Cisco ASA All-in-One Firewall, IPS, and VPN Adaptive Security Appliance

ISBN-10: 1587052091

ISBN-13: 9781587052095

Edition: 2006

List price: $80.00
30 day, 100% satisfaction guarantee

If an item you ordered from TextbookRush does not meet your expectations due to an error on our part, simply fill out a return request and then return it by mail within 30 days of ordering it for a full refund of item cost.

Learn more about our returns policy


Identify, mitigate, and respond to network attacks Understand the evolution of security technologies that make up the unified ASA device and how to install the ASA hardware Examine firewall solutions including network access control, IP routing, AAA, application inspection, virtual firewalls, transparent (Layer 2) firewalls, failover and redundancy, and QoS Evaluate Intrusion Prevention System (IPS) solutions including IPS integration and Adaptive Inspection and Prevention Security Services Module (AIP-SSM) configuration Deploy VPN solutions including site-to-site IPsec VPNs, remote- access VPNs, and Public Key Infrastructure (PKI) Learn to manage firewall, IPS, and VPN solutions with Adaptive Security Device Manager (ASDM) Achieving maximum network security is a challenge for most organizations. Cisco(R) ASA, a new unified security device that combines firewall, network antivirus, intrusion prevention, and virtual private network (VPN) capabilities, provides proactive threat defense that stops attacks before they spread through the network. This new family of adaptive security appliances also controls network activity and application traffic and delivers flexible VPN connectivity. The result is a powerful multifunction network security device that provides the security breadth and depth for protecting your entire network, while reducing the high deployment and operations costs and complexities associated with managing multiple point products. "Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance" is a practitioner' s guide to planning, deploying, and troubleshooting a comprehensivesecurity plan with Cisco ASA. The book provides valuable insight and deployment examples and demonstrates how adaptive identification and mitigation services on Cisco ASA provide a sophisticated security solution for both large and small network environments. The book contains many useful sample configurations, proven design scenarios, and discussions of debugs that help you understand how to get the most out of Cisco ASA in your own network. " I have found this book really highlights the practical aspects needed for building real-world security. It offers the insider' s guidance needed to plan, implement, configure, and troubleshoot the Cisco ASA in customer environments and demonstrates the potential and power of Self-Defending Networks." -Jayshree Ullal, Sr. Vice President, Security Technologies Group, Cisco Systems(R) This security book is part of the Cisco Press(R) Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
what's this?
Rush Rewards U
Members Receive:
You have reached 400 XP and carrot coins. That is the daily max!
Study Briefs

Limited time offer: Get the first one free! (?)

All the information you need in one place! Each Study Brief is a summary of one specific subject; facts, figures, and explanations to help you learn faster.

Add to cart
Study Briefs
SQL Online content $4.95 $1.99
Add to cart
Study Briefs
MS Excel® 2010 Online content $4.95 $1.99
Add to cart
Study Briefs
MS Word® 2010 Online content $4.95 $1.99
Add to cart
Study Briefs
MS PowerPoint® 2010 Online content $4.95 $1.99
Customers also bought

Book details

List price: $80.00
Copyright year: 2006
Publisher: Cisco Press
Publication date: 10/14/2005
Binding: Paperback
Pages: 840
Size: 7.50" wide x 9.25" long x 1.75" tall
Weight: 2.992
Language: English

Product Overview
Introduction to Network Security
Firewall Technologies
Network Firewalls
Packet-Filtering Techniques
Application Proxies
Network Address Translation
Port Address Translation
Static Translation
Stateful Inspection Firewalls
Personal Firewalls
Intrusion Detection and Prevention Technologies
Network-Based Intrusion Detection and Prevention Systems
Pattern Matching and Stateful Pattern-Matching Recognition
Protocol Analysis
Heuristic-Based Analysis
Anomaly-Based Analysis
Host-Based Intrusion Detection Systems
Network-Based Attacks
DoS Attacks
TCP SYN Flood Attacks
land.c Attacks
Smurf Attacks
DDoS Attacks
Session Hijacking
Virtual Private Networks
Understanding IPSec
Internet Key Exchange
IKE Phase 1
IKE Phase 2
IPSec Protocols
Authentication Header
Encapsulation Security Payload
IPSec Modes
Transport Mode
Tunnel Mode
Product History
Cisco Firewall Products
Cisco PIX Firewalls
Cisco FWSM
Cisco IOS Firewall
Cisco IDS Products
Cisco VPN Products
Cisco ASA All-in-One Solution
Firewall Services
IPS Services
VPN Services
Hardware Overview
Cisco ASA 5510 Model
Cisco ASA 5520 Model
Cisco ASA 5540 Model
AIP-SSM Modules
Firewall Solution
Initial Setup and System Maintenance
Accessing the Cisco ASA Appliances
Establishing a Console Connection
Command-Line Interface
Managing Licenses
Initial Setup
Setting Up the Device Name
Configuring an Interface
Configuring a Subinterface
Configuring a Management Interface
DHCP Services
IP Version 6
IPv6 Header
Configuring IPv6
IP Address Assignment
Setting Up the System Clock
Manual Clock Adjustment Using clock set
Automatic Clock Adjustment Using the Network Time Protocol
Time Zones and Daylight Savings Time
Configuration Management
Running Configuration
Startup Configuration
Removing the Device Configuration
Remote System Management
Secure Shell
System Maintenance
Software Installation
Image Upgrade via the Cisco ASA CLI
Image Recovery Using ROMMON
Password Recovery Process
Disabling the Password Recovery Process
System Monitoring
System Logging
Enabling Logging
Logging Types
Additional Syslog Parameters
Simple Network Management Protocol
Configuring SNMP
SNMP Monitoring
CPU and Memory Monitoring
Network Access Control
Packet Filtering
Types of ACLs
Standard ACLs
Extended ACLs
EtherType ACLs
Comparing ACL Features
Configuring Packet Filtering
Step 1: Set Up an ACL
Step 2: Apply an ACL to an Interface
Step 3: Set Up an IPv6 ACL (Optional)
Advanced ACL Features
Object Grouping
Object Types
Object Grouping and ACLs
Standard ACLs
Time-Based ACLs
Downloadable ACLs
ICMP Filtering
Content and URL Filtering
Content Filtering
ActiveX Filtering
Java Filtering
Configuring Content Filtering
URL Filtering
Configuring URL Filtering
Deployment Scenarios Using ACLs
Using ACLs to Filter Inbound and Outbound Traffic
Enabling Content Filtering Using Websense
Monitoring Network Access Control
Monitoring ACLs
Monitoring Content Filtering
Understanding Address Translation
Network Address Translation
Port Address Translation
Packet Flow Sequence
Configuring Address Translation
Static NAT
Dynamic Network Address Translation
Static Port Address Translation
Dynamic Port Address Translation
Policy NAT/PAT
Bypassing Address Translation
Identity NAT
NAT Exemption
NAT Order of Operation
Integrating ACLs and NAT
DNS Doctoring
Monitoring Address Translations
IP Routing
Configuring Static Routes
Configuring RIP
Verifying the Configuration
Troubleshooting RIP
Scenario 1: RIP Version Mismatch
Scenario 2: RIP Authentication Mismatch
Scenario 3: Multicast or Broadcast Packets Blocked
Scenario 4: Correct Configuration and Behavior
Configuring OSPF
Enabling OSPF
Virtual Links
Configuring OSPF Authentication
Configuring the Cisco ASA as an ASBR
Stub Areas and NSSAs
ABR Type 3 LSA Filtering
OSPF neighbor Command and Dynamic Routing over VPN
Troubleshooting OSPF
Useful Troubleshooting Commands
Mismatched Areas
OSPF Authentication Mismatch
Troubleshooting Virtual Link Problems
IP Multicast
IP Multicast Routing
Configuring Multicast Routing
Enabling Multicast Routing
Statically Assigning an IGMP Group
Limiting IGMP States
IGMP Query Timeout
Defining the IGMP Version
Configuring Rendezvous Points
Configuring Threshold for SPT Switchover
Filtering RP Register Messages
PIM Designated Router Priority
PIM Hello Message Interval
Configuring a Static Multicast Route
Troubleshooting IP Multicast Routing
show Commands
debug Commands
Deployment Scenarios
Deploying OSPF
Deploying IP Multicast
Authentication, Authorization, and Accounting (AAA)
AAA Protocols and Services Supported by Cisco ASA
Microsoft Windows NT
Active Directory and Kerberos
Lightweight Directory Access Protocol
Defining an Authentication Server
Configuring Authentication of Administrative Sessions
Authenticating Telnet Connections
Authenticating SSH Connections
Authenticating Serial Console Connections
Authenticating Cisco ASDM Connections
Authenticating Firewall Sessions (Cut-Through Proxy Feature)
Authentication Timeouts
Customizing Authentication Prompts
Configuring Authorization
Command Authorization
Configuring Downloadable ACLs
Configuring Accounting
RADIUS Accounting
TACACS+ Accounting
Deployment Scenarios
Deploying Authentication, Command Authorization, and Accounting for Administrative Sessions
Deploying Cut-Through Proxy Authentication
Troubleshooting AAA
Troubleshooting Administrative Connections to Cisco ASA
Troubleshooting Firewall Sessions (Cut-Through Proxy)
Application Inspection
Enabling Application Inspection Using the Modular Policy Framework
Selective Inspection
Computer Telephony Interface Quick Buffer Encoding Inspection
Domain Name System
Extended Simple Mail Transfer Protocol
File Transfer Protocol
General Packet Radio Service Tunneling Protocol
Configuring GTP Inspection
H.323 Protocol Suite
H.323 Version Compatibility
Enabling H.323 Inspection
Direct Call Signaling and Gatekeeper Routed Control Signaling
Enabling HTTP Inspection
transfer-encoding type
Deployment Scenarios
Security Contexts
Architectural Overview
System Execution Space
Admin Context
Customer Context
Packet Flow in Multiple Mode
Packet Classification
Packet Forwarding Between Contexts
Configuration of Security Contexts
Step 1: Enabling Multiple Security Contexts Globally
Step 2: Setting Up the System Execution Space
Step 3: Specifying a Configuration URL
Step 4: Allocating the Interfaces
Step 5: Configuring an Admin Context
Step 6: Configuring a Customer Context
Step 7: Managing the Security Contexts (Optional)
Deployment Scenarios
Virtual Firewall Using Two Customer Contexts
Virtual Firewall Using a Shared Interface
Monitoring and Troubleshooting the Security Contexts
Transparent Firewalls
Architectural Overview
Single-Mode Transparent Firewall
Packet Flow in an SMTF
Multimode Transparent Firewall
Packet Flow in an MMTF
Transparent Firewalls and VPNs
Configuration of Transparent Firewall
Configuration Guidelines
Configuration Steps
Step 1: Enabling Transparent Firewalls
Step 2: Setting Up Interfaces
Step 3: Configuring an IP Address
Step 4: Configuring Interface ACLs
Step 5: Adding Static L2F Table Entries (Optional)
Step 6: Enabling ARP Inspection (Optional)
Step 7: Modifying L2F Table Parameters (optional)
Deployment Scenarios
SMTF Deployment
MMTF Deployment with Security Contexts
Monitoring and Troubleshooting the Transparent Firewall
Failover and Redundancy
Architectural Overview
Conditions that Trigger Failover
Failover Interface Tests
Stateful Failover
Hardware and Software Requirements
Types of Failover
Active/Standby Failover
Active/Active Failover
Asymmetric Routing
Failover Configuration
Active/Standby Failover Configuration
Step 1: Select the Failover Link
Step 2: Assign Failover IP Addresses
Step 3: Set the Failover Key (Optional)
Step 4: Designating the Primary Cisco ASA
Step 5: Enable Stateful Failover (Optional)
Step 6: Enable Failover Globally
Step 7: Configure Failover on the Secondary Cisco ASA
Active/Active Failover Configuration
Step 1: Select the Failover Link
Step 2: Assign Failover Interface IP Addresses
Step 3: Set Failover Key
Step 4: Designate the Primary Cisco ASA
Step 5: Enable Stateful Failover
Step 6: Set Up Failover Groups
Step 7: Assign Failover Group Membership
Step 8: Assign Interface IP Addresses
Step 9: Set Up Asymmetric Routing (Optional)
Step 10: Enable Failover Globally
Step 11: Configure Failover on the Secondary Cisco ASA
Optional Failover Commands
Specifying Failover MAC Addresses
Configuring Interface Policy
Managing Failover Timers
Monitoring Failover Interfaces
Zero-Downtime Software Upgrade
Deployment Scenarios
Active/Standby Failover in Single Mode
Active/Active Failover in Multiple Security Contexts
Monitoring and Troubleshooting Failovers
Quality of Service
Architectural Overview
Traffic Policing
Traffic Prioritization
Packet Flow Sequence
Packet Classification
IP Precedence Field
IP Access Control List
IP Flow
VPN Tunnel Group
QoS and VPN Tunnels
Configuring Quality of Service
Step 1: Set Up a Class Map
Step 2: Configure a Policy Map
Step 3: Apply the Policy Map on the Interface
Step 4: Tune the Priority Queue (Optional)
QoS Deployment Scenarios
QoS for VoIP Traffic
QoS for the Remote-Access VPN Tunnels
Monitoring QoS
Intrusion Prevention System (IPS) Solution
Intrusion Prevention System Integration
Adaptive Inspection Prevention Security Services Module Overview (AIP-SSM)
AIP-SSM Management
Inline Versus Promiscuous Mode
Directing Traffic to the AIP-SSM
AIP-SSM Module Software Recovery
Additional IPS Features
IP Audit
Configuring and Troubleshooting Cisco IPS Software via CLI
Cisco IPS Software Architecture
Network Access Controller
Introduction to the CIPS 5.x Command-Line Interface
Logging In to the AIP-SSM via the CLI
CLI Command Modes
Initializing the AIP-SSM
User Administration
User Account Roles and Levels
Administrator Account
Operator Account
Viewer Account
Service Account
Adding and Deleting Users by Using the CLI
Creating Users
Deleting Users
Changing Passwords
AIP-SSM Maintenance
Adding Trusted Hosts
SSH Known Host List
TLS Known Host List
Upgrading the CIPS Software and Signatures via the CLI
One-Time Upgrades
Scheduled Upgrades
Displaying Software Version and Configuration Information
Backing Up Your Configuration
Displaying and Clearing Events
Displaying and Clearing Statistics
Advanced Features and Configuration
IPS Tuning
Disabling and Retiring IPS Signatures
Custom Signatures
IP Logging
Automatic Logging
Manual Logging of Specific Host Traffic
Configuring Blocking (Shunning)
Virtual Private Network (VPN) Solution
Site-to-Site IPSec VPNs
Preconfiguration Checklist
Configuration Steps
Step 1: Enable ISAKMP
Step 2: Create the ISAKMP Policy
Step 3: Set the Tunnel Type
Step 4: Configure ISAKMP Preshared Keys
Step 5: Define the IPSec Policy
Step 6: Specify Interesting Traffic
Step 7: Configure a Crypto Map
Step 8: Apply the Crypto Map to an Interface
Step 9: Configuring Traffic Filtering
Step 10: Bypassing NAT (Optional)
Advanced Features
OSPF Updates over IPSec
Reverse Route Injection
NAT Traversal
Tunnel Default Gateway
Optional Commands
Perfect Forward Secrecy
Security Association Lifetimes
Phase 1 Mode
Connection Type
ISAKMP Keepalives
Deployment Scenarios
Single Site-to-Site Tunnel Configuration Using NAT-T
Fully Meshed Topology with RRI
Monitoring and Troubleshooting Site-to-Site IPSec VPNs
Monitoring Site-to-Site VPNs
Troubleshooting Site-to-Site VPNs
ISAKMP Proposal Unacceptable
Mismatched Preshared keys
Incompatible IPSec Transform Set
Mismatched Proxy Identities
Remote Access VPN
Cisco IPSec Remote Access VPN Solution
Configuration Steps
Step 1: Enable ISAKMP
Step 2: Create the ISAKMP Policy
Step 3: Configure Remote-Access Attributes
Step 4: Define the Tunnel Type
Step 5: Configure ISAKMP Preshared Keys
Step 6: Configure User Authentication
Step 7: Assign an IP Address
Step 8: Define the IPSec Policy
Step 9: Set Up a Dynamic Crypto Map
Step 10: Configure the Crypto Map
Step 11: Apply the Crypto Map to an Interface
Step 12: Configure Traffic Filtering
Step 13: Set Up a Tunnel Default Gateway (Optional)
Step 14: Bypass NAT (Optional)
Step 15: Set Up Split Tunneling (Optional)
Cisco VPN Client Configuration
Software-Based VPN Clients
Hardware-Based VPN Clients
Advanced Cisco IPSec VPN Features
Transparent Tunneling
NAT Traversal
IPSec over TCP
IPSec over UDP
IPSec Hairpinning
VPN Load-Balancing
Client Auto-Update
Client Firewalling
Personal Firewall Check
Central Protection Policy
Hardware based Easy VPN Client Features
Interactive Hardware Client Authentication
Individual User Authentication
Cisco IP Phone Bypass
Leap Bypass
Hardware Client Network Extension Mode
Deployment Scenarios of Cisco IPSec VPN
IPSec Hairpinning with Easy VPN and Firewalling
Load-Balancing and Site-to-Site Integration
Monitoring and Troubleshooting Cisco Remote Access VPN
Monitoring Cisco Remote Access IPSec VPNs
Troubleshooting Cisco IPSec VPN Clients
Cisco WebVPN Solution
Configuration Steps
Step 1: Enable the HTTP Service
Step 2: Enable WebVPN on the Interface
Step 3: Configure WebVPN Look and Feel
Step 4: Configure WebVPN Group Attributes
Step 5: Configure User Authentication
Advanced WebVPN Features
Port Forwarding
Configuring URL Mangling
E-Mail Proxy
Authentication Methods for E-Mail Proxy
Identifying E-Mail Servers for E-Mail Proxies
Windows File Sharing
WebVPN Access Lists
Deployment Scenarios of WebVPN
WebVPN with External Authentication
WebVPN with E-Mail Proxies
Monitoring and Troubleshooting WebVPN
Monitoring WebVPN
Troubleshooting WebVPN
SSL Negotiations
WebVPN Data Capture
E-Mail Proxy Issues
Public Key Infrastructure (PKI)
Introduction to PKI
Certificate Authority
Certificate Revocation List
Simple Certificate Enrollment Protocol
Enrolling the Cisco ASA to a CA Using SCEP
Generating the RSA Key Pair
Configuring a Trustpoint
Manual (Cut-and-Paste) Enrollment
Configuration for Manual Enrollment
Obtaining the CA Certificate
Generating the ID Certificate Request and Importing the ID Certificate
Configuring CRL Options
Configuring IPSec Site-to-Site Tunnels Using Certificates
Configuring the Cisco ASA to Accept Remote-Access VPN Clients Using Certificates
Enrolling the Cisco VPN Client
Configuring the Cisco ASA
Troubleshooting PKI
Time and Date Mismatch
SCEP Enrollment Problems
CRL Retrieval Problems
Adaptive Security Device�Manager
Introduction to ASDM
Setting Up ASDM
Uploading ASDM
Setting Up Cisco ASA
Accessing ASDM
Initial Setup
Startup Wizard
Functional Screens
Configuration Screen
Monitoring Screen
Interface Management
System Clock
Configuration Management
Remote System Management
System Maintenance
Software Installation
File Management
System Monitoring
System Logging
Firewall Management Using ASDM
Access Control Lists
Address Translation
Routing Protocols
Application Inspection
Security Contexts
Transparent Firewalls
IPS Management Using ASDM
Accessing the IPS Device Management Console from ASDM
Configuring Basic AIP-SSM Settings
Verifying Network Settings
Adding Allowed Hosts
Configuring NTP
Adding Users
Advanced IPS Configuration and Monitoring Using ASDM
Disabling and Enabling Signatures
Configuring Blocking
Creating Custom Signatures
Creating Event Action Filters
Installing Signature Updates and Software Service Packs
Configuring Auto-Update
VPN Management Using ASDM
Site-to-Site VPN Setup Using Preshared Keys
Site-to-Site VPN Setup Using PKI
Cisco Remote-Access IPSec VPN Setup
VPN Monitoring
Case Studies
Case Study 1: Deploying the Cisco ASA at Branch Offices and Small Businesses
Branch Offices
Small Business Partners
Case Study 2: Large Enterprise Firewall, VPN, and IPS Deployment
Internet Edge and DMZ
Filtering Websites
Remote Access VPN Cluster
Application Inspection
Case Study 3: Data Center Security with Cisco ASA
Free shipping on orders over $35*

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

Learn more about the TextbookRush Marketplace.