Cisco ASA Firewall Fundamentals-3rd Edition
Table of Contents:
Chapter 1 Getting Started With Cisco Firewalls
1.1 User Interface
1.1.1 Security Appliance Access Modes
1.2 File Management
1.2.1 Viewing and saving your configuration
1.3 ASA Image Software Management
1.4 Password Recovery Procedure
1.5 Security Levels
1.5.1 Security Level Examples
1.5.2 Rules for Traffic Flow between Security Levels
1.6 Basic Firewall Configuration
Chapter 2 Configuring Network Address Translation
2.1 Network Address Translation (NAT) Overview
2.1.1 Configuring Dynamic NAT Translation
2.1.1.1 Network Object NAT Configuration
2.1.2 Configuring Dynamic Port Address Translation (PAT)
2.1.2.1 Per-Session PAT and Multi-Session PAT (For ASA 9.x and later)
2.1.3 Configuring Static Address Translation (Static NAT)
2.1.4 Configuring Identity NAT
2.1.4.1 Identity NAT Used for VPN Configurations
Chapter 3 Using Access Control Lists (ACL)
3.1 ACL Overview
3.2 ACL Configuration
3.2.1 Editing Access Control Lists
3.3 New ACL Features in ASA 8.3 and Later
3.3.1 Global Access Control List
3.3.2 ACL Changes in ASA Versions 9.x (9.0, 9.1 and later)
3.4 Controlling Inbound and Outbound Traffic with ACLs
3.5 Configuring Object Groups for ACLs
3.5.1 Network Object Groups
3.5.2 Service Object Groups
3.6 Time Based Access Lists
Chapter 4 Configuring VLANs and Subinterfaces
Chapter 5 Configuring Threat Detection
5.1 Threat Detection Overview
5.2 Basic Threat Detection
5.2.1 Configuration and Monitoring of Basic Threat Detection
5.3 Advanced Threat Detection
5.3.1 Configuration and Monitoring of Advanced Threat Detection
5.4 Scanning Threat Detection
5.4.1 Configuration and Monitoring of Scanning Threat Detection
Chapter 6 IPSec VPNs
6.1 Overview of Cisco ASA VPN Technologies
6.2 What is IPSec
6.3 How IPSec Works
6.4 Site-to-Site VPN using IKEv1 IPSEC
6.4.1 Site-to-Site IKEv1 IPSEC VPN Overview
6.4.2 Configuring Site-to-Site IKEv1 IPSec VPN
6.4.2.1 Restricting VPN Traffic between the Two Sites
6.4.3 Configuring Hub-and-Spoke IKEv1 IPSec VPN
6.5 Site-to-Site VPN using IKEv2 IPSEC
6.5.1 IKEv2 Site-to-Site VPN Overview
6.5.2 IKEv2 Site-to-Site VPN Configuration
6.6 Remote Access IPSec VPNs
6.6.1 Remote Access IPSec VPN Overview
6.6.2 Configuring Remote Access IPSec VPN
Chapter 7 AnyConnect Remote Access VPNs
7.1 Comparison between SSL VPN Technologies
7.2 AnyConnect VPN Overview
7.3 Basic AnyConnect SSL VPN Configuration
7.3.1 Complete Configuration of Basic AnyConnect SSL VPN:
7.3.2 Connection Steps of Basic Anyconnect SSL VPN
7.4 Anyconnect SSL VPN using Self-Signed ASA Certificate
7.5 Anyconnect SSL VPN using Certificates from the Local CA on ASA
7.6 Anyconnect SSL VPN using 3rd Party CA
7.7 IKEv2 Remote Access VPN with Anyconnect
Chapter 8 Configuring Firewall Failover
8.1 ASA Models Supporting Failover
8.2 Understanding Active/Standby Failover
8.3 Configuring Active/Standby Failover
Chapter 9 Advanced Features of Device Configuration
9.1 Configuring Clock and NTP Support
9.1.1 Configure Clock Settings:
9.1.2 Configure Time Zone and Daylight Saving Time:
9.1.3 Configure Network Time Protocol (NTP):
9.2 Configuring Logging (Syslog)
9.3 Configuring Device Access Authentication Using Local Username/Password
9.4 Configuring a Master Passphrase
Chapter 10 Authentication Authorization Accounting
10.1 Device Access Authentication using External AAA Server
10.1.1 Configure Authentication using an external AAA Server:
10.2 Cut-Through Proxy Authentication for TELNET,FTP,HTTP(s)
10.2.1 Configure cut-through proxy Authentication using an external AAA Server:
Chapter 11 Identity Firewall Configuration
11.1 Prerequisites For Identity Firewall
11.1.1 AD Agent Configuration
11.1.2 Microsoft Active Directory Configuration
11.2 Configuration of Identity Firewall on ASA
Chapter 12 Routing Protocol Support
12.1 Static Routing
12.1.1 IPv6 Static Routing
12.1.2 Static Route Tracking - Dual ISP Redundancy
12.1.2.1 Configuring Static Route Tracking
12.2 Dynamic Routing using RIP
12.2.1 Configuring RIP
12.3 Dynamic Routing using OSPF
12.3.1 Configuring OSPFv2
12.3.2 Configuring OSPFv3 (ASA Version 9.x and later)
12.4 Dynamic Routing using EIGRP
12.4.1 Configuring EIGRP
Chapter 13 Modular Policy Framework Configuration
13.1 MPF Overview
13.1.1 Default Modular Policy Configuration
13.2 Modular Policy Framework Configuration
13.2.1 Configuring Class-Maps
13.2.2 Configuring Policy Maps
13.2.3 Configuring a Service-Policy
Chapter 14 Quality of Service (QoS) Configuration
14.1 Traffic Policing
14.2 Traffic Shaping
14.3 Priority Queuing
14.3.1 Standard Priority Queuing
14.3.2 Hierarchical Priority Queuing
Chapter 15 Cisco ASA 5505 Overview
15.1 ASA 5505 Hardware and Licensing
15.1.1 Hardware Ports and VLANs
15.1.2 Licensing
15.2 ASA 5505 Default Configuration