NetworksTraining Home | About | Privacy & Terms of Service | Contact

Cisco ASA Firewall Configuration Guide

(versions 8.x and 9.x)

For ASA 5500 and 5500-X Devices

Cisco ASA Firewall Fundamentals 3rd edition

"Probably the most updated and practical Cisco ASA tutorial out there..."

Third Edition - New Content Added

Cisco ASA Firewall

Written By:


This ebook has been recently updated to cover the newest ASA version 9.x and also all configurations will work on the new 5500-X Next Generation ASA models. This ebook covers all Cisco ASA versions 8.x and 9.x and includes the changes in NAT introduced in version 8.3 (pre-8.3 and post-8.3 commands are shown where needed). It is currently the only tutorial online that provides so many real-life configuration examples and practical guidelines for configuring the core firewall features of ANY Cisco ASA model (5500 or 5500-X).

Dear Network Security Professional,

Thank you for visiting my website. You are a few steps away from learning the Fundamental Configuration Details of one of the Best and most popular Hardware Firewalls in the market... The Cisco Adaptive Security Appliance (ASA).

Network security threats are exploding. Numerous security technologies, and software or hardware products have been developed to mitigate these threats. However, the good old hardware firewall is still the cornerstone of any security implementation.

Cisco, with its ASA Firewall product lines (5500 and 5500-X models), holds one of the top positions in the firewall appliance market. Learning therefore to deploy, configure, and administer the Cisco ASA Firewall will give you a competitive advantage as a professional in the networking/security field.

The "Cisco ASA Firewall Fundamentals - 3rd Edition" eBook
below will help you achieve just that.


Cisco ASA Firewall Fundamentals 3rd Edition

Who will benefit from this eBook?

I have been working in the networking area for over 15 years and earned several Cisco Certifications including CCNA, CCNP and CCSP. I firmly believe that my Cisco firewall experience and knowledge that has been accumulated over the years and included in this technical ebook will be of great benefit for a range of professionals including:

cisco asa Cisco ASA Firewall Administrators
cisco asa Network Security engineers/designers
cisco asa IT Security consultants
cisco asa Network Security consultants
cisco asa IT or Network Administrators
cisco asa Professionals preparing for Cisco Security Certifications

What is included in this eBook?

To completely cover from top to bottom all possible details, concepts, features, capabilities and configuration scenarios for the Cisco ASA Firewall you will need a whole bookshelf of textbooks. Instead, you could read this practical and "Direct-To-The-Point" eBook that covers the most important and common configuration scenarios and features that will put you on track right away to start implementing ASA Firewalls immediately.

The first two editions of "Cisco ASA Firewall Fundamentals" have been embraced by thousands of professionals all over the world. Now, the newly updated 3rd Edition ebook contains additional advanced configuration concepts and features to offer you even more knowledge and a more complete picture of the Cisco ASA Firewall.

Moreover, I have reviewed, tested and updated all configuration commands and examples to make sure they work on the newest ASA software version 9.x. Also, all content in the book is applicable for both the 5500 series as well as the newest next generation ASA 5500-X models (for the core firewall features).

As I have said above, this eBook will teach you how to configure and implement any Cisco ASA 5500 Series and 5500-X Series Firewall running software versions 8.x and 9.x

In summary, here are some of the topics that we will be covering in the book:

cisco asa Getting Started with Cisco ASA Firewalls Getting Started with Cisco ASA Firewalls (User Interface, Access Modes, Software updates, password recovery etc)
cisco asa File Management File Management
cisco asa Basic Firewall Configuration Basic Firewall Configuration (Basic Configuration Steps)
cisco asa Security Levels Security Levels (Traffic Flow between Security Levels)
cisco asa Configuring Network Address Translation NAT Configuring Network Address Translation (NAT) for pre-8.3 and post-8.3 versions
cisco asa Configuring Port Address Translation PAT Different types of NAT such as PAT, Static NAT, NAT Exemption, Port Redirection etc
configure dmz network on cisco asa Configuring DMZ Networks
cisco asa Using Access Control Lists ACL Configuring and Using Access Control Lists (ACLs)
cisco asa Controlling Inbound and Outbound Traffic with ACL Controlling Inbound and Outbound Traffic with ACLs
cisco asa ACL Object Groups ACL Object Groups
cisco asa Configuring VLANs and Subinterfaces Configuring VLANs and Subinterfaces
Configuration of Threat Detection Configuration of Threat Detection (Basic, Advanced, and Scanning Threat Detection)
cisco asa IPSEc VPN IPSEc VPNs (site-to-site VPN, Remote Access VPN etc) using the legacy IKEv1 standard
configuration of ikev2 ipsec vpn IKEv2 IPSEC VPNs
cisco asa anyconnect Anyconnect Secure Mobility Client (SSL VPN, IKEv2 VPN, Certificate Authentication etc)
cisco asa Configuring Active/Standby Stateful Failover Configuring Active/Standby Stateful Failover
advanced asa configuration Advanced Features of Device Configuration
cisco asa aaa Authentication Authorization and Accounting (AAA) Configuration
Device Access Authentication using external AAA Server Device Access Authentication using external AAA Server
cisco asa Cut-Through Proxy Cut-Through Proxy Authentication for TELNET,FTP,HTTP
identity firewall Configuration of Identity Firewall
cisco asa routing protocols rip ospf eigrp Configuring Routing Protocols on ASA (Static Routes, RIP, OSPFv2, OSPFv3, EIGRP)
modular policy framework Modular Policy Framework Configuration (Class Maps, Policy Maps etc).
modular policy framework for connection limits Using Modular Policy Framework for setting TCP connection limits.
modular policy framework traffic inspection Using Modular Policy Framework for Traffic Inspection.
QoS on ASA Configuring Quality of Service (QoS)-Traffic Policing, Shaping, Voice Priority Queueing etc
ASA 5505 Cisco ASA 5505 Overview
ASA 5505 Cisco ASA 5505 Hardware and Ports
ASA 5505 Cisco ASA 5505 Licensing

All the above information is supported with more than 50 detailed Network Diagrams and other pictures. Some examples are shown below (Click on image to enlarge):

Nat and ACL Active Standby Failover DMZ Servers
Dual ISP Redundancy asa 5500 as DHCP server Configuring VLANs and subinterfaces
AAA Authentication routing protocols on cisco asa - OSPF Configuring Cisco Anyconnect SSL WebVPN
hub and spoke ipsec vpn anyconnect certificate from ASA local CA identity firewall

For Which ASA Models?

You will learn to configure the following ASA Models (basically ALL ASA models available):

cisco asa 5505 CISCO ASA 5505
cisco asa 5500 ALL CISCO ASA 5500 MODELS
cisco asa 5500-X ALL CISCO ASA 5500-X MODELS

NOTE: For ASA5500-X models, the book does not cover Next Generation Firewall features such as ASA CX, Cloud Web Security or Web Security Essentials. However, all the content in the book will work on 5500-X models as well.

By purchasing this configuration guide, you will be getting huge discounts for the updated books that I will be publishing in the future. Just make sure to subscribe to my "Customers Email list" (at the download page after purchasing the ebook) in order to be eligible for the discounts.


Below are some actual comments that I have received from people who purchased this ebook before:

"Are you going to do a ASA Advanced (SNAA) book. You did a great job on this one.

"hello all
thanks for giving a book its help me to understand asa"

"Hi Harris,
I just want to say thank you to you. Your books saved my project. I seriously look for forward to see your next book coming - please keep it under 100 pages!

I have bought your book since many weeks and you have done great job. I wouldn't hesitate to buy Advance version of it. I hope it will be jam packed with lots of real world examples and diagrams. If the eBook is full of great information and covering each Technologies for real world scenarios then I am happy to pay whatever price your chose.
I have various different ASA books but whenever I want go back to basics, I go and check your color full diagrams plus simple explanation. End-of-Day I am human and forget things. Memory buffer overflow. "

"Hi Harris,
Your book has been one of the best books I've bought so far. It provides me with a foundation of knowledge that is allowing me to progress further in my career. Also, it's great that you also find the time to answer some newbie questions (thanks again for providing advice)! I can't wait for the next book to come out!
John D. "

John D.
"I Just want to say that this Cisco ASA Doc has been a great help to me as a Cisco Consultant. As a Cisco Consultant I have to understand all Cisco Technologies , and having a good reference Doc is hard to come by. Also want to say for the price its a great deal!!!"

"I have bought your ebook yesterday… GREAT JOB!
Thank you!"

Luigi Pandolfino
"hi Harris
just i want to say that your book is so far one of the best book that i have purchased , it’s for me a reference and it help me to performe a good project , and it’s value worth more than 27$ can’t wait for your next book"
Thank you!

"Cisco ASA Firewall Fundamentals book is well worth the cost. Its contents were just right for me.

I understand intermediate networking but I don't work on Cisco ASAs often enough to remember everything and I didn't know much about the new 8.3 changes. I use Cisco ASA Firewall Fundamentals more than any other Cisco ASA book as a quick reference and a reminder if I have a Cisco ASA question. This book quickly showed me what the significant changes in 8.3 are.

Cisco ASA Firewall Fundamentals isn't dense like most Cisco books. It's very accessible. It doesn't contain every detail but it's the most used Cisco ASA book in my library (including all the books on O'Reilly Safari). It's easy to quickly read through, digest, and also good to refer back to later. It has excellent examples and explanations with helpful diagrams along with the command line commands.

Harris, thanks for writing this book and making it available at a reasonable price. If you write more books I will buy them too."

"We upgraded from a 10 year old Netscreen NS100 to a Cisco ASA5510 and this book was a great asset in learning how to recreate our firewall rules. It's a very short read and right to the point! I found it much easier to follow than Cisco's own book and would definitely recommend it as your main or companion reference."

John Mello
"Hello Harris,
I can't thank you enough for the the information you provide in your book. Even though I have taken both ICND courses and have a firm grasp of Cisco OS, I find myself referencing your work quite often.
Thanks again,

Paul Belter
"Hi Harris,
Your book is awesome, I’m glad that I brought it. 1 thing that I can only promise you is that I’ll recommend your book to my colleagues and on my previous colleagues and I won’t give a copy to them.

Thank you

"Mr. Harris Andrea,
I wrote you one time and you replied back, it was about a command in Class-Maps and you informed me that it was introduced in version 7.4, awesome!. I was very impressed, thank you.
Just wanted to let you know, that the book, Cisco-ASA-Firewall-Fundamentals took me to the next level configuring and troubleshooting Cisco ASA 5510 firewalls.
Perhaps let us know about your next book and include configurations for QoS on the firewall, since some VoIP providers are found now on the internet.
Thank you again, regards
Oscar "

Oscar Cid
"Dear Harris,
The Cisco ASA Firewall Fundamentals book is simply incredible.I was afraid of reading the Entire Cisco ASA firewall book as its too time taking to finish . But ur book has made my work easy .U did a splendid job in ur book. I would like to call it a short a precise book for quick and better understanding. The way u wrote the books shows that you are really a Master of ASA Technology. I hope in future u shall write books for CCIE level also, it will be a great fun to read the books written by you. Thanks from the Bottom of my Heart. I will be waiting for your CCIE Level books.
Kind Regards,

Maniram Sahu

You can see those testimonials on my blog post HERE.

11 Complete Configuration Examples

Cisco ASA Complete Configuration Examples


I'm offering you also, as a FREE Bonus, 11 real world complete configuration examples which have been tested to work on both ASA 8.x and the newest ASA 9.x versions. Each configuration example contains a network diagram and explanation of the scenario to be configured. Then, the complete ASA configurations are given together with command explanations as needed.


The Bonus Configuration Examples include:

ASA 5505 Basic Internet Access with DHCP ASA 5505 Basic Internet Access with DHCP
ASA 5505 with Dynamic IP Address and DMZ Host ASA 5505 with Dynamic IP Address and DMZ Host
ASA 5505 with Microsoft SBS Server on the Inside ASA 5505 with Microsoft SBS Server on the Inside
ASA 5505 with PPPoE Internet Access ASA 5505 with PPPoE Internet Access
Hub-and-Spoke IPSec VPN with Dynamic IP Spoke Hub-and-Spoke IPSec VPN with Dynamic IP Spoke
Site-to-Site IKEv2 IPSec VPN between two ASA Site-to-Site IKEv2 IPSec VPN between two ASA
Remote Access VPN with IKEv1, IKEv2 and SSL on the same ASA Device Remote Access VPN with IKEv1, IKEv2 and SSL on the same ASA Device
Anyconnect SSL VPN with Microsoft Active Directory Authentication Anyconnect SSL VPN with Microsoft Active Directory Authentication
Special site-to-site IPSEC VPN between two ASA with Controlled VPN access Special site-to-site IPSEC VPN between two ASA with Controlled VPN access
ASA Firewall with DMZ and two Internal Zones ASA Firewall with DMZ and two Internal Zones
How to Block Access to specific Websites with Cisco ASA How to Block Access to specific Websites with Cisco ASA



You can pay securely using your Credit Card or PayPal.

Note that you can use your Credit Card even if you don't have a Paypal account (see image below).

Credit Card payment in Paypal
These are Acrobat PDF Format eBooks. After purchasing with your Credit Card or PayPal you will receive an email with a download link to get your eBooks instantly.



Bundle Cisco ASA and VPN Books

Cisco ASA Firewall Fundamentals-3rd Edition Cisco ASA Firewall Fundamentals-3rd Edition (includes ASA5505 Info)
Free complete configuration examples Plus Bonus 11 Complete ASA Configuration Examples


$29.95 $19.95

This is the best value for money book for Cisco ASA Firewalls that you can find out there!!!

If you think the price is high, I ask you to search around the Internet and if you find a similar technical book about Cisco ASA Firewalls with so much detailed content, then I will give you the eBooks for FREE....Period


Add to Cart


Bundle Cisco ASA and VPN Books

I have recently published my new ebook "Cisco VPN Configuration Guide" which is priced at $19.95 SEE DETAILS HERE

As a special Bundle Package, I offer you the following 3 eBooks on discount:

Cisco ASA Firewall Fundamentals-3rd Edition Cisco ASA Firewall Fundamentals-3rd Edition (includes ASA5505 Info)
Free ASA configuration examples Plus Bonus 11 Complete ASA Configuration Examples
Cisco VPN Configuration Guide Plus Cisco VPN Configuration Guide


$39.90 $29.95
(Limited Time Offer)

Think about it for a minute: By purchasing the above Bundle Package you will invest in your professional education and enrich your technical knowledge on Cisco ASA Firewalls and Cisco VPNs for a price that is less than a dinner for two. Is it worth it or not?


Add to Cart

30 Day Money-Back Guarantee

I'm so confident that you will be completely satisfied with "Cisco ASA Firewall Fundamentals - 3rd Edition" that I offer you unconditional Instant Money-Back Guarantee. Just send me an email within 30 Days from your purchase and you will get your money back...No Questions Asked.

Get your copy now for only $19.95


Add to Cart

Cisco ASA Firewall Fundamentals ebook

All the Best with your Professional Career

All brand names and product names used herein, are trade names, service marks, trademarks, or registered trademarks of their respective owners. "" and "Cisco ASA Firewall Fundamentals" are not associated with any product or vendor mentioned, including Cisco Systems. PIX and ASA Firewalls are registered trademarks of Cisco Systems, Inc..