Cisco ASA Configuration

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

''Richard Deal's gift of making difficult technology concepts understandable has remained constant. Whether it is presenting to a room of information technology professionals or writing books, Richard's communication skills are unsurpassed. As information technology professionals we are faced with overcoming challenges every day...Cisco ASA Configuration is a great reference and tool for answering our challenges.'' --From the Foreword by Steve Marcinek (CCIE 7225), Systems Engineer, Cisco Systems

A hands-on guide to implementing Cisco ASA

Configure and maintain a Cisco ASA platform to meet the requirements of your security policy. Cisco ASA Configuration shows you how to control traffic in the corporate network and protect it from internal and external threats. This comprehensive resource covers the latest features available in Cisco ASA version 8.0, and includes detailed examples of complex configurations and troubleshooting. Implement and manage Cisco's powerful, multifunction network adaptive security appliance with help from this definitive guide.

  • Configure Cisco ASA using the command-line interface (CLI) and Adaptive Security Device Manager (ASDM)
  • Control traffic through the appliance with access control lists (ACLs) and object groups
  • Filter Java, ActiveX, and web content
  • Authenticate and authorize connections using Cut-through Proxy (CTP)
  • Use Modular Policy Framework (MPF) to configure security appliance features
  • Perform protocol and application inspection
  • Enable IPSec site-to-site and remote access connections
  • Configure WebVPN components for SSL VPN access
  • Implement advanced features, including the transparent firewall, security contexts, and failover
  • Detect and prevent network attacks
  • Prepare and manage the AIP-SSM and CSC-SSM cards

Author(s): Richard Deal
Series: Network professional's library
Edition: 1
Publisher: McGraw Hill
Year: 2009

Language: English
Pages: 752
City: New York

Contents......Page 10
Foreword......Page 24
Preface......Page 26
Acknowledgments......Page 28
Introduction......Page 30
Part I: Introduction to ASA Security Appliances and Basic Configuration Tasks......Page 34
1 ASA Product Family......Page 36
ASA Features......Page 37
ASA Hardware......Page 56
2 CLI Basics......Page 66
Access to the Appliance......Page 67
CLI......Page 69
3 Basic ASA Configuration......Page 78
Setup Script......Page 79
Basic Management Commands......Page 81
Basic Configuration Commands......Page 85
Management......Page 98
Hardware and Software Information......Page 103
ASA Configuration Example......Page 106
4 Routing and Multicasting......Page 108
Routing Features......Page 109
Multicast Features......Page 128
Part II: Controlling Traffic Through the ASA......Page 136
5 Address Translation......Page 138
Protocol Overview......Page 139
Translations and Connections......Page 146
Address Translation Overview......Page 152
Address Translation Configuration......Page 161
TCP SYN Flood Attacks......Page 176
Translation and Connection Verification......Page 177
6 Access Control......Page 184
Access Control Lists (ACLs)......Page 185
Object Groups......Page 204
ICMP Filtering......Page 210
Connection Troubleshooting......Page 214
7 Web Content......Page 222
Java and ActiveX Filtering......Page 223
Web Content Filtering......Page 225
Web Caching......Page 236
8 CTP......Page 240
AAA Overview......Page 241
AAA Servers......Page 244
CTP Authentication......Page 246
CTP Authorization......Page 257
CTP Accounting......Page 263
9 IPv6......Page 266
IPv6 Overview......Page 267
IPv6 Interface Configuration......Page 269
IPv6 Routing......Page 271
IPv6 Neighbors......Page 272
IPv6 ACLs......Page 275
Part III: Policy Implementation......Page 278
10 Modular Policy Framework......Page 280
MPF Overview......Page 281
Class Maps......Page 285
Policy Maps......Page 293
Service Policies......Page 307
11 Protocols and Policies......Page 310
ICMP Inspection Policies......Page 311
DCE/RPC Inspection Policies......Page 313
Sun RPC Inspection Policies......Page 314
ILS/LDAP Inspection Policies......Page 317
NetBIOS Inspection Policies......Page 318
IPSec Pass-Thru Inspection Policies......Page 320
PPTP Inspection Policies......Page 321
XDMCP Inspection Policies......Page 322
12 Data Applications and Policies......Page 328
DNS Inspection......Page 329
SMTP and ESMTP Inspection......Page 335
FTP Inspection......Page 339
TFTP Inspection......Page 345
HTTP Inspection......Page 346
Instant Messaging Inspection......Page 351
RSH Inspection......Page 354
SNMP Inspection......Page 355
SQL*Net Inspection......Page 356
13 Voice and Policies......Page 360
SIP Inspection......Page 361
SCCP Inspection......Page 368
CTIQBE Inspection......Page 373
MGCP Inspection......Page 375
14 Multimedia and Policies......Page 380
Multimedia Overview......Page 381
RTSP Inspection......Page 382
H.323 Inspection......Page 388
Part IV: Virtual Private Networks (VPNs)......Page 402
15 IPSec Phase 1......Page 404
IPSec Introduction......Page 405
ISAKMP Configuration......Page 406
Tunnel Groups......Page 411
Certificate Authorities......Page 413
16 IPSec Site-to-Site......Page 428
Site-to-Site Preparation......Page 429
ISAKMP Phase 2 Configuration......Page 432
Site-to-Site Verification......Page 437
Site-to-Site Example......Page 440
17 IPSec Remote Access Server......Page 442
Easy VPN Overview......Page 443
Remote Access Preparation......Page 447
ISAKMP Phase 1 Configuration......Page 449
ISAKMP Phase 2 Configuration......Page 463
Remote Access Verification......Page 465
IPSec Remote Access Server Example......Page 467
VPN Load Balancing......Page 469
18 IPSec Remote Access Client......Page 474
Connection Modes......Page 475
ASA 5505 Remote Client......Page 478
Easy VPN Configuration Example with a Hardware Remote......Page 482
19 SSL VPNs: Clientless......Page 484
Introduction to SSL VPNs......Page 485
Basic WebVPN Configuration......Page 488
WebVPN Group Policies......Page 493
Tunnel Groups......Page 500
WebVPN Clientless Home Portal......Page 503
Non-Web Traffic......Page 508
WebVPN Verification and Troubleshooting......Page 518
20 SSL VPNs: AnyConnect Client......Page 520
AnyConnect Client Overview......Page 521
AnyConnect Client Preparation and Installation......Page 523
Managing and Troubleshooting AnyConnect Sessions......Page 534
Part V: Advanced Features of the ASA......Page 540
21 Transparent Firewall......Page 542
Layer 2 Processing of Traffic......Page 543
Configuring Transparent Mode......Page 548
Additional Layer 2 Features......Page 551
Transparent Firewall Example Configuration......Page 553
22 Contexts......Page 556
Context Overview......Page 557
Context Mode......Page 561
Context Management......Page 568
Context Example......Page 569
23 Failover......Page 574
Failover Introduction......Page 575
Failover Implementations......Page 578
Failover Cabling......Page 581
Failover Operation......Page 584
Active/Standby Configuration......Page 588
Active/Active Configuration......Page 599
24 Network Attack Prevention......Page 610
Threat Detection......Page 611
IP Audit......Page 620
Additional Features......Page 623
25 SSM Cards......Page 630
AIP-SSM Card......Page 631
CSC-SSM Card......Page 639
SSM Card Management......Page 645
Part VI: Management of the ASA......Page 650
26 Basic Management from the CLI......Page 652
DHCP Services......Page 653
Remote Management Features......Page 656
File Management......Page 663
Password Recovery......Page 668
AAA......Page 672
27 ASDM......Page 680
ASDM Overview......Page 681
ASDM Configuration Preparations......Page 683
ASDM Access......Page 684
ASDM Home Screen......Page 687
ASDM Configuration Screens......Page 696
ASDM Monitoring Screens......Page 725
ASDM and Contexts......Page 730
A......Page 736
C......Page 739
D......Page 741
F......Page 742
H......Page 743
I......Page 744
L......Page 745
O......Page 746
P......Page 747
S......Page 748
T......Page 750
W......Page 751
X......Page 752