Securing Networks with ASA Advanced (SNAA) Course v1.0 is a five-day, instructor-led, lab-intensive course that addresses new features and syntax of Cisco Security Appliance Software v8.0. This task-oriented course teaches the knowledge and skills needed to configure, maintain, and operate Cisco ASA 5500 Series Adaptive Security Appliances at an advanced level.
This course further updates Securing Networks with PIX and ASA (SNPA) v5.0 and includes extensive VPN features of the ASA which replaces Cisco Secure Virtual Private Networks (CSVPN). In SNAA v 1.0, the ASDM 6.0 graphical user interface (GUI) is used for configuration and monitoring. Although all lessons and labs are now GUI-based, the commands for each configuration task are also presented in the lessons for those who prefer to configure the security appliance via the command line interface (CLI). In SNAA 1.0, lessons have been updated to cover new features in Cisco ASA and PIX Security Appliance Software Version 8.0(2)
Prerequisites
To fully benefit from this course, it is recommended that you have the following prerequisite skills and knowledge:
- SNAF - Securing Networks with ASA Fundamentals
Associated Certifications
- Cisco Certified Security Professional (CCSP)
Who Should Attend
This course is intended for the following audience:
- Cisco customers who implement and maintain Cisco ASA security appliances
- Cisco channel partners who sell, implement, and maintain ASA security appliances
- Cisco engineers who support the sale of ASA security appliances
Number of Days
5 Days instructor-led classroom training. (Approx. 7 hours each day.)
Course Objectives
After completing this course, the student will be able to:
- Advanced Policy NAT, with emphasis on NAT 0
- Advance protocol handling
- Dynamic routing and switching with details on VLANs, 5505 switching with switchports, and ASA routing with OSPF and EIGRP
- IPSec: Digital Certificates (DC's), Site-to-Site with DC's, Remote Access with DC's, Easy VPN with DC's, ASA 5505 as Easy VPN Client, VPN with QOS
- SSL VPN Clientless configuration, Full network SSL access with SSL VPN via Cisco Anyconnect, Cisco Secure Desktop configuration, Cisco Secure Desktop with Dynamic Access Policies
- Security Service Modules: both the CSC and AIP SSM's
Course Outline
Module 1: Advanced ASA NAT
- Lesson 1: Applying NAT 0 and policy NAT
Module 2: Advanced Protocol Handling
- Lesson 1: Applying the Cisco Modular Policy Framework
- Lesson 2: Handling Advanced Protocol
Module 3: Dynamic Routing and Switching
- Lesson 1: Switching with VLANs
Lesson 2: Routing with Dynamic Protocols
Module 4: IPSec VPNs
- Lesson 1: understanding IPSec and Digital Certificates
- Lesson 2: Implementing Site-to-Site VPNs with Digital Certificates
- Lesson 3: Configuring the Cisco VPN Client
- Lesson 4: Implementing Remote Access VPNs with Digital Certificates
- Lesson 5: Configuring Remote Access Advanced Features and Policy
- Lesson 6: Configuring the ASA 5505 as an Easy VPN hardware Client
- Lesson 7: IPSec VPNs and QOS
Module 5: SSL VPNs
- Lesson 1: SSL VPN Technology Overview
- Lesson 2: Configuring Clientless SSL VPNs
- Lesson 3: Full Network Access SSL VPN Configuration
- Lesson 4: Cisco Secure Desktop
- Lesson 5: Securing the Desktop with CDP and DAP
Module 6: Security Services Modules
- Lesson 1: Examining the SSMs
- Lesson 2: CSC-SSM: Getting Started
- Lesson 3: AIP-SSM: Getting Started
Hands On Lab Exercises
Lab 1-1: Implementing Advanced NAT
Lab 2-1: Implementing MFP for FTP
Lab 3-1: Dynamic Routing with EIGRP
Lab 4-1: LAN-to-LAN with Digital Certificates
Lab 4-2: Remote Access VPN with Digital Certificates
Lab 4-3: ASA 5505 Hardware Client
Lab 5-1: Clientless SSL VPN
Lab 5-2: SSL VPN Client with Anyconnect Client
Lab 5-3: Cisco Secure Desktop and Dynamic Access Policy
Lab 6-1: Configuring AIP-SSM
