to refer to all resources but IP addresses are difficult to remember for humans. We instead use easy-to-remember domain names such as www.networkstraining.com to refer to Internet resources. Domain Name System (DNS) is the Internet directory service that automatically translates domain names to corresponding IP addresses. Dynamic Domain Name System (DDNS) is a method to update a Domain Name System (DNS) in real time to point to a changing IP address of a resource … [Continue reading]