ASACAMP - ASA Lab Camp

$4,595.00


  • classroom

  • virtual

  • Onsite
Duration: 5 Days

Based on our enhanced FIREWALL v2 and VPN v2 courses, this exclusive, lab-based course is designed to provide you with the most Adaptive Security Appliance (ASA) 8.4-based lab experience possible in just five Days .

A typical day will begin with an informal white board lecture by the instructor, covering topics associated with the day's labs. Afterwards, you will be free to work on the labs at your own pace and to experiment in the lab environment. Of course, the instructor will remain available to assist as needed.

Labs can be run in any order, any number of times. With the exception of three labs that require two pods to work together, no coordination with other students is necessary. You can experiment with your own scenarios or try our cutting-edge labs including tasks such as:

  • Fundamental ASA Configuration from the CLI and ASDM
  • Controlling Administrative Access using AAA and TACACS+
  • Configuring Object (Auto) NAT and Manual (Twice) NAT
  • Access Control and Troubleshooting Tools
  • Implementing Transparent Firewall and Bridge Groups
  • Application Inspection and Control (Deep Packet Inspection)
  • Threat Detection
  • Routing Protocols
  • Bootstrapping and configuring IPS using the AIP-SSM
  • Configuring clientless and full tunnel SSL VPN
  • Deploying the AnyConnect 3.0 Secure Mobility Client and IKEv2
  • Using the 5505 as an easy VPN remote for the SOHO
  • Site-to-site VPN using IPsec
  • Setting up EtherChannel and Redundant Interfaces
  • Active/Standby and Active/Active Failover
  • VPN Load Balancing
  • Upgrading from 8.2 to 8.4

Your ASA Lab Camp includes:

  • Round-the-clock access to a dedicated Flexible Security Architecture (FSA) pod consisting of the most up-to-date security hardware
  • Enhanced lab topology unlike that of any other training provider
  • FIREWALL v2 and VPN v2 Workbook and Lab Guide, including exclusive additional labs
  • Limited, concise lectures summarizing key points demonstrated in labs
  • Ten extra security e-Lab credits, good for 30 Days , so you can practice and refine your skills, including in our exclusive ASA 8.3 labs
  • World-class Certified Cisco Systems instructors

What You Will Learn

 

  • Bootstrap the security appliance, prepare the security appliance for configuration via the ASDM, and launch and navigate ASDM
  • Perform essential security appliance configuration using ASDM and the CLI
  • Configure dynamic and static address translations in the security appliance using ASDM
  • Configure switching and routing on the security appliance using ASDM
  • Configure access control lists, filter malicious active codes, and filter URLs to meet the requirements of the security policy using ASDM
  • Troubleshooting using the packet tracer
  • Configure object groups and AAA using ASDM
  • Configure a modular policy using ASDM
  • Configure the security appliance to support a site-to-site VPN using ASDM
  • Use ASDM to configure the security appliance to provide secure connectivity using remote access VPNs
  • Configure the security appliance to run in transparent firewall mode
  • Enable, configure, and manage multiple contexts to meet security policy requirements
  • Use advanced NAT features such as auto NAT and manual NAT
  • Use advanced modular policy framework for deep packet inspection of application protocols such as HTTP and FTP
  • Configure the security appliance to segment traffic with VLANs
  • Configure the IPSec VPN Client using digital certificates
  • Configure the advanced Easy VPN Server features of the ASA
  • Determine the necessary configuration for the ASA 5505 to be a VPN hardware client
  • Enable clientless SSL VPNs with the security appliance
  • Enable AnyConnect SSL VPN client with the security appliance
  • Enable the Cisco Secure Desktop with the security appliance to increase the security posture of SSL VPN connections
  • Enable Dynamic Access Policy with the Cisco Secure Desktop
  • Configure, inspect, and filter traffic with the Content Security and Control SSM
  • Configure the AIP-SSM to identify and alert for common attacks

Audience

 

  • Security professionals looking for the most hands-on experience possible in five Days
  • Network security engineers who prefer to learn by doing
  • Motivated self-starters looking to get all the materials required to prepare for the FIREWALL v2 and VPN v2 CCNP Security certification exams

Prerequistes

 

Course Outline

 

FIREWALL v2

1. Cisco ASA Adaptive Security Appliance Essentials

  • Technologies
  • Families
  • Licensing Options

2. Basic Connectivity and Device Management

  • Preparing the Cisco ASA Adaptive Security Appliance for Network Integration
  • Managing Basic Cisco ASA Adaptive Security Appliance Network Settings
  • Configuring Cisco ASA Adaptive Security Appliance Device Management Features

3. Network Integration

  • Configuring Cisco ASA Adaptive Security Appliance NAT Features
  • Configuring Cisco ASA Adaptive Security Appliance Basic Access Control Features
  • Configuring Cisco ASA Adaptive Security Appliance Routing Features
  • Configuring the Cisco ASA Adaptive Security Appliance Transparent Firewall

4. Cisco ASA Adaptive Security Appliance Policy Control

  • Cisco ASA Adaptive Security Appliance MPF
  • Configuring Cisco ASA Adaptive Security Appliance Connection Policy and QoS Settings
  • Configuring Cisco ASA Adaptive Security Appliance Advanced Application Inspections
  • Configuring Cisco ASA Adaptive Security Appliance User-Based Policies

5. Cisco ASA Adaptive Security Appliance High Availability and Virtualization

  • Configuring Cisco ASA Adaptive Security Appliance Interface Redundancy Features
  • Configuring Cisco ASA Adaptive Security Appliance Active/Standby High Availability
  • Configuring Cisco ASA Adaptive Security Appliance Security
  • Configuring Cisco ASA Adaptive Security Appliance Active/Active High Availability

VPN v2

1. Cisco ASA Adaptive Security Appliance VPN Architecture and Common Components

  • Evaluating the Subsystem Architecture
  • Evaluating the Software Architecture
  • Implementing Profiles, Group Policies, and User Policies
  • Implementing PKI Services

2. Cisco ASA Adaptive Security Appliance Clientless Remote Access SSL VPN Solutions

  • Deploying Basic Clientless VPN Solutions
  • Deploying Advanced Application Access for Clientless SSL VPNs
  • Deploying Advanced Authentication and SSO for Clientless SSL VPNs
  • Customizing the Clientless S SL VPN User Interface and Portal

3. Cisco AnyConnect Remote Access SSL Solutions

  • Deploying a Basic Cisco AnyConnect Full-Tunnel SSL VPN Solution
  • Deploying an Advanced Cisco AnyConnect Full-Tunnel SSL VPN Solution
  • Deploying Advanced AAA in Cisco Full-Tunnel VPNs

4. Cisco ASA Adaptive Security Appliance Remote Access IPsec VPNs

  • Deploying Cisco Remote Access VPN Clients
  • Deploying Basic Cisco Remote Access IPsec VPN Solutions

5. Cisco ASA Adaptive Security Appliance Site-to-Site IPsec VPN Solutions

  • Deploying Basic Site-to-Site IPsec VPNs
  • Deploying Advanced Site-to-Site IPsec VPNs

6. Endpoint Security and High Availability for Cisco ASA VPNs

  • Implementing Cisco Secure Desktop and DAP for SSL VPNs
  • Deploying High-Availability Features in Cisco ASA Adaptive Security Appliance VPNs

Course Labs

 

Remember, you can repeat labs, test scenarios of your own creation, and experiment with the ASA 8.4 operating system. Besides having access from within the classroom with the support of your instructor during normal class hours, you will also have 24-hour Internet access to your pod during the week of class.

FIREWALLv2:

Lab 1: Preparing the ASA for Administration

  • Access the ASA Console Port
  • Clear the Existing Configuration
  • Take Inventory of the ASA
  • The Setup Dialog
  • Set the Environment Variables
  • Enable SSH
  • Setup ASDM
  • Persistent Self-Signed Certificate
  • Verify the ASA Configuration

Lab 2: Fundamental ASA Configuration

  • Configure Interfaces
  • Configure Static Routes
  • Test Connectivity
  • Configure NTP
  • Configure Syslog
  • Configure SNMP
  • Configure DHCP Server
  • Verify the ASA Configuration

Lab 3: AAA for Administrative Access

  • Privilege Level Authorization
  • Configure ACS and ASA Communication
  • Configure ACS Integration with Active Directory
  • User Authentication using TACACS+
  • User Authorization using TACACS+
  • Command Authorization using TACACS+
  • Command Accounting using TACACS+
  • Verify the ASA Configuration

Lab 4: Network Address Translation

  • Object NAT (for Dynamic PAT)
  • Object NAT (for Dynamic NAT)
  • Object NAT (for Static NAT)
  • Twice NAT
  • Verify the ASA Configuration

Lab 5: Basic Access Control

  • Understand the Policy Objectives
  • Configure Object Groups
  • Configure Global Policy
  • Configure Outside Policy
  • Configure DMZ Policy
  • Configure Inside Policy
  • Verify the ASA Configuration

Lab 6: ICMP, uRPF, and Troubleshooting Tools

  • Configure ICMP Policy
  • Configure uRPF Policy
  • Ping TCP
  • Debug Commands
  • Packet Tracer
  • Packet Capture

Lab 7: Transparent Firewall

  • Scenario
  • Access the Security Appliance Console
  • Configure Transparent Firewall Mode
  • Bridge Groups, Interfaces, and Management Address
  • Configure the Switching Fabric
  • Test Connectivity Through the Security Appliance
  • Prepare the ASA for and Launch ASDM
  • Test Inbound Policy with ASDM
  • Verify the ASA Configuration
  • Revert the Configuration

Lab 8: Basic Protocol Inspection

  • Basic FTP Inspection
  • Basic HTTP Inspection
  • TTL Manipulation
  • Troubleshoot Traceroute
  • TCP Maps
  • Legacy Application Support
  • Verify the ASA Configuration

Lab 9: Advanced Protocol Inspection

  • Enforcing HTTP RFC Compliance
  • Block an Undesirable HTTP Application
  • Filter Content within HTTP
  • Verify the ASA Configuration

Lab 10: User-Based Policies

  • Configure ACS and ASA Communication
  • Configure ACS Integration with Active Directory
  • Cut-Through Authentication
  • Exclusive - User Authentication Timeouts
  • Virtual Telnet Server
  • Downloadable ACLs
  • Per User Override
  • AAA Accounting
  • Verify the ASA Configuration

Lab 11: Active/Standby Failover

  • Prepare the Primary ASA for Failover via ASDM
  • Configure the Failover Prompt
  • Prepare the Secondary ASA for Failover via the CLI
  • Turn Failover On and Verify Status
  • Test Failover Operation
  • Return to a Normal State
  • Demonstrate Configuration Replication
  • Verify the ASA Configuration

Lab 12: Active/Active Failover

  • Prepare the Primary ASA for Failover via ASDM
  • Prepare the Secondary ASA for Failover via the CLI
  • Turn Failover On and Verify Status
  • Demonstrate Command Replication and Failover Exec
  • Enable Preemption
  • Test Failover Operation
  • Return to a Normal State
  • Verify the ASA Configuration

VPN v2:

Lab 1: Licensing, ACS, and Public CA

  • Licensing Scenario Design Challenges
  • Configure ACS and ASA Communication
  • Configure ACS Integration with Active Directory
  • Create an ACS Identity Sequence and Test Authentication
  • Manually Obtain SSL Certificates from a Public CA
  • Verify the ASA Configuration
  • Design Challenge Answers

Lab 2: Basic Clientless SSL VPN

  • Enable DNS Lookups to Facilitate the Portal
  • Enable and Test Clientless SSL VPN
  • Connection Profiles and Group Policies
  • Connection Profile Lock Using ACS
  • Browsing Policies for Group Policies
  • Bookmark Lists for Group Policies
  • Navigating without Using the URL Entry Field
  • WebType ACLs
  • Verify the ASA Configuration

Lab 3: Clientless SSL VPN

  • Implement and Test Port Forwarding
  • Implement and Test Smart Tunnels
  • Implement and Test SSL VPN Plug-Ins
  • Verify the ASA Configuration

Lab 4: Customizations and Auto Sign-On

  • Update the Customization used by DfltGrpPolicy
  • Update the Customization used by Partner-Policy
  • Auto Sign-On
  • Variable Substitution in URLs
  • OWA with Single Sign-On
  • Verify the ASA Configuration

Lab 5: Basic AnyConnet Full Tunnel SSL VPN

  • Configure Address Assignment Policy and Pools
  • Enable AnyConnect and Upload Client to the ASA
  • Configure SSL Protocols
  • Modify Connection Profiles and Group Policies
  • Install the AnyConnect Client using WebLaunch
  • Configure NAT for Remote Access VPN
  • Allow Internet Access via Split Tunneling
  • Allow Internet Access via Hairpin
  • Modify a Local Group Policy
  • Configure a Centralized Group Policy
  • Verify the ASA Configuration

Lab 6: AnyConnect Centralized Management

  • Upgrade the AnyConnect Client
  • Customize AnyConnect Icons
  • AnyConnect XML Profiles
  • DTLS and TLS Fallback
  • Install a Pre-Deployed Image of AnyConnect and DART
  • Verify the ASA Configuration

Lab 7: Local CA and SCEP Proxy

  • Manually Obtain SSL Certificate from a Public CA
  • Prepare the ASA to Accept SSL VPN Connections
  • Install the AnyConnect Client and Test Connectivity
  • Configure a New Local Group Policy
  • Configure a Centralized Group Policy
  • Verify the ASA Configuration

Lab 8: Remote Access IP Sec VPN

  • Enable IKEv2 IPSec Remote Access VPN
  • Reset the AnyConnect Client on the Win7-PC
  • Download and Test the IPSec AnyConnect Profile
  • IKEv2 with Certificate-Based Authentication
  • Enable IKEv1 IPSec Remote Access VPN
  • Verify the ASA Configuration

Lab 9: IP Sec Site-to-Site VPN

  • Existing Configuration
  • Verify an IKEv1 Policy
  • Build the Site-to-Site Connection Profile
  • Adjust NAT Policies for VPN
  • Verify Tunnel Status
  • Monitor Session Establishment with Debug
  • Control Site-to-Site Traffic with a Filter
  • Update the VPN Configuration for PKI Support
  • Verify the ASA Configuration

Lab 10: Cisco Secure Desktop and Dynamic Access Policies

  • Enable the Cisco Secure Desktop
  • Configure CSD Prelogin Policy
  • Test Pre-Login Policy