Which new Cisco ASA Topics Are You Interested in-Vote Below

I have published “Cisco ASA Firewall Fundamentals” in 2008 and have already updated the ebook to 2nd Edition a few years after its initial launch. However, Cisco is continuously evolving the ASA Firewall line both in terms of hardware capabilities and software features as well.

I’m planning therefore to update my ebook and create a 3rd Edition of “Cisco ASA Firewall Fundamentals” in the near future. I would like to ask for your feedback regarding the topics you would like to see in the new updated book. In addition to adding new topics, I will refresh the whole book and revise the existing Chapters with updated content, commands etc. The new book will be based on the newest software version (9.1 currently).

I have thought about a few topics to be included in the new book edition but I want also to see suggestions and comments from you. Please vote in the poll below about the topics that are most interesting to you (you can select multiple topics) and also leave your comments below the post for anything else not included in the list.

Thanks for your time.

Which new Cisco ASA Topics are you Interested in?

View Results

Loading ... Loading ...


  1. DIRK says

    Dear Sir,

    Thank you for keeping me up to date about your writings. Hereby an email just to let you know that I am studying now again for obtaining my ccna exam. My dream is to enter the telecommunications world again. For the moment I am selfemployed in home automation and LED products and light fixtures.
    I am from Belgium but now in Spain – Tenerife to learn the Spanish language. Then everyday coming home, learning Spanish, then the Cisco, and aswell doing joomla to extend my website.

    I am not yet sure whether to buy your book about vpn, but I just wanted to let you know.

    Keep up the good work.


    Warm regards

    Dirk Put

  2. Edwin says

    Can you show how to use packet tracer from a troubleshooting aspect along with some examples. Also, common output from a show log and what does some of that stuff mean.

  3. Michael Williams says

    Also include;
    1. Firewall virtualization
    2. The ASA as a virtual machine
    3. Using the SuiteB protocols with the ASA

  4. johnk says

    I still cannot make Anyconnect VPNs with split tunnels & port forwarding work in anything later the 8.3. I would appreciate some more information on those topics.

  5. Darren Wyatt says

    You should cover identity base firewall too. It’s been out for a while but good documentation is thin in getting it working with CDA and AD.

  6. BG says

    I have avoided any version past 8.3 because of my lack of understanding the move from using nat and static statements. I need to get past this basic road block and honestly haven’t tried. Please include an explanation why and how the new nat statements are used. And if others have any direction to books or tutorials I might take advantage of, that would be cool.

  7. Prakash Gowda says

    It is good to hear update the book about version 9.1 waiting for updated book, especially Natting feature in version 9.1 version.

  8. egmund says

    it would be nice to have some information+examples about logging/syslog, troubleshooting vpn, logging for traffic usage / netflow.

    greetings, egmund

  9. Mark says

    Would love to see an example configuration for a 5505 on a residential connection using a cable modem connected to a consumer grade router doing PAT from public dynamic ISP address to private (192.168.x.x) which is then connected to an asa5505 outside interface doing NAT to a 10.x.x.x private network. Also, a dmz using another private network (say 172.16.x.x) configured for a DVR connected to surveillance camera’s which can be accessed from the internet for viewing the camera’s remotely (eg., Lorex DVR). Had this set up and working except for accessing the camera’s remotely. The dvr could send emails of snapshots when motion activated but was unable to access the dvr remotely. Any configuration that is geared more toward complex residential solutions for remote access and security including a dmz using the Security Plus license.

  10. Sanjiv Singh says

    Would very much like to see how VPN IP address pool (e.g. – 25) would be set up in a n ASA5505 or ASA5510 ( … so that VPN’s can get X-Windows in and out of 99.1 subnet.

    So the topic is VPN addressing within ASA and how to build different VPN pools and how to keep them isolated and/or monitored.
    thanks – sanjiv

  11. Khan says

    Could you please add the exemple scenarios of double NAT for address hiding between source and destination which is Common practice in Data center farm design for Extranet network. Its good Security practice for address hiding.

  12. Khan says

    I would sugest also if you could provide some exemples on NAT/PAT forexample From inside to outside and outside to inside

  13. Marcus says

    – NAT configuration (object based), new nat features/changes since 8.4/9.x
    – Cisco AnyConnect (especially split-tunneling)

  14. sabin says

    hi Haris,
    When you configure a dhcp on ASA, and use DNS servers ASA IP’s, it’s possible to introduce in asa some static DNS entries? In that way the pc from inside of LAN to detect servers with private address not with externam address(NAT address)?
    In that way you don’t need an DNS server intern to translate the dns name with private address of servers. If it’s possible, can you add an example.

  15. Paul Hauck says

    I second the comments requesting a discussion of log and threat detection; including configuration, event evaluation, and response recommendations. I utilize the ASA packet capture feature quite extensively in troubleshooting H.323 connections and recommend this topic as well. I would also like to see some coverage of the ASA as integrated into the 6500 series platform. Thank you.

  16. TJ Bamrah says

    Great job on the ebooks! Concise and to the point.

    Interested in webvpn/ssl and third party certificate configuration so i can deal with untrusted VPN server certificate!

    Security Warning:Untrusted VPN Server Certificate!

    AnyConnect cannot verify VPN server xxxx.example.com
    Certificate does not match the server name.
    Certificate is from an untrusted source.
    Certificate is not identified for this purpose.
    Connecting to this server may result in a severe security compromise! security risks explained
    Most users do not connect to untrusted VPN servers unless the reason for the error condition is known.

  17. Tom says

    Thanks for keeping us informed.

    I’d like to see IDS/IPS and Cisco Phone Proxy. BTW, we may need your help on new ASA 5500-x soon :-)

  18. Adem says

    Dual ISP configurations, Cisco SLA, 5500-X appliances, dedicated interfaces for VPN traffic and Internet traffic, options for switching ISPs (automatic or manual config changes), intrusion detection and prevention, detailed explanations of all firewall features and options.

  19. Krishnanand says

    Hi Harris,

    Could you please explain the process of tunnel establishment of the SSL VPN, Remote Ipsec VPN and Site-2-Site VPN?

    Also if you could explain the main mode packet exchange and quick mode packet exchange in your own words.

  20. Lordly Mathews says

    ASA 9.X – Differences between 8.4 and 9.X
    New Features
    Port-Channel configurations, include examples
    Mixed Mode
    SVI/BVI Configurations with L2 Port-Channels
    Routing Protocols EIGRP, and OSPF

  21. Arvind says

    Hi Harris,

    Can you please include Cisco ASA-CX command line configuration with examples in your book.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>