Change location 

Course Length Format
Select an option
Securing Networks with ASA Advanced (SNAA) v1.0 5 days Lecture/lab
Course outline

Module 1: Advanced NAT

Lesson 1: Applying NAT 0 and Policy NAT

  • ACLs
  • NAT
  • Translation Behavior
  • NAT Exemption
  • Policy NAT
  • Verify and Troubleshoot

Module 2: Advanced Protocol Handling

Lesson 1: Applying the Cisco Modular Policy Framework

  • Cisco Modular Policy Framework Overview
  • Configuring the Cisco Modular Policy Framework
  • Configuring a Layer 7 Class Map
  • Configuring a Regular Expression Class Map
  • Configuring a Layer 7 Policy Map
  • Verifying the Cisco Modular Policy Framework Configuration

Lesson 2: Handling Advanced Protocols

  • Protocol Inspection Overview
  • FTP Inspection
  • HTTP Inspection
  • IM Inspection
  • ESMTP Inspection
  • DNS Inspection
  • ICMP Inspection
  • Protocol Inspection Verification

Module 3: Dynamic Routing and Switching

Lesson 1: Switching with VLANs

  • Cisco ASA VLAN Operations
  • VLAN Configuration
  • VLAN Configuration on the Cisco ASA 5505
  • VLAN Verification

Lesson 2: Routing with Dynamic Protocols

  • Dynamic and Static Routing
  • RIP
  • OSPF
  • EIGRP
  • Redistribution
  • Verification and Troubleshooting

Module 4: IPsec VPNs

Lesson 1: Understanding IPsec and Digital Certificates

  • IPsec Operation
  • Digital Certificates and Public-Key Cryptography
  • Certificates and Scalability
  • Certificate Enrollment Process
  • Validating the Certificate
  • Certificate Revocation Lists
  • Security Appliance Certificate Enrollment Support
  • Key Pairs and Trustpoints

Lesson 2: Implementing Site-to-Site VPNs with Digital Certificates

  • Site-to-Site VPNs
  • Configuring CA Certificates
  • Site-to-Site IPsec Connection Profiles
  • Modifying Certificate to Connection Mapping
  • Hub and Spoke
  • Site-to-Site Redundancy
  • Verifying Site-to-Site VPNs
  • Troubleshooting Site-to-Site VPNs

Lesson 3: Configuring the Cisco VPN Client

  • Cisco VPN Client
  • Cisco VPN Client Installation
  • Digital Certificates with Cisco VPN Client
  • Connection Entry
  • Advanced Options
  • Verify and Troubleshoot Client Configuration

Lesson 4: Implementing Remote-Access VPNs with Digital Certificates

  • Remote-Access VPNs
  • Configuring a Cisco ASA for Remote Access
  • Installing Cisco ASA Certificates
  • Defining a Remote-Access Address Pool
  • User Policy Attribute Inheritance
  • Configuring an IPsec Connection Profile
  • Configuring the Certificate to Connection Profile Policy
  • Verifying Remote-Access VPNs
  • Troubleshooting Remote-Access VPNs

Lesson 5: Configuring Advanced Remote-Access Features and Policy

  • Load Balancing
  • Reverse Route Injection
  • Backup Servers
  • Intra-Interface VPN Traffic
  • NAT Transparency
  • Client Update
  • Split Tunneling
  • Personal Firewalls

Lesson 6: Configuring the ASA 5505 as a Cisco Easy VPN Hardware Client

  • Introduction to Cisco Easy VPN
  • Cisco Easy VPN Server Policy
  • Cisco Easy VPN Hardware Client

Lesson 7: Configuring QoS for IPsec VPNs

  • QoS Overview
  • Cisco ASA QoS
  • Configuring QoS for VPNs
  • Verifying QoS

Module 5: SSL VPNs

Lesson 1: Understanding SSL VPN Technology

  • SSL Overview
  • Clientless SSL VPN
  • Cisco Secure Desktop

Lesson 2: Configuring Clientless SSL VPNs

  • Configuring Clientless SSL VPN
  • Verifying Clientless SSL VPN Operation
  • Configuring Port-Forwarding SSL VPN
  • Verifying Port-Forwarding SSL VPN
  • Configuring Additional SSL VPN Features
  • Troubleshooting Clientless and Port-Forwarding SSL VPNs

Lesson 3: Configuring Full Network Access SSL VPNs

  • Cisco Full Network Access SSL VPN Overview
  • Configuring Cisco AnyConnect SSL VPN
  • Verifying Cisco AnyConnect VPN Operation
  • Configuring Advanced Features for the Cisco AnyConnect VPN Client
  • Configuring Certificate-Based Authentication for the Cisco AnyConnect SSL VPN
  • Troubleshooting Cisco AnyConnect VPN Client Operation

Lesson 4: Cisco Secure Desktop

  • Cisco Secure Desktop Overview
  • Cisco Secure Desktop Interoperability
  • Preparing the Cisco ASA for Cisco Secure Desktop

Lesson 5: Securing the Desktop with Cisco Secure Desktop and DAP

  • Cisco Secure Desktop Workflow
  • Prelogin Assessment
  • Secure Session
  • Cache Cleaner
  • Host Emulation and Keystroke Logger Detection
  • Host Scan
  • Dynamic Access Policy
  • DAP Testing

Module 6: Security Services Modules

Lesson 1: Examining the Cisco SSMs

  • Business Challenges
  • Cisco SSMs
  • CSC-SSM
  • AIP-SSM
  • AIP-SSM or CSC-SSM

Lesson 2: CSC-SSM: Getting Started

  • CSC-SSM Overview
  • CSC-SSM Software Loading
  • Initial CLI Cisco CSC Configuration
  • Initially Configuring the CSC-SSM with the Cisco ASDM CSC Setup Wizard

Lesson 3: AIP-SSM: Getting Started

  • AIP-SSM Overview
  • AIP-SSM Software Loading
  • Initial Cisco IPS ASDM Configuration
  • Configure a Cisco IPS Security Policy
Course labs

Lab: Implementing Advanced NAT
Lab: Configuring Advanced Protocol Inspection
Lab: Dynamic Routing with EIGRP and OSPF
Lab: Site-to-Site with Digital Certificates
Lab: Remote Access with Digital Certificates
Lab: Cisco ASA 5505 Easy VPN Hardware Client
Lab: Clientless SSL VPNs
Lab: SSL VPNs with the Cisco AnyConnect Client
Lab: Cisco Secure Desktop and Dynamic Access Policy
Lab: Initializing AIP-SSM

CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, Cisco IOS, Cisco Systems, the Cisco Systems logo, and Networking Academy are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. All other trademarks mentioned in this document or Web site are the property of their respective owners.