Duration: 5 Day Hands-On Lab & Lecture Course
Securing Networks with ASA Advanced (SNAA) v1.0 is a five-day, instructor-led, lab-intensive course, which teaches the knowledge and skills needed advanced configuration, maintenance, and operation Cisco ASA 5500 Series Adaptive Security Appliances
In SNAA 1.0, lessons have been updated to cover new features in Cisco ASA Security Appliance Software Version 8.0(2), including the following:
- Policy NAT
- Modular policy framework enhancements
- ASA 5505 VLAN configuration
- EIGRP routing
- FTP support for SSL VPN
- Onscreen keyboard for the SSL VPN
- Administrator-defined customization of all SSL VPN user-visible content
- Personal bookmarks for SSL VPN users
- ASA as a local certificate authority
- Cisco AnyConnect client configuration
- Cisco Secure Desktop version 3.2
- Dynamic Access Policy
- Securing Networks with ASA Advanced (SNAA) v1.0 replaces the Cisco Secure Virtual Private Networks (CSVPN) course & portions of the Securing Networks with PIX and ASA (SNPA) course.
In order to cover new features in ASA software v8.0 and to fully cover the VPN features of the ASA, the content of SNPA was split into two courses, one that covers the fundamentals, SNAF, and one that covers more advanced topics, SNAA.
SNAA also utilizes the graphical user interface instead of the command line interface for explanation and discussions of configuring the ASA.
Upon completing this course, the learner will be able to meet these overall objectives:
- Configure policy NAT based on traffic type.
- Describe the layer 7 modular policy framework for the security appliance and how it is configured.
- Describe the layer 7 advanced protocol handling capabilities of modular policy frame and how it is configured.
- Identify the steps need to configure the security appliance to segment traffic with VLANs.
- Identify the steps need to configure the security appliance to configure the ASA for dynamic routing.
- Explain the components of IPsec and the functionality of IPsec and explain what digital certificates are and how they are used.
- Identify the steps needed to configure the security appliance to establish LAN-to-LAN tunnels with the digital certificate.
- Identify the necessary steps to configure the IPSec VPN Client using digital certificates.
- Identify the necessary steps to configure the security appliance for remote access using digital certificates.
- Explain the advanced remote access features of the ASA.
- Determine the necessary configuration for the ASA 5505 to be a VPN hardware client.
- Identify the steps to configure QoS for VPN traffic.
- List the steps needed to configure the WebVPN functionality of the security appliance.
- Identify the basic clientless SSL VPN features of the security appliance
- Configure full network access SSL VPNs using the AnyConnect Client.
- List the feature and functionality of the Cisco Secure Desktop.
- Configure CSD and DAP for SSL VPN connections on the Cisco ASA.
- Identify and list the characteristics of the services modules for the ASA.
- Identify the steps needed to configure, inspect, and filter traffic with the Content Security and Control SSM.
- Identify the steps needed to configure the security appliance to identify, alert, and defend against attacks.
Who Should Attend
The primary audience for this course is as follows:
- Cisco customers who implement and maintain Cisco ASA security appliances
The secondary audience for this course is as follows:
- Cisco channel partners who sell, implement, and maintain ASA security appliances
- Cisco engineers who support the sale of ASA security appliances