ASA Lab Camp 9.5
Course ID
91550
Course Description
Based on our enhanced SASAC v1.0 and SASAA v2.1 courses, this exclusive, lab-based course, provides you with your own set of equipment, giving you the Adaptive Security Appliance (ASA) 9.x and ASA SFR-based lab experience in just five days. This course provides 29 different lab scenarios using Cisco equipment such as: ASA v9.5, ASA 5515-X NGFW (Next-Generation Firewall SFR), Access Control Server (ACS 5.4), Context Directory Agent (CDA), Catalyst switch, Integrated Services Router (ISR), and ASA 55x5.
A typical day will begin with an informal white board lecture by the instructor, covering topics associated with the day's labs. Afterwards, you will be free to work on the labs at your own pace and to experiment in the lab environment. Of course, the instructor will remain available to assist as needed.
ASA 9.5 labs can be run in any order, any number of times. ASA-SFR labs will be run consecutively. With the exception of two labs that require two pods to work together, no coordination with other students is necessary.
Prerequisites
Knowledge of the Cisco ASA
Audience
Network engineers supporting Cisco ASA 9.x implementations
Course Content
WHAT YOU'LL LEARN
Fundamental ASA configuration from the CLI and ASDM
Administrative access using AAA, TACACS+, and Cisco ACS 5.x
Object (auto) NAT and manual (twice) NAT
Access control and troubleshooting tools
Application inspection and control (deep packet inspection)
ASAv using 9.4 code
Equal cost multipathing using ASA security zones
Policy Based Routing on the ASA
ACL enhancements including forward reference and manual commit
Using the REST API to configure the ASA
Configuring BGP support on the ASA using 9.4 code
Bootstrapping and configuring the SFR 6.0 software module
Deploying Cisco Context Directory Agent (CDA) with Active Directory
Features of Cisco ASA 5500-X Series Next-Generation Firewalls (NGFW ASA SFR)
SFR (FirePOWER Services) software module integration using FirePOWER Management Center 6.0 and access control, intrusion prevention, file policy, network discovery, Active Directory integration, user based access control, DNS, URL, and SSL policy
Cloud Web Security (ScanSafe) integration
Threat and botnet detection
Dynamic routing
Transparent firewall and bridge groups
Basic and advanced clientless SSL VPN
Full tunnel SSL VPN using AnyConnect 3.x Secure Mobility Client
Remote Access IPsec IKEv2 using AnyConnect 3.x
Easy VPN remote for the SOHO using ASA 5505
External AAA authentication of VPN users
PKI and VPN integration
Host scan and dynamic access policies (DAP) for VPN
IPsec VPN site-to-site between ASAs and with IOS router
ASA and ISE integration for TrustSec Firewall using Security Group Tags
Active/standby failover
ASA clustering including local and spanned EtherChannel