Chapter 10: Advanced Cisco Adaptive Security Appliance

Section 10.1: ASA Security Device Manager

ASDM Configuration and Monitoring Views (Cont.)

Topic 10.1.3: Configuring Management Settings and Services

Configuring Basic Settings in ASDM (Cont.)

Configuring the System Time in ASDM (Cont.)

Configuring Device Management Access in ASDM

Configuring Device Management Access in ASDM (Cont.)

Configuring DHCP Services in ASDM (Cont.)

Topic 10.1.4: Configuring Advanced ASDM Features

Configuring a Service Policy Using ASDM (Cont.)

Configuring the ISR Site-to-Site VPNs Using the CLI

Configuring the ISR Site-to-Site VPNs Using the CLI (Cont.)

Configuring the ASA Site-to-Site VPNs Using ASDM

Configuring the ASA Site-to-Site VPNs Using ASDM (Cont.)

Test the Site-to-Site VPNs Using ASDM (Cont.)

Cisco AnyConnect Secure Mobility Client (Cont.)

Topic 10.2.3: Configuring Clientless SSL VPN

Configuring Clientless SSL VPN on an ASA

Testing the Clientless SSL VPN Connection

Testing the Clientless SSL VPN Connection (Cont.)

Topic 10.2.4: Configuring AnyConnect SSL VPN

29.86M

Категории:

Интернет

Программное обеспечение

Похожие презентации:

Implementing the Cisco Adaptive Security. (Chapter 9)

Implementing virtual private networks. (Chapter 8)

Cisco Reference Design Icon Library

Protecting the Network

Security Monitoring

Routing concepts

Network Security Infrastructure

CCNA Security

It’s a network. (Chapter 11)

Application Layer

Advanced Cisco Adaptive Security Appliance. (Chapter 10)

1. Chapter 10: Advanced Cisco Adaptive Security Appliance

CCNA Security v2.0

2. Chapter Outline

10.0 Introduction
10.1 ASA Security Device
Manager
10.2 ASA VPN Configuration
10.3 Summary
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
2

3. Section 10.1: ASA Security Device Manager

Upon completion of this section, you should be able to:
• Configure an ASA to provide basic firewall services using ASDM.
• Configure an ASA to provide additional firewall services using ASDM wizards.
• Configure management settings and services in an ASA using ASDM.
• Configure object groups on an ASA.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
3

4. Topic 10.1.1: Introduction to ASDM

5. Overview of ASDM

6. Preparing for ASDM

Preparing the ASA
5505
Verify Connectivity to
the ASA
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
6

7. Starting ASDM

ASDM Security
Certificate
ASDM Launch
Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
7

8. Starting ASDM (Cont.)

ASDM Security
Warning - 1
ASDM Security
Warning - 2
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
8

9. Starting ASDM (Cont.)

Authenticate to Use
ASDM
Smart Call Home
Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
9

10. ASDM Home Page Dashboards

ASDM Device Dashboard Page
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
10

11. ASDM Home Page Dashboards (Cont.)

ASDM Firewall Dashboard Page
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
11

12. ASDM Page Elements

13. ASDM Configuration and Monitoring Views

Configuration View
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
13

14. ASDM Configuration and Monitoring Views (Cont.)

Monitoring View
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
14

15. Configure and Access on an ASA5505

16. Topic 10.1.2: ASDM Wizard Menu

17. ASDM Wizards

18. The Startup Wizard

Startup Wizard Starting
Point Window
Startup Wizard Basic
Configuration Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
18

19. The Startup Wizard (Cont.)

Startup Wizard Interface
Selection Window
Startup Wizard Switch
Port Allocation Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
19

20. The Startup Wizard (Cont.)

Startup Wizard Interface IP
Address Configuration Window
Startup Wizard DHCP
Server Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
20

21. The Startup Wizard (Cont.)

Startup Wizard Address
Translation (NAT/PAT) Window
Startup Wizard Administrative
Access Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
21

22. The Startup Wizard (Cont.)

Startup Wizard Summary Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
22

23. Different Types of VPN Wizards

ASDM VPN Wizards
ASDM Remote
Access VPN
Assistant
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
23

24. Other Wizards

25. Topic 10.1.3: Configuring Management Settings and Services

26. Configuring Settings in ASDM

Configuration Device Setup Tab
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
26

27. Configuring Settings in ASDM (Cont.)

Configuration Device Management Tab
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
27

28. Configuring Basic Settings in ASDM

Configuring Hostname, Domain
Name, and Enable Password
Configuring a Master
Passphrase
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
28

29. Configuring Basic Settings in ASDM (Cont.)

Configuring Legal Notification
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
29

30. Configuring Interfaces in ASDM

Configuring Interfaces
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
30

31. Configuring Interfaces in ASDM (Cont.)

Adding an Outside Interface
Change Switch Port Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
31

32. Configuring Interfaces in ASDM (Cont.)

Adding an Outside Interface
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
32

33. Configuring Interfaces in ASDM (Cont.)

Advanced Outside Interface Settings
Updated Interface Page
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
33

34. Configuring Interfaces in ASDM (Cont.)

Verifying Interfaces
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
34

35. Configuring Interfaces in ASDM (Cont.)

Enable Switch Ports
Apply
Configuration
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
35

36. Configuring the System Time in ASDM

Manually Change
the System Time
Use NTP to Change the
System Time
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
36

37. Configuring the System Time in ASDM (Cont.)

Add an NTP Server
Configure an NTP Server
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
37

38. Configuring the System Time in ASDM (Cont.)

Apply the Configuration
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
38

39. Configuring Routing in ASDM

Configuring Routing
Configuring a Default
Static Route
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
39

40. Configuring Routing in ASDM (Cont.)

Add or Edit Route Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Add Static Route Details
Cisco Public
40

41. Configuring Routing in ASDM (Cont.)

Apply the Configuration
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
41

42. Configuring Device Management Access in ASDM

Configure ASDM/HTTPS/Telnet/SSH Access
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
42

43. Configuring Device Management Access in ASDM (Cont.)

Add Device Access Configuration Window
Configure SSH Settings
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
43

44. Configuring DHCP Services in ASDM

DHCP Server Page
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
44

45. Configuring DHCP Services in ASDM (Cont.)

Edit DHCP Server Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
45

46. Configuring DHCP Services in ASDM (Cont.)

Configuring DHCP Server Services
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
46

47. Configuring DHCP Services in ASDM (Cont.)

Verifying DHCP Server Services
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
47

48. Topic 10.1.4: Configuring Advanced ASDM Features

49. Objects in ASDM

Network Objects/Groups Page
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
49

50. Objects in ASDM (Cont.)

51. Objects in ASDM (Cont.)

52. Objects in ASDM (Cont.)

53. Objects in ASDM (Cont.)

54. Objects in ASDM (Cont.)

55. Configuring ACLs Using ASDM

56. Configuring ACLs Using ASDM (Cont.)

57. Configuring Dynamic NAT in ASDM

58. Configuring Dynamic NAT in ASDM (Cont.)

59. Configuring Dynamic PAT in ASDM

60. Configuring Static NAT in ASDM

61. Configuring AAA Authentication

62. Configuring AAA Authentication (Cont.)

63. Configuring AAA Authentication (Cont.)

64. Configuring AAA Authentication (Cont.)

65. Configuring AAA Authentication (Cont.)

66. Configuring AAA Authentication (Cont.)

67. Configuring AAA Authentication (Cont.)

68. Configuring a Service Policy Using ASDM

69. Configuring a Service Policy Using ASDM (Cont.)

70. Configuring a Service Policy Using ASDM (Cont.)

71. Configuring a Service Policy Using ASDM (Cont.)

72. Section 10.2: ASA VPN Configuration

Upon completion of this section, you should be able to:
• Explain how the ASA supports site-to-site VPNs.
• Configure remote-access VPNs on an ASA.
• Configure remote-access VPN support using a clientless SSL VPN.
• Configure remote-access VPN support using Cisco AnyConnect.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
72

73. Topic 10.2.1: Site-to-Site VPNs

74. ASA Support for Site-to-Site VPNs

75. ASA Site-to-Site VPNs Using ASDM

76. Configuring the ISR Site-to-Site VPNs Using the CLI

77. Configuring the ISR Site-to-Site VPNs Using the CLI (Cont.)

78. Configuring the ASA Site-to-Site VPNs Using ASDM

79. Configuring the ASA Site-to-Site VPNs Using ASDM (Cont.)

80. Configuring the ASA Site-to-Site VPNs Using ASDM (Cont.)

81. Configuring the ASA Site-to-Site VPNs Using ASDM (Cont.)

82. Verifying Site-to-Site VPNs Using ASDM

83. Test the Site-to-Site VPNs Using ASDM

84. Test the Site-to-Site VPNs Using ASDM (Cont.)

85. Test the Site-to-Site VPNs Using ASDM (Cont.)

86. Topic 10.2.2: Remote-Access VPNs

87. Remote-Access VPN Options

88. IPsec Versus SSL

89. IPsec Versus SSL (Cont.)

90. ASA SSL VPNs

91. ASA SSL VPNs (Cont.)

92. Clientless SSL VPN Solution

93. Clientless SSL VPN Solution (Cont.)

94. Client-Based SSL VPN Solution

95. Cisco AnyConnect Secure Mobility Client

96. Cisco AnyConnect Secure Mobility Client (Cont.)

97. AnyConnect for Mobile Devices

Cisco AnyConnect Secure Mobility Client is available on the following
platforms:
• iOS
• Android
• BlackBerry
• Windows Mobile
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
97

98. Topic 10.2.3: Configuring Clientless SSL VPN

99. Configuring Clientless SSL VPN on an ASA

ASDM Assistant
Clientless VPN
Wizard
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
99

100. Sample Clientless VPN Topology

101. Clientless SSL VPN

Introduction Window
SSL VPN Interface
Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
101

102. Clientless SSL VPN (Cont.)

User Authentication
Window
Group Policy Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
102

103. Clientless SSL VPN (Cont.)

Bookmark List Window
Configure GUI Customization
Objects Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
103

104. Clientless SSL VPN (Cont.)

Add Bookmark List
Window
Select Bookmark Type
Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
104

105. Clientless SSL VPN (Cont.)

Add Bookmark Window
Revised Add Bookmark List
Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
105

106. Clientless SSL VPN (Cont.)

Revised Configure GUI
Customization Objects Window
Revised Bookmark List
Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
106

107. Clientless SSL VPN (Cont.)

Summary Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
107

108. Verifying Clientless SSL VPN

109. Testing the Clientless SSL VPN Connection

Security Certificate Window
Logon Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
109

110. Testing the Clientless SSL VPN Connection (Cont.)

Web Portal Home Page
Web Portal Web Access
Page
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
110

111. Testing the Clientless SSL VPN Connection (Cont.)

Web Portal File Access Page
Log Out of the Web Portal
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
111

112. Viewing the Generated CLI Config

113. Topic 10.2.4: Configuring AnyConnect SSL VPN

114. Configuring SSL VPN AnyConnect

ASDM Assistant
Client-Based VPN Wizard
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
114

115. Sample SSL VPN Topology

116. AnyConnect SSL VPN

AnyConnect VPN Wizard
Introduction Window
Connection Profile
Identification Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
116

117. AnyConnect SSL VPN (Cont.)

VPN Protocols Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
117

118. AnyConnect SSL VPN (Cont.)

Client Images Window
Add AnyConnect
Client Image Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
118

119. AnyConnect SSL VPN (Cont.)

Browse Flash Window
Add AnyConnect
Client Image Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
119

120. AnyConnect SSL VPN (Cont.)

Completed Client Images Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
120

121. AnyConnect SSL VPN (Cont.)

Authentication Methods Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
121

122. AnyConnect SSL VPN (Cont.)

Client Address
Management Window
Add IPv4 Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
122

123. AnyConnect SSL VPN (Cont.)

Completed Client Address
Management Window
Network Name Resolution
Servers Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
123

124. AnyConnect SSL VPN (Cont.)

Completed Network Name Resolution Servers Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
124

125. AnyConnect SSL VPN (Cont.)

NAT Exempt Window
Completed NAT Exempt
Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
125

126. AnyConnect SSL VPN (Cont.)

AnyConnect Client
Deployment
Summary Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
126

127. Verifying AnyConnect Connection

AnyConnect Connection Profiles Page
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
127

128. Verifying AnyConnect Connection (Cont.)

Verifying the Client-Based Configuration
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
128

129. Install the AnyConnect Client

Security Certificate Window
Logon Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
129

130. Install the AnyConnect Client (Cont.)

Cisco AnyConnect VPN Client
Window
Manual Installation Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
130

131. Install the AnyConnect Client (Cont.)

Run Installer Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
131

132. Install the AnyConnect Client (Cont.)

Cisco AnyConnect VPN Client Setup Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
132

133. Install the AnyConnect Client (Cont.)

End-User Agreement Window
User Account Control Security Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
133

134. Install the AnyConnect Client (Cont.)

Ready to Install AnyConnect Client
Installing the AnyConnect Client
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
134

135. Install the AnyConnect Client (Cont.)

Complete Cisco AnyConnect VPN Installation
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
135

136. Install the AnyConnect Client (Cont.)

Start the Cisco AnyConnect VPN
Cisco
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco AnyConnect VPN Client
Window
Cisco Public
136

137. Install the AnyConnect Client (Cont.)

Cisco AnyConnect VPN Connect Window
Certificate Security Warning Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
137

138. Install the AnyConnect Client (Cont.)

Cisco AnyConnect VPN Authentication
Window
Cisco AnyConnect VPN Icon in
System Tray
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
138

139. Install the AnyConnect Client (Cont.)

Cisco AnyConnect VPN
Client Status
© 2013 Cisco and/or its affiliates. All rights reserved.
Verifying Connectivity to Internal
Network
Cisco Public
139

140. Viewing the Generated CLI Config

AnyConnect SSL
VPN Configuration
settings:
• NAT
• WebVPN
• Group policy
• Tunnel group
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
140

141. Section 10.3: Summary

Chapter Objectives:
• Implement an ASA firewall configuration.
• Configure remote-access VPNs on an ASA.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
141

142.

Thank you.

143. Instructor Resources

• Remember, there are
helpful tutorials and user
guides available via your
NetSpace home page.
(https://www.netacad.com)
1
2
• These resources cover a
variety of topics including
navigation, assessments,
and assignments.
• A screenshot has been
provided here highlighting
the tutorials related to
activating exams, managing
assessments, and creating
quizzes.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
143

English Русский Правила