header
headerhomeService AreasCourse CatalogTraining SchedulesEnrollAbout UsCareers
   

 

Securing Networks with ASA Advanced (SNAA)

5-day Cisco Course v1.0 | Cisco Security Appliance Software v8.0 | Prepares you for Cisco Exam 642-515 SNAA

Course Description

In this Authorized Cisco course, you will take your knowledge and skills on configuring, maintaining, and operating Cisco ASA 5500 Series Adaptive Security Appliance to the next level. Recommended training for the Cisco Certified Security Professional (CCSP) certification, SNAA takes over where SNAF leaves off, covering advanced topics of the Adaptive Security Appliance. We have added depth to the existing Cisco-developed hands-on labs for SNAA. Our advanced hands-on labs, delivered on an enhanced topology designed to simulate a typical production network, guide you through exercises such as managing digital certificates for IPSec and SSL VPNs, deep packet inspection, and using the 5505 in the SOHO environment.

Our labs utilize ASA 5520 security appliances, though this course and lab content is applicable across the ASA and PIX families of security appliances. This course covers the features and syntax of Cisco Security Appliance Software v8.0. Note: The sections covering SSL VPN and the Security Services Modules are ASA-specific, as these features are not supported on the PIX firewall.

 

Course Objectives

What you will learn:

  • Use advanced NAT features such as policy-based NAT
  • Use advanced modular policy framework for deep packet inspection of application protocols such as HTTP and FTP
  • How the multimedia protocols are handled and configured by the modular policy framework of the security appliance at Layer 3, 4, and 7
  • Configure the security appliance to support multiple VLANs on a single physical interface
  • Configure dynamic routing capabilities of the appliance
  • Use advanced IPSec VPN technologies including peer authentication using digital certificates
  • Steps necessary to configure the ASA as a CA Server
  • Configure the IPSec VPN Client using digital certificates
  • Configure the advanced Easy VPN Server features of the ASA
  • Necessary configuration for the ASA 5505 to be a VPN hardware client
  • Steps to configure QoS for VPN traffic
  • SSL VPN features and capabilities of the security appliance
  • Enable clientless SSL VPNs with the security appliance
  • Enable AnyConnect SSL VPN Client with the security appliance
  • Enable the Cisco Secure Desktop with the security appliance to increase the security posture of SSL VPN connections
  • Enable Dynamic Access Policy for remote access IPsec or SSL VPN
  • Characteristics of the security services modules for the ASA
  • Configure, inspect, and filter traffic with the Content Security and Control SSM
  • Configure the AIP-SSM to identify and alert for common attacks

Intended Audience

  • The primary audience for this course is as follows:
    • Cisco customers who implement and maintain Cisco ASA security appliances
  • The secondary audience for this course is as follows:
    • Cisco channel partners who sell, implement, and maintain ASA security appliances
    • Cisco engineers who support the sale of ASA security appliances

Prerequisites

 

Course Outline

  1. Advanced ASA NAT
    • Applying NAT 0 and Policy NAT
  2. Advanced Protocol Handling
    • Applying the Cisco Modular Policy Framework
    • Handling Advanced Protocol
  3. Dynamic Routing and Switching
    • Switching with VLANs
    • Routing with Dynamic Protocols
  4. IPsec VPNs
    • Understanding IPsec and Digital Certificates
    • Implementing Site-to-Site VPNs with Digital Certificates
    • Configuring the Cisco VPN Client
    • Implementing Remote Access VPNs with Digital Certificates
    • Configuring Advanced Remote Access Features and Policy
    • Configuring the ASA 5505 as an Easy VPN Hardware Client
    • IPsec VPNs and QoS
  5. SSL VPNs
    • SSL VPN Technology Overview
    • Configuring Clientless SSL VPNs
    • Configuring Full Network Access SSL VPNs
    • Cisco Secure Desktop
  6. Security Services Modules
    • Examining the SSMs
    • CSC-SSM: Getting Started
    • AIP-SSM: Getting Started

 

Course Labs

  • Lab 1: Advanced NAT
  • Lab 2: Modular Policy Framework: FTP and HTTP
  • Lab 3: Dynamic Routing: EIGRP and OSPF
  • Lab 4: Site-to-Site VPN with Digital Certificates
  • Lab 5: Remote Access VPN with Digital Certificates
  • Lab 6: ASA 5505 Hardware Client
  • Lab 7: SSL VPN: Clientless and Thin Client
  • Lab 8: SSL VPN: AnyConnect Client
  • Lab 9: Cisco Secure Desktop and Dynamic Access Policies
  • Lab 10: The AIP-SSM


TOP

 
 

Course Description

Course Objectives

Intended Audience

Prerequisites

Course Outline

Course Labs

 

 
 

 

    
 
Course Catalog Training Schedules Enroll Training Locations Cancellation Policy Contact Us Related Links Site Map
Service Areas Careers About Us Customer Quotes News & Events
 

CCIP, CCIE, CCDA, CCDP, CCNP, CCNA, VLANDirector, TrafficDirector, CiscoWorks 2000, ONS 15454 Secure PIX Firewal, Secure Virtual Private Networks, Cisco, Cisco Systems, Cisco Systems Logo, Catalyst, EtherChannel, IOS and LightStream are registered trademarks of Cisco Systems, Inc. or its affiliates in the US and certain other countries.