SNPA (Securing Networks with PIX and ASA) Training Class

1. Cisco Security Appliance Technology and Features

Introduction to the general functionality provided by firewalls and Security
Appliances.

• Firewall Technologies


• Security Appliance Features Overview

2. Cisco PIX Security Appliance and ASA Adaptive Security Appliance Families

Introduction to the Cisco PIX 500 Series Security Appliance family, Cisco ASA
5500 Series Adaptive Security Appliance family, and Firewall Services Module (FWSM).

• Models and Features of Cisco Security Appliances


• PIX Security Appliance Licensing


• ASA Adaptive Security Appliance Licensing


• Cisco Firewall Services Module

3. Getting Started with Cisco Security Appliances

Learn to configure a Security Appliance.

• User Interface


• File Management


• Security Appliance Security Levels


• Basic Security Appliance Configuration


• Examining Security Appliance Status


• Time Setting and NTP Support


• Syslog Configuration

4. Translations and Connections

Discussion of Security Appliance translations and connections, how the Security
Appliance processes TCP and User Datagram Protocol (UDP) traffic, and how to
configure dynamic and static address translations in a Security Appliance.

• Transport Protocols


• Network Address Translation


• Port Address Translation


• Identity NAT (NAT 0)


• Static Command


• Port Redirection with the Static Command


• TCP Intercept and Connection Limits


• Connections and Translations


• Configuring Multiple Interfaces

5. Access Control Lists (ACLs) and Content Filtering

Discuss how to control access through the Security Appliance using ACLs. Learn how to configure the Security Appliance to filter
malicious active code and how to configure URL filtering.

• ACLs


• Time-Based ACLs


• Editing Existing ACLs


• The ICMP Command


• Other ACL Uses


• Malicious Active Code Filtering


• URL Filtering

6. Object Grouping

Learn object grouping concepts and how to use the object-group command to
configure object grouping. The various types of object groups are explained, and
the use and configuration of nested object groups are covered.

• Configuring Object Groups


• Nested Object Groups


• Applying Object Groups to ACLs

7. Authentication, Authorization, and Accounting (AAA)

Learn Security Appliance AAA and
how to configure AAA.

• Introduction to AAA


• Installation of Cisco Secure ACS for Windows 2000


• Security Appliance Access Authentication Configuration


• Using the Local User Database


• Changing Authentication Timeouts


• Security Appliance Cut-Through Authentication Configuration


• Virtual Telnet and Virtual HTTP


• Tunnel Access Authentication Configuration


• Authorization Configuration


• Downloadable ACLs


• Per-User Override


• Accounting Configuration

8. Switching and Routing

Explanation of the virtual local area network (VLAN) capabilities of the
Security Appliance and the routing capabilities of the Security Appliance.
Discussion of Routing Information Protocol (RIP) and the Open Shortest Path
First (OSPF) algorithm in detail and configuration of the Security Appliance to
allow multicast traffic.

• VLANs


• Static and Dynamic Routing


• OSPF


• Multicasting

9. Modular Policy Framework

Introduction of modular policy framework and explanation of how to configure a
modular policy.

• Modular Policy Overview


• Configuring a Class Map


• Configuring a Policy Map


• Configuring a Service Policy

10. Advanced Protocol Handling

Introduction to Security Appliance advanced protocol handling. Learn to
configure protocol inspection, including configuring an inspection modular
policy, defining an FTP map, defining an HTTP map, and describing a number of
the inspection protocols supported by the Security Appliance.

• Advanced Protocol Handling


• FTP, HTTP, and Protocol Application Inspection


• Configuring Deep Packet Inspection


• Multimedia Support

11. VPN Configuration

Learn the basics of IPSec and Security Appliance virtual private networks (VPNs),
with a focus on communications between Security Appliance gateways for
site-to-site secure connectivity. Discuss how VPNs function and the tasks
necessary to configure VPN connection parameters on the Security Appliance.

• Secure VPNs


• How IPSec Works


• Configure VPN Connection Parameters


• Configuring IKE Parameters


• Configuring Tunnel Groups


• Configuring IPSec Parameters


• Scale Security Appliance VPNs with Digital Certificates

12. Configuring Security Appliance Remote Access Using Cisco Easy VPN

Discuss the Cisco Easy VPN and its two components and modes of operation.

• Introduction to Cisco Easy VPN


• How Cisco Easy VPN Works


• Configuring Users and Groups


• Configuring IKE Mode Config Parameters


• Configuring Dynamic Crypto Maps


• Configuring the Easy VPN Server for Extended Authentication


• Configure Security Appliance Hub-and-Spoke VPNs


• Cisco VPN Client Manual Configuration Tasks


• Working with the Cisco VPN Client

13. Configuring ASA for WebVPN

Define the characteristics of WebVPN and how it compares with traditional VPNs.
Discuss the end-user interface and the steps and commands necessary to configure
the ASA for WebVPN. As this is a feature unique to the ASA 5500 Series, it is
not covered in a hands-on lab.

• WebVPN End-User Interface


• Configure WebVPN General Parameters, Servers, URLs, and Port Forwarding


• Define Email Proxy Servers


• Configure WebVPN Content Filters and ACLs

14. Configuring Transparent Firewall

Overview and explanation of transparent firewall mode. Enabling transparent
firewall and monitoring and maintenance commands specific to the transparent
firewall mode are also detailed.

• Transparent Firewall Mode Overview


• Enabling Transparent Firewall Mode


• EtherType ACLs


• ARP Inspection


• Monitoring and Maintaining Transparent Firewall Mode

15. Configuring Security Contexts

Learn the purpose of security contexts and how to enable, configure, and manage
multiple contexts.

• Security Context Overview


• Enabling Multiple Context Mode


• Configuring a Security Context


• Managing Security Contexts

16. Failover

Introduction to the Security Appliance failover options and how to configure
them. Describe the types of failover supported by the Security Appliance and
learn to configure active/standby, active/active, and stateful failover.

• Understanding Failover


• Serial Cable-Based Failover Configuration


• Acti

Cisco customers who implement and maintain PIX and ASA Security Appliances;
Cisco channel part