Securing Networks with ASA Advanced (SNAA) — A 5-day course
Synopsis
In this authorized Cisco SNAA course, you will take your knowledge and skills on configuring, maintaining, and operating Cisco ASA 5500 Series Adaptive Security to the next level. Recommended training for the Cisco Certified Security Professional (CCSP) certification, SNAA takes over where SNAF leaves off, covering advanced topics of Adaptive Security.
We have added depth to the existing Cisco-developed hands-on labs for SNAA. Our advanced hands-on labs, delivered in an enhanced topology designed to simulate a typical production network, guide you through exercises such as managing digital certificates for IPSec and SSL VPNs, deep packet inspection, and using the 5505 in the SOHO environment.
Our labs utilize ASA 5520 security appliances, though this course and lab content is applicable across the ASA and PIX families of security appliances, since the command syntax is generally the same. This course covers the features and syntax of Cisco Security Appliance Software v8.0.
Securing Networks with ASA Advanced (SNAA) v1.0 is a new course to replace the Cisco Secure Virtual Private Networks (CSVPN) & Securing Networks with PIX and ASA (SNPA) courses. In order to cover new features in ASA software version 8.0 and to fully cover the VPN features of the ASA, the content of SNPA was split into two courses, one that covers the fundamentals and on that covers more advanced topics. Content that has been moved to SNAA includes the following: configuring the ASA 5505 dual-ISP support, configuring ASA 5505 VLANs, configuring policy NAT, installing and configuring the Cisco Secure Desktop, configuring the security appliance to pass multicast traffic, configuring Layer 7 class maps and policy maps, and initializing the AIP-SSM and CSC-SSM. SNAA also utilizes the graphical user interface instead of the command line interface for explanation and discussions of configuring the ASA. The SNAA 1.0 course takes a task-oriented approach to teaching the skills to deploy, configure, and administer the Cisco ASA using a fictional company’s deployment of an ASA which is based on real world scenarios.
Course Objectives:
After completing this course, the student will be able to:
- Use advanced NAT features such as policy-based NAT
- Use advanced modular policy framework for deep packet inspection of application protocols such as HTTP and FTP
- How the multimedia protocols are handled and configured by the modular policy framework of the security appliance at Layer 3, 4, and 7
- Configure the security appliance to segment traffic with VLANs
- Configure dynamic routing capabilities of the appliance
- Configure the security appliance to route multicast traffic
- Use advanced IPSec VPN technologies such as peer authentication using digital certificates
- Steps necessary to configure the ASA as a CA Server
- Configure the IPSec VPN Client using digital certificates
- Configure the advanced Easy VPN Server features of the ASA
- Necessary configuration for the ASA 5505 to be a VPN hardware client
- Steps to configure QoS for VPN traffic
- SSL VPN features and capabilities of the security appliance
- Enable clientless SSL VPNs with the security appliance
- Enable AnyConnect SSL VPN Client with the security appliance
- Enable the Cisco Secure Desktop with the security appliance to increase the security posture of SSL VPN connections
- Enable Dynamic Access Policy with the Cisco Secure Desktop
- Characteristics of the services modules for the ASA
- Configure, inspect, and filter traffic with the Content Security and Control SSM
- Configure the AIP-SSM to identify and alert for common attacks
Intended Audience
This course may be of interest to the following people:
- Cisco customers who implement and maintain ASA and PIX Security Appliances
- Cisco channel partners who sell, implement, and maintain ASA and PIX Security Appliances
- Cisco systems engineers who support the sale of ASA and PIX Security Appliances
Prerequisites
Delegates who are looking to attend this course must have the following pre-requistes:
Publicly scheduled dates, locations, and prices
London — £1895 (+VAT)
- 19–23 Apr 2010
- 17–21 May 2010
- 7–11 Jun 2010
- 14–18 Jun 2010
- 6–10 Sep 2010
- 27 Sep–1 Oct 2010
- 11–15 Oct 2010
- 15–19 Nov 2010
Wokingham — £1895 (+VAT)
- 19–23 Apr 2010
- 13–17 Sep 2010
- 11–15 Oct 2010
- 6–10 Dec 2010
Coventry — £1895 (+VAT)
- 12–16 Jul 2010
Leeds — £1895 (+VAT)
- 26–30 Apr 2010
- 10–14 May 2010
- 25–29 Oct 2010
Contents:
Advanced ASA NAT Configuration
- ACLs, NAT 0, Policy NAT
Advanced Protocol Handling
- Modular Policy Framework
- Protocol Application Inspection
- Multimedia Protocol Handling
Dynamic Routing and Switching
- VLANs
- Dynamic Routing
- Multicast
VPNs with IPSec
- IPSec and Digital Certificates
- ASA CA Server
- LAN-to-LAN with Digital Certificates
- IPSec VPN Client
- Remote Access with Digital Certificates
- Advanced Remote Access Features
- ASA 5505 as a Hardware Client
- VPN QoS
Security Services Modules
- ASA Services Modules
- Content Security and Control
- Advanced Inspection and Prevention
