CCNASv2_InstructorPPT_CH10.pdf

Chapter 10: Advanced Cisco Adaptive Security Appliance CCNA Security v2.0

10.0 Introduction

10.1 ASA Security Device Manager 10.2 ASA VPN Configuration

10.3 Summary

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

2

Upon completion of this section, you should be able to: • Configure an ASA to provide basic firewall services using ASDM. • Configure an ASA to provide additional firewall services using ASDM wizards. • Configure management settings and services in an ASA using ASDM. • Configure object groups on an ASA.

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

3

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

4

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

5

Preparing the ASA 5505

Verify Connectivity to the ASA

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

6

ASDM Security Certificate

ASDM Launch Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

7

ASDM Security Warning - 1

ASDM Security Warning - 2

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

8

Authenticate to Use ASDM

Smart Call Home Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

9

ASDM Device Dashboard Page

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

10

ASDM Firewall Dashboard Page

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

11

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

12

Configuration View

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

13

Monitoring View

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

14

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

15

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

16

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

17

Startup Wizard Starting Point Window

Startup Wizard Basic Configuration Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

18

Startup Wizard Interface Selection Window

Startup Wizard Switch Port Allocation Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

19

Startup Wizard Interface IP Address Configuration Window

Startup Wizard DHCP Server Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

20

Startup Wizard Address Translation (NAT/PAT) Window

Startup Wizard Administrative Access Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

21

Startup Wizard Summary Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

22

ASDM VPN Wizards

ASDM Remote Access VPN Assistant

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

23

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

24

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

25

Configuration Device Setup Tab

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

26

Configuration Device Management Tab

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

27

Configuring Hostname, Domain Name, and Enable Password

Configuring a Master Passphrase

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

28

Configuring Legal Notification

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

29

Configuring Interfaces

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

30

Adding an Outside Interface

Change Switch Port Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

31

Adding an Outside Interface

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

32

Advanced Outside Interface Settings

Updated Interface Page

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

33

Verifying Interfaces

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

34

Enable Switch Ports

Apply Configuration

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

35

Manually Change the System Time

Use NTP to Change the System Time

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

36

Add an NTP Server

Configure an NTP Server

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

37

Apply the Configuration

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

38

Configuring Routing

Configuring a Default Static Route

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

39

Add or Edit Route Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Add Static Route Details

Cisco Public

40

Apply the Configuration

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

41

Configure ASDM/HTTPS/Telnet/SSH Access

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

42

Add Device Access Configuration Window

Configure SSH Settings

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

43

DHCP Server Page

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

44

Edit DHCP Server Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

45

Configuring DHCP Server Services

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

46

Verifying DHCP Server Services

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

47

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

48

Network Objects/Groups Page

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

49

Adding a Network Object/Group

Add Network Object Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

50

Add Network Object Group Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

51

Service Objects/Group Page

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

52

Adding a Service Object/Group

Add Service Object Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

53

Add Service Object Group Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

54

ACLs in ASDM

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

55

Add Access Rule Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Diagramming Access Rules

Cisco Public

56

Add Network Object Window

Creating a Network Object for Public Addresses

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

57

Creating a Network Object for Dynamic NAT

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

58

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

59

Static NAT in ASDM

Advanced Static NAT Settings in ASDM

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

60

User Accounts Page

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

61

Add User Account Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

62

AAA Server Groups Page

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

63

Add AAA Server Group Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Add AAA Server Window

Cisco Public

64

Completed AAA Server Groups Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

65

AAA Access Page

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

66

AAA Access > Authentication Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

67

Service Policy in ASDM

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

68

Configure a Service Policy

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

69

Configure Traffic Classification Criteria

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

70

Configure Actions

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

71

Upon completion of this section, you should be able to: • Explain how the ASA supports site-to-site VPNs. • Configure remote-access VPNs on an ASA. • Configure remote-access VPN support using a clientless SSL VPN. • Configure remote-access VPN support using Cisco AnyConnect.

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

72

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

73

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

74

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

75

Basic ISR Configuration

Configure the ISAKMP Policy

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

76

Configure the IPsec and VPN ACL

Configure and Apply the Crypto Map

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

77

Basic ISR Configuration

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

78

Introduction Window

Peer Device Identification Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

79

Traffic to Protect Window

Security Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

80

NAT Exempt Window

Summary Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

81

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

82

Establish the VPN Tunnel Connection to the Remote Network

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

83

Monitoring the VPN Tunnel

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

84

Verify VPN Tunnel Connectivity from the External Host

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

85

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

86

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

87

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

88

Comparing IPsec and SSL

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

89

Remote Access VPN Wizards

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

90

Cisco ASA SSL Remote Access VPN Solutions

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

91

Cisco ASA Clientless SSL VPN Deployment

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

92

Clientless Login Web page

Web Portal Home Page

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

93

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

94

AnyConnect Connection Window

AnyConnect Authenticate Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

95

AnyConnect Authenticated Window

AnyConnect Statistics Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

96

Cisco AnyConnect Secure Mobility Client is available on the following platforms: • iOS • Android • BlackBerry

• Windows Mobile

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

97

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

98

ASDM Assistant

Clientless VPN Wizard

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

99

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

100

Clientless SSL VPN Introduction Window

SSL VPN Interface Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

101

User Authentication Window

Group Policy Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

102

Bookmark List Window

Configure GUI Customization Objects Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

103

Add Bookmark List Window

Select Bookmark Type Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

104

Add Bookmark Window

Revised Add Bookmark List Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

105

Revised Configure GUI Customization Objects Window

Revised Bookmark List Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

106

Summary Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

107

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

108

Security Certificate Window

Logon Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

109

Web Portal Home Page

Web Portal Web Access Page

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

110

Web Portal File Access Page

Log Out of the Web Portal

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

111

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

112

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

113

ASDM Assistant

Client-Based VPN Wizard

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

114

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

115

AnyConnect VPN Wizard Introduction Window

Connection Profile Identification Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

116

VPN Protocols Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

117

Client Images Window

Add AnyConnect Client Image Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

118

Browse Flash Window

Add AnyConnect Client Image Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

119

Completed Client Images Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

120

Authentication Methods Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

121

Client Address Management Window

Add IPv4 Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

122

Completed Client Address Management Window

Network Name Resolution Servers Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

123

Completed Network Name Resolution Servers Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

124

NAT Exempt Window

Completed NAT Exempt Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

125

AnyConnect Client Deployment

Summary Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

126

AnyConnect Connection Profiles Page

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

127

Verifying the Client-Based Configuration

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

128

Security Certificate Window

Logon Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

129

Cisco AnyConnect VPN Client Window

Manual Installation Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

130

Run Installer Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

131

Cisco AnyConnect VPN Client Setup Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

132

End-User Agreement Window

User Account Control Security Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

133

Ready to Install AnyConnect Client

Installing the AnyConnect Client

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

134

Complete Cisco AnyConnect VPN Installation

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

135

Start the Cisco AnyConnect VPN Cisco

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco AnyConnect VPN Client Window

Cisco Public

136

Cisco AnyConnect VPN Connect Window

Certificate Security Warning Window

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

137

Cisco AnyConnect VPN Authentication Window Cisco AnyConnect VPN Icon in System Tray

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

138

Cisco AnyConnect VPN Client Status

© 2013 Cisco and/or its affiliates. All rights reserved.

Verifying Connectivity to Internal Network

Cisco Public

139

AnyConnect SSL VPN Configuration settings: • NAT • WebVPN • Group policy • Tunnel group

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

140

Chapter Objectives: • Implement an ASA firewall configuration. • Configure remote-access VPNs on an ASA.

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

141

Thank you.

• Remember, there are

helpful tutorials and user guides available via your NetSpace home page. (https://www.netacad.com)

1 2

• These resources cover a

variety of topics including navigation, assessments, and assignments. • A screenshot has been

provided here highlighting the tutorials related to activating exams, managing assessments, and creating quizzes.

© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

143