We guarantee you'll be working "hands-on" in the ASA's command-line interface within 15 minutes of the start of the seminar. Our knowledgeable, experienced instructors are there to show you what you really need to know and to help you troubleshoot when things don't work the way they should.
This Cisco ASA training seminar is two intensive days filled with hands-on lab exercises where you'll learn how to reset the administrator password (even when you don't know it), how to build a basic firewall configuration from scratch in the command-line and in the GUI. You'll practice backing-up and restoring your configuration files and the firewall's operating system image. We'll show you how to set up centralized logging with a syslog server. You'll practice configuring login banners. You'll configure local usernames and privilege levels, plus you'll practice using Active Directory for authentication. You'll set up a DHCP server for automatic address assignment. You'll practice building three types of VPNs including site-to-site, remote access, and a clientless Web VPN. You'll build a DMZ with a Web server and a print server. You'll practice port-scanning to test for vulnerabilities. We'll show you how to configure various types of filtering and you'll actually practice configuring filters to block Java applets. In short, this Cisco ASA training seminar is a lot of hands-on exercises and not a lot of talking! Our instructors are there to show you how to do things, answer your questions, and help you troubleshoot your configurations.
Now upgraded with even more "hands-on" lab exercises (and less talking)!
New "Guaranteed to Run" guarantee
This seminar comes with our unique "Guaranteed to Run" guarantee. What it means is simple: When you enroll in a seminar with the guarantee, we promise to hold it, even if you're the only person registered! We've heard from our customers about the problem with training companies cancelling seminars at the last minute due to low enrollment. Our industry unique business model places more emphasis on your seminar experience and less emphasis on administrative overhead. That allows us to offer this unique guarantee so when you register, you can count on the seminar being held. Go ahead and make your plans, confident that the seminar for which you register will indeed be held. (Guarantee applies to public, open-enrollment seminars when you register at least 30 days in advance.)
Price: $1,895.00
(Save 15% per person with 2 or more attendees: $1,610.75 each!)
Course Objectives
Upon completion of soundtraining.net's Cisco® ASA training seminar, you'll...
Practice password recovery techniques for the Cisco ASA security appliance
Practice two techniques for building a basic firewall configuration from scratch
Gain an understanding of logging configurations and practice using syslog with the security appliance
Practice two methods of backing up and restoring device's configurations
Practice two methods of backing up and restoring your device's software image (operating system), including how to recover the software in a catastrophic fault condition
Practice configuring and using three methods of remote management
Gain an understanding of Network Address Translation and Port Address Translation on the ASA Security Appliance and practice using them in your configurations
Practice configuring three types of banners
Gain an understanding of Cisco privilege levels and practice configuring local usernames and privilege levels
Practice configuring your security appliance to authenticate via Windows Active Directory using RADIUS
Practice buidling and troubleshooting a DHCP server
Practice building three types of VPNs including site-to-site, remote access, and a clientless Web VPN
Gain an understanding of DMZs and practice buidling one with a Web server and a print server
Practice testing security configurations with a port scanner
Gain an understanding of filtering techniques and practice blocking Java applets
Certifications and Exams
This Cisco® training workshop will help prepare the student for professional certification by Cisco including the CCSP certification. Exam candidates are encouraged to visit www.cisco.com for complete exam objectives and outlines.
Who should attend?
This class is intended for network security personnel who install, configure, support, and troubleshoot Cisco® PIX Firewall devices. ASA Security Appliances, Network administrators, network engineers, IT managers, CIOs, CTOs, and anyone responsible for network security will benefit from attending this Cisco Security Appliance training class including PIX firewall training and Cisco ASA Security Appliance training.
Course Outline
Module One: Understanding Firewall Fundamentals
There are myriad firewalls available from personal firewalls to network firewalls; from application firewalls to firewall appliances. In this module, you'll learn the different types and classifications of firewalls and how to choose the right one for your workplace. We'll cover AAA (Authentication, Authorization, and Accounting) and provide an excellent overview of encryption concepts including both single key and PKI. You'll learn about stateful inspection and how the ASA (Adaptive Security Algorithm) provides a high level of security wtihout sacrificing performance. We'll go over each of the models of the Cisco PIX firewall and the new Cisco ASA Security Appliances. This module includes five great hands-on exercises in which you'll actually break in to the firewall (when it's done legitimately, it's called "password recovery"), erase its configuration, and build a new configuration from scratch.
What do firewalls do?
Types of Firewalls
Classification of Firewalls
AAA: Authentication, Authorization, and Accounting
Basics of Encryption including Single Key and PKI
Stateful Inspection
Adaptive Security Algorithm
Network Address Translation
An Overview of Cisco Security Appliances
Understanding VLANs
Understanding the Eight Basic Commands on a Cisco ASA Security Appliance
Controlling the Appliance from its Console
Password Recovery
Student Exercise 1.1: Password Recovery and Initial Configuration
Student Exercise 1.2: Removing the Existing Configuration
Student Exercise 1.3: Using the Eight Commands Required to Enable Basic Firewall Functionality
Student Exercise 1.4: Building a Base Configuration on the ASA Security Appliance
Student Exercise 1.5: Building an Initial Configuration on the ASA Security Appliance
Module Two: Backing Up and Restoring Configurations and Software Images
Once you've invested the time and effort in building a firewall configuration, you sure don't want to risk losing all your hard work through a hardware failure or some other anomoly. (Hey, things happen in systems and networks...the key is to have a backup.) In this module, you'll learn how to use a TFTP (Trivial File Transfer Protocol) server to backup and restore your configurations and software images. After all, when you've got backups, you've got peace-of-mind.
Analyzing the Base Configuration of the Security Appliance
Student Exercise 2.1: Analyzing the Base Configuration and Saving It
Student Exercise 2.2: Backing Up and Restoring the Configuration
Student Exercise 2.3: Backing Up and Restoring the Software Image
Module Three: Sending Logging Output to a Syslog Server
One of the hallmarks of a great system or network administrator is someone who is intimately familiar with every performance aspect of his/her gear. The logs are your best friend for really understanding what's going on with your systems. In this module, you'll learn how to send logging output to an external server. We'll show you how to use the free Kiwi syslogd tool to offload your logs from the security appliance to a Windows host. We'll help you understand logging severity levels and how to configure the amount of logging information that is sent to your logging host.
Using syslogd with the Security Appliance
Student Exercise 3.1: Sending Logging Output to a Syslog Server
Module Four: Remote Management Options
Most of us manage our network devices remotely instead of sitting at the physical console of the device. In this module, you'll learn how to use Telnet (and why you shouldn't use Telnet), SSH, and Web-based management tools to remotely manage your security appliance.
Remote Console Access
Telnet
SSH (Secure Shell)
Configuring and Managing Remote Management through ASDM
Student Exercise 4.1: Telnet and Secure Shell (SSH)
Module Five: Configuring Logon Banners, Usernames, and Authentication, Authorization, and Accounting (AAA)
Your legal department may have already supplied you with the text for your logon banners. In this module, we'll show you how to take that text and create the logon banners for your appliance. Then, you'll learn how about assigning commands to privilege levels, how to create usernames, and associate the usernames with privilege levels to control exactly what individuals can do with the security appliance. We'll also help you understand ways to offload authentication using RADIUS (Remote Authentication Dial-In User Service), TACACS+ (Terminal Access Controller Access Control System Plus), and CiscoSecure Access Control Server. Then, you'll actually configure a local database of usernames and privilege levels on your classroom security appliance.
How to Configure a Banner
Configuring Authentication, Authorization, and Accounting (AAA)
Remote Authentication Technologies
Cisco Secure Access Control Server
Installing and Configuring CACS
Authentication of Clients
Student Exercise 5.1: Creating Banners on the Security Appliance
Student Exercise 5.2: Configuring Usernames and Local Authentication
Student Exercise 5.3: Configuring Privilege Levels on the Security Appliance
Student Exercise 5.4: Authenticating Through Windows Active Directory
Module Six: Configuring the Appliance as a DHCP Server
Often, a security appliance such as the ASA must serve many roles in addition to security. One frequently used role is that of dynamic address allocation as a DHCP server. In this module, you'll learn how to configure your ASA security appliance as a DHCP server including how to provide IP options.
Understanding the DHCP commands on the security appliance
Student Exercise 6.1: Reconfiguring Your DHCP Server
Module Seven: Virtual Private Networking (VPNs)
Virtual Private Networks (VPNs) are one of the most widely used tools to connect remote users to an office LAN and to connect remote offices to main office LANs. Cisco security appliances support both Site-to-Site and Remote Access LANs, plus the new Cisco ASA Security Appliance supports Web-based VPNs, thus eliminating the need for either a hardware or software VPN client. In this module, you'll learn about VPN protocols including PPTP and L2TP, VPN encryption technologies including IPSec, DES and 3DES (Data Encryption Standard), the Diffie-Hellman public-key cryptography protocol, ISAKMP (Internet Security Association Key Management Protocol) and IKE (Internet Key Exchange), AES (Advanced Encryption Standard), and more. We'll cover IKE phase 1 and IKE phase 2. Admittedly, it's a lot of acronyms, but we break it down so you can really understand the whole process.
PPTP
L2TP
IPSec
Encryption Algorithms
Hashing Algorithms
Authentication Methods
Troubleshooting VPN Connections
Configuring the Cisco VPN Client and Connecting to Your VPN
Creating a Web-Based SSL VPN
Student Exercise 7.1: Site-to-Site VPNs
Student Exercise 7.2: Remote Access VPNs
Student Exercise 7.3: Configuring a Web-Based SSL VPN
Student Exercise 7.4: Configuring the Cisco AnyConnect Client
Student Exercise 7.5: Logging Off VPN Users through the ASDM
Module Eight: DMZs (De-Militarized Zones)
DMZs (Demilitarized Zones) are not a new concept, but now even the most basic Cisco security appliance supports configuring VLANs and DMZs to isolate network hosts. In this module, you'll learn various applications for DMZs and how to configure a static routes, access control lists, security levels, and how to build a DMZ at the CLI (Command Line Interface).
Understanding DMZ concepts
Security Levels
Access Control Lists
Static Routes
Port Scanning
Student Exercise 8.1: Configuring a DMZ
Student Exercise 8.2: Analyzing Potential Vulnerabilities with Port Scanning
Module Nine: Filtering Content
Cisco ASA security appliance has extensive filtering and blocking capability. In this module, you'll learn how to configure Unicast RPF to help address problems caused by malformed or spoofed IP packets, how to block fragmented packets, how to implement intrusion detection and prevention through IP auditing, how to configure URL filtering with WebSense and Secure Computing's SmartFilter. You'll also learn how to filter dynamic content using Java Applets and ActiveX. Such content certainly can enhance the users' experience while visiting a website. Unfortunately, such applications can also be used to deliver malicious content. In this module, we'll show you how to use the filtering capabilities of the ASA Security Appliance to prevent Java Applets and ActiveX content from entering your network.
Prospective attendees should have completed soundtraining.net's Cisco Router Fundamentals workshop or have equivalent knowledge.
Please select your desired date and location:
Schedule and Registration
Registration: 8:30 a.m. to 9:00 a.m. Morning session: 9:00 a.m. to noon Lunch (on your own): Noon to 1:00 p.m. Afternoon session: 1:00 p.m. to 4:00 p.m.
Onsite Training
Bring us onsite to your location! All of soundtraining.net's outstanding training programs are available for presentation onsite at your location (or the location of your choice). You choose the time, the topic, and the location and we'll be there with top-notch training, delivered by the best trainers in the industry. Practical, understandable, and relevant is what makes the soundtraining.net difference! Call 206.988.5858 or click the link for more information about bringing training right to your door.
This Cisco ASA training seminar is two intensive days filled with hands-on lab exercises where you'll learn how to reset the administrator password (even when you don't know it), how to build a basic firewall configuration from scratch in the command-line and in the GUI. You'll practice backing-up and restoring your configuration files and the firewall's operating system image. We'll show you how to set up centralized logging with a syslog server. You'll practice configuring login banners. You'll configure local usernames and privilege levels, plus you'll practice using Active Directory for authentication. You'll set up a DHCP server for automatic address assignment. You'll practice building three types of VPNs including site-to-site, remote access, and a clientless Web VPN. You'll build a DMZ with a Web server and a print server. You'll practice port-scanning to test for vulnerabilities. We'll show you how to configure various types of filtering and you'll actually practice configuring filters to block Java applets. In short, this Cisco ASA training seminar is a lot of hands-on exercises and not a lot of talking! Our instructors are there to show you how to do things, answer your questions, and help you troubleshoot your configurations. 
Module One: Understanding Firewall Fundamentals
Bring us onsite to your location! All of soundtraining.net's outstanding training programs are available for presentation onsite at your location (or the location of your choice). You choose the time, the topic, and the location and we'll be there with top-notch training, delivered by the best trainers in the industry. Practical, understandable, and relevant is what makes the soundtraining.net difference! Call 206.988.5858 or click the link for more information about bringing training right to your door.