You are previewing CCSP Self-Study: Cisco Secure PIX Firewall Advanced (CSPFA), Second Edition.
O'Reilly logo
CCSP Self-Study: Cisco Secure PIX Firewall Advanced (CSPFA), Second Edition

Book Description

Cisco authorized self-study book for CCSP 642-521 foundation learning

  • Gain proficiency with new features of PIX Firewall version 6.3, including OSPF, 802.1Q VLANs, NAT-T, and more

  • Learn the ins and outs of the PIX product family and its complete feature set

  • Use the PIX Device Manager (PDM) 3.0 to configure and manage the PIX Firewall

  • Use advanced techniques to control traffic on your network using ACLs (access control lists), content filtering, and object groups

  • Improve security using PIX Firewall attack guards, intrusion detection, and shunning features

  • Learn about techniques and security considerations for configuring OSPF on PIX Firewall version 6.3

  • Configure scalable site-to-site and client remote access VPNs using the PIX Firewall version 6.3

  • Configure high-availability solutions using stateful and LAN-based failover techniques

  • Use logical interfaces and 802.1Q trunks to scale your PIX Firewall implementation

  • Master enterprise management and maintenance techniques using CiscoWorks Management Center for Firewalls 1.2 and Auto Update Server 1.1

  • Configure the PIX Firewall Services Module (FWSM)

The use of firewalls-devices residing at the network perimeter to protect against intrusion-is an essential building block to even the most basic security program. Cisco Systems has continued the support and development of the PIX OS to provide networks top-notch security while maintaining compatibility with the latest standards and protocols. Now offered in many models, the PIX Firewall is perfectly suited to meet the requirements of small offices (501 model), medium to large businesses (506E, 515E, and 525 models), and large enterprise and service provider customers (525 and 535 models and the Firewall Services Module). CCSP Self-Study: Cisco Secure PIX Firewall Advanced (CSPFA), Second Edition, offers in-depth configuration and deployment information for this popular and versatile firewall solution.

CCSP Self-Study: Cisco Secure PIX Firewall Advanced (CSPFA), Second Edition, teaches you the skills needed to configure and operate the PIX Firewall product family. Chapter overviews bring you quickly up to speed and help you get to work right away. Lab exercises and scenario-based solutions allow you to adapt configurations to your network for rapid implementation, helping you make the most of your PIX Firewall. Chapter-ending review questions test your knowledge. PIX Device Manager (PDM) configuration procedures are presented to complement extensive coverage of traditional CLI commands.

Whether you are looking for a reference guide on working with the various PIX Firewall models or seeking a study tool for the CSPFA 642-521 exam, CCSP Self-Study: Cisco Secure PIX Firewall Advanced (CSPFA), Second Edition, supports your effective use of the PIX Firewall.

CCSP Self-Study: Cisco Secure PIX Firewall Advanced (CSPFA), Second Edition, is part of a recommended learning path from Cisco Systems that can include simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

This volume is in the Certification Self-Study Series offered by Cisco Press. Books in this series provide officially developed training solutions to help networking professionals understand technology implementations and prepare for the Cisco Career Certifications examinations.

Table of Contents

  1. Copyright
    1. Dedications
  2. About the Author
  3. About the Technical Reviewers
  4. Acknowledgments
  5. Icons Used in This Book
  6. Command Syntax Conventions
  7. Foreword
  8. Introduction
    1. Who Should Read This Book?
    2. Motivation for the Book
    3. How to Use This Book
  9. I. Introduction and Overview
    1. 1. The Cisco Role in Network Security
      1. Why Network Security Is Necessary
      2. Types of Security Threats
      3. Network Attacks
        1. Reconnaissance Attacks
        2. Access Attacks
          1. Unauthorized Data Retrieval
          2. Unauthorized System Access
          3. Unauthorized Privilege Escalation
        3. DoS Attacks
      4. Implementing Network Security
        1. Securing the System
        2. Monitoring the Network
        3. Testing Security
        4. Improving Security
      5. Cisco AVVID and SAFE
        1. Cisco AVVID Framework
        2. SAFE Blueprint Overview
        3. SAFE Benefits
      6. Summary
      7. Chapter Review Questions
    2. 2. Cisco PIX Firewall Technology and Features
      1. Types of Firewalls
        1. Packet Filters
        2. Proxy Server
        3. Stateful Packet Filters
      2. PIX Firewall Overview
        1. Finesse Operating System
        2. ASA
        3. Cut-Through Proxy
        4. Stateful Packet Filtering
        5. Failover
      3. Summary
      4. Chapter Review Questions
    3. 3. The Cisco PIX Firewall Family
      1. PIX Firewall 500 Series Models
        1. PIX Firewall 501
        2. PIX Firewall 506E
        3. PIX Firewall 515E
        4. PIX Firewall 525
        5. PIX Firewall 535
      2. FWSM
      3. PIX Firewall Licensing
        1. Basic License Options
        2. VPN License Options
      4. Summary
      5. Chapter Review Questions
  10. II. Getting Started with Cisco PIX Firewall
    1. 4. Implementing Cisco PIX Firewall in the Network
      1. Design Considerations
      2. DMZs
      3. Choosing the Appropriate PIX Firewall Model
      4. Implementation Scenarios
        1. Enterprise Network Scenario
          1. Connections and Equipment List for the Enterprise Network
          2. Task List for the Enterprise Network
          3. Features Used for the Enterprise Network
          4. Configuration for the Enterprise Network
        2. Large Company Network Scenario
          1. Connections and Equipment List for the Large Company Network
          2. Task List for the Large Company Network
          3. Features Used for the Large Company Network
          4. Sample Configuration for the Large Company Network
        3. Medium and Small Business Network Scenario
          1. Network Connections and Equipment List for Medium and Small Business Networks
          2. Task List for Medium and Small Business Networks
          3. Features Used for Medium and Small Business Networks
          4. Sample Configuration for Medium and Small Business Networks
        4. SOHO Network Scenario
          1. Network Connections and Equipment List for a SOHO Network
          2. Task List for a SOHO Network
          3. Features Used for a SOHO Network
          4. Sample Configuration for SOHO Network
      5. Summary
      6. Chapter Review Questions
  11. III. Firewall Configuration Topics
    1. 5. Getting Started with the Cisco PIX Firewall
      1. CLI
        1. Basic Commands
      2. Configuring the PIX Firewall
        1. Viewing and Saving Your Configuration
        2. write erase and tftp-server Commands
        3. write net and configure net Commands
        4. name Command
        5. reload Command
      3. Examining the PIX Firewall Status
        1. show memory
        2. show version
        3. show ip address
        4. show interface Command
        5. show cpu usage Command
        6. ping Command
      4. Time Setting and NTP Support
        1. Setting Daylight Savings Time and Time Zones
        2. ntp Command
      5. ASA Security Levels
      6. Basic PIX Firewall Configuration
        1. nameif Command
        2. interface Command
        3. ip address Command
      7. nat Command
        1. global Command
        2. route Command
      8. Syslog Configuration
      9. DHCP Server Configuration
        1. DHCP Basics
        2. Configuring a PIX Firewall DHCP Server
        3. DHCP Relay
      10. PPPoE and the PIX Firewall
        1. Configuring PPPoE on the PIX Firewall
        2. Monitoring the PPPoE Client
      11. Summary
      12. Chapter Review Questions
      13. Lab Exercise—Get Started with the Cisco PIX Firewall
        1. Objectives
        2. Lab Topology
        3. Task 1—Execute General Commands
        4. Task 2—Configure PIX Firewall Interfaces
        5. Task 3—Configure Global Addresses, NAT, and Routing for Inside and Outside Interfaces
        6. Task 4—Test the Inside and Outside Interface Connectivity
        7. Task 5—Configure Syslog Output
        8. Task 6—Configure Syslog Output to a Syslog Server
    2. 6. Cisco PIX Device Manager
      1. PDM Overview
      2. PDM Operational Requirements
        1. Windows Requirements
        2. Sun Solaris Requirements
        3. Linux Requirements
        4. General Guidelines
      3. Preparing for PDM
      4. Using PDM to Configure the PIX Firewall
        1. Configuration
          1. Access Rules Tab
          2. Translations Rules Tab
          3. VPN Tab
          4. Hosts/Networks Tab
          5. System Properties Tab
          6. Tools and Options
        2. Monitoring
      5. Summary
      6. Chapter Review Questions
      7. Lab Exercise—Configure the PIX Firewall with PDM
        1. Objectives
        2. Lab Topology
        3. Task 1—Use the PDM Startup Wizard
        4. Task 2—Use the PDM Startup Wizard to Configure a Privileged Mode Password
        5. Task 3—Configure Outbound Access with NAT
        6. Task 4—Test Connectivity Through the PIX Firewall
        7. Task 5—Configure and Test Inbound Access
        8. Task 6—Configure Intrusion Detection
        9. Task 7—Configure PDM to Monitor Intrusion Detection
    3. 7. Translations and Connections
      1. Transport Protocols
        1. TCP
        2. UDP
      2. NAT
        1. Dynamic Inside Translations
        2. Static Inside Translations
        3. Dynamic Outside Translations
        4. Static Outside Translations
        5. Identity NAT
        6. Policy NAT
        7. Translations and Connections
        8. Statics and Conduits
      3. Configuring DNS Support
        1. DNS Support with the alias Command
          1. DNS Doctoring with Alias
          2. Destination NAT with the alias Command
        2. DNS Record Translation with Expanded NAT and Static Commands
      4. PAT
        1. PAT Using the Outside Interface Address
        2. Mapping Subnets to PAT Addresses
        3. Backing Up PAT Addresses by Using Multiple PATs
        4. Augmenting a Global Pool with PAT
      5. Port Redirection
      6. Configuring Multiple Interfaces
      7. Summary
      8. Chapter Review Questions
      9. Lab Exercise—Configure Access Through the PIX Firewall
        1. Objectives
        2. Lab Topology
        3. Task 1—Configure a Conduit to Allow ICMP Through the PIX Firewall
        4. Task 2—Configure the PIX Firewall to Allow Users on the Inside Interface to Access the Bastion Host
        5. Task 3—Configure the PIX Firewall to Allow Users on the Outside Interface to Access the Bastion Host
        6. Task 4—Configure the PIX Firewall to Allow Users on the Outside Interface to Access the Inside Host
    4. 8. Access Control Lists and Content Filtering
      1. Access Control Lists
        1. Turbo ACLs
      2. Converting Conduits to ACLs
        1. Conversion Procedures
      3. Using ACLs
        1. icmp Command
      4. Malicious Active Code Filtering
        1. Java Applet Filtering
        2. ActiveX Blocking
      5. URL Filtering
        1. Long URL Filtering
      6. Summary
      7. Chapter Review Questions
      8. Lab Exercise—Configure ACLs in the PIX Firewall
        1. Objectives
        2. Lab Topology
        3. Task 1—Disable Pinging to an Interface
        4. Task 2—Configure an Inbound ACL
        5. Task 3—Test and Verify the Inbound ACL
        6. Task 4—Configure an Outbound ACL
        7. Task 5—Test and Verify the Outbound ACL
    5. 9. Object Grouping
      1. Getting Started with Object Groups
        1. Configuring and Using Object Groups
          1. Configuring Network Object Groups
          2. Configuring Service Object Groups
          3. Configuring Protocol Object Groups
          4. Configuring ICMP-Type Object Groups
      2. Nested Object Groups
      3. Summary
      4. Chapter Review Questions
      5. Lab Exercise—Configure Object Groups
        1. Objectives
        2. Lab Topology
        3. Task 1—Configure a Service Object Group
        4. Task 2—Configure an ICMP-Type Object Group
        5. Task 3—Configure a Nested Server Object Group
        6. Task 4—Configure an Inbound ACL with Object Groups
        7. Task 5—Configure Web and ICMP Access to the Inside Host
        8. Task 6—Test and Verify the Inbound ACL
    6. 10. Routing
      1. Routing Options
        1. Static Routing
        2. Dynamic Routes
          1. RIP
          2. OSPF
          3. Basic OSPF Concepts
            1. OSPF Security Considerations
            2. Supported and Unsupported OSPF Features
            3. Configuring OSPF
      2. IP Multicast
        1. Allowing Hosts to Receive Multicast Transmissions
        2. Forwarding Multicasts from a Transmission Source
        3. Configuring Other IGMP Options
        4. Monitoring SMR Configurations
      3. Summary
      4. Chapter Review Questions
  12. IV. Advanced Configuration Topics
    1. 11. Advanced Protocol Handling
      1. Advanced Protocols
        1. fixup Command
        2. Standard Mode FTP
        3. Passive Mode FTP
        4. FTP Fixup Configuration
        5. rsh
        6. SQL*Net
        7. SIP
        8. SCCP
      2. Multimedia Support
        1. Standard RTP Mode
        2. RealNetworks RDT Mode
        3. RTSP Fixup Configuration
        4. H.323 Fixup
          1. Configuring H.323 Fixup
      3. Summary
      4. Chapter Review Questions
      5. Lab Exercise—Configure and Test Advanced Protocol Handling on the Cisco PIX Firewall
        1. Objectives
        2. Lab Topology
        3. Task 1—Display the Fixup Protocol Configurations
        4. Task 2—Change the Fixup Protocol Configurations
        5. Task 3—Test the Outbound FTP Fixup Protocol
        6. Task 4—Test the Inbound FTP Fixup Protocol
        7. Task 5—Set the Fixup Protocols to the Default Settings
        8. Answers to Task Review Questions
    2. 12. Attack Guards, Intrusion Detection, and Shunning
      1. Attack Guards
        1. Mail Guard
        2. DNS Guard
        3. FragGuard and Virtual Re-assembly
        4. AAA Flood Guard
        5. SYN Flood Guard
        6. Antispoofing
      2. Intrusion Detection
        1. Configuring IDS
      3. Shunning
      4. Summary
      5. Chapter Review Questions
      6. Lab Exercise—Configure Intrusion Detection
        1. Objectives
        2. Lab Topology
        3. Task 1—Configure the Use of IDS Information Signatures and Send Cisco IDS Syslog Output to a Syslog Server
        4. Task 2—Configure the Use of IDS Attack Signatures and Send Cisco IDS Syslog Output to a Syslog Server
    3. 13. Authentication, Authorization, and Accounting
      1. AAA Basics
      2. Cut-Through Proxy Operation
      3. Supported AAA Servers
      4. Installation of CSACS for Windows NT
        1. Adding Users to CSACS
          1. Account Disabled
          2. Supplementary User Info
          3. User Setup
          4. Account Disable
      5. Authentication Configuration
        1. Authentication of Other Services
          1. Virtual Telnet
          2. Virtual HTTP
        2. Authentication of Console Access
          1. Changing Authentication Timeouts
          2. Changing Authentication Prompts
      6. Authorization Configuration
        1. Adding Authorization Rules
        2. Downloadable ACLs
          1. Configuring Downloadable ACLs in CSACS
          2. Assigning the ACL to the User
      7. Accounting Configuration
        1. match acl_name Option
        2. Viewing Accounting Information in CSACS
      8. Troubleshooting AAA Configurations
      9. Summary
      10. Chapter Review Questions
      11. Lab Exercise—Configure the PIX Firewall with AAA
        1. Objectives
        2. Lab Topology
        3. Task 1—Install the CSACS for a Windows 2000 Server
        4. Task 2—Add a User to the CSACS Database
        5. Task 3—Identify the AAA Server and Protocol
        6. Task 4—Configure and Test Inbound Authentication
        7. Task 5—Configure and Test Outbound Authentication
        8. Task 6—Configure and Test Console Access Authentication
        9. Task 7—Configure and Test Virtual Telnet Authentication
        10. Task 8—Change and Test Authentication Timeouts and Prompts
        11. Task 9—Configure ACS to Write Downloadable ACLs During Authentication
        12. Task 10—Test Downloadable ACLs with Inbound Authentication
        13. Task 11—Configure and Test Accounting
    4. 14. Failover
      1. Understanding Failover
        1. IP Addresses for Failover
        2. Configuration Replication
        3. Stateful Failover
        4. Failover Interface Test
      2. Hardware Requirements
        1. Licensing Requirements
      3. Cable-Based Failover Configuration
      4. LAN-Based Failover Configuration
      5. Summary
      6. Chapter Review Questions
      7. Lab Exercise—Configure LAN-Based Failover
        1. Objectives
        2. Lab Topology
        3. Task 1—Configure the Primary PIX Firewall for LAN-Based Stateful Failover to the Secondary PIX Firewall
        4. Task 2—Configure the Secondary PIX Firewall for LAN-Based Failover
        5. Task 3—Test LAN-Based Stateful Failover
        6. Task 4—Make the Primary PIX Firewall Active
  13. V. VPN Configuration
    1. 15. Virtual Private Networks
      1. PIX Firewall Enabling a Secure VPN
      2. IPSec Overview
        1. IPSec Standards Supported
        2. IKE
        3. DES
        4. 3DES
        5. AES
        6. D-H
        7. MD5
        8. SHA-1
        9. RSA Signatures
        10. CA
        11. NAT-T
        12. SA
      3. IKE Overview
      4. CA Overview
      5. Summary
      6. Chapter Review Questions
    2. 16. Site-to-Site VPNs
      1. IPSec Configuration Tasks
        1. Task 1—Prepare to Configure VPN Support
          1. Plan for IKE (Phase 1)
          2. Plan for IPSec (Phase 2)
        2. Task 2—Configure IKE Parameters
        3. Task 3—Configure IPSec Parameters
          1. Step 1—Configure Crypto ACLs
          2. Step 2—Configure an IPSec Transform Set
            1. Transform Set Negotiation
          3. Step 3—Configure Global IPSec Security Association Lifetimes
            1. Transform Set Negotiated Between IPSec Peers
            2. Global IPSec SA Lifetime Examples
        4. Step 4—Configure Crypto Maps
          1. Crypto Map Parameters
          2. Backup Gateways
          3. Configuring Crypto Maps
          4. Setting Manual Keys
          5. Step 5—Verify IPSec Configuration
            1. Management Access
        5. Task 4—Test and Verify VPN Configuration
      2. Easy VPN Operation
        1. Configuring Easy VPN
      3. VPN Configuration Using PDM
        1. System Options
          1. Digital Certificates
        2. Creating Transform Sets
      4. Creating a Crypto Map
        1. Creating an IPSec Rule
        2. VPN Wizard
        3. Easy VPN
      5. Case Study: Three-Site Full-Mesh IPSec Tunnels Using Preshared Keys
        1. Network Security Policy
        2. Sample Configuration for Portland, Seattle, and San Jose PIX Firewalls
      6. Summary
      7. Chapter Review Questions
      8. Lab Exercise—Configure Site-to-Site VPNs
        1. Objectives
        2. Lab Topology
        3. Task 1—Configure IKE Parameters
        4. Task 2—Configure IPSec Parameters
        5. Task 3—Test and Verify the IPSec Configuration
        6. Task 4—Using PDM (Optional)
        7. Task 5—Using PDM VPN Wizard (Optional)
    3. 17. Client Remote Access VPNs
      1. Cisco VPN Client
        1. Cisco VPN Client Features
      2. Configuring Remote Access VPNs
        1. PPTP Client Configuration
      3. Remote Access VPN Configuration with PDM
      4. Summary
      5. Chapter Review Questions
      6. Lab Exercise—Remote Access VPNs
        1. Objectives
        2. Lab Topology
        3. Task 1—Configure the PIX Firewall
        4. Task 2—Create a User in CSACS
        5. Task 3—Verify Your Configuration
        6. Task 4—Install the Cisco VPN Client on Host 1
        7. Task 5—Configure the Cisco VPN Client
        8. Task 6—Verify the Cisco VPN Client Properties
        9. Task 7—Launch the Cisco VPN Client
        10. Task 8—Verify the VPN Connection
        11. Task 9—Reconfigure Remote Access VPN Connection Using PDM (Optional)
  14. VI. PIX System Management
    1. 18. System Maintenance
      1. Remote Access
        1. Telnet
        2. SSH
      2. Command Authorization
        1. Command Authorization with Enable-Level Passwords
        2. Command Authorization with Local User Database
        3. Command Authorization with CSACS
        4. Viewing Command Authorization Configuration
      3. SNMP
        1. MIB Support
        2. Configuring SNMP
      4. Management Tools
        1. PDM
        2. Cisco Secure Policy Manager
        3. Management Center for Firewalls
      5. Activation Keys
        1. Troubleshooting the Activation Key Upgrade
      6. Password Recovery and Image Upgrade
        1. Password Recovery Procedures
        2. Image Upgrade
      7. Summary
      8. Chapter Review Questions
      9. Lab Exercise—System Maintenance
        1. Objectives
        2. Lab Topology
        3. Task 1—Configure Enable-Level Command Authorization with Passwords
        4. Task 2—Test Enable-Level Command Authorization
        5. Task 3—Generate an RSA Key Pair for Encrypted SSH Sessions
        6. Task 4—Establish an SSH Connection to the PIX Firewall
        7. Task 5—Configure Command Authorization Using the Local User Database
        8. Task 6—Test Command Authorization Using the Local User Database
        9. Task 7—Perform a Password Recovery
        10. Task 8—Upgrade the PIX Firewall Software Image
    2. 19. PIX Firewall Management in Enterprise Networks
      1. Introduction to Firewall MC
      2. Key Features and Concepts
        1. Supported Devices
      3. Installation
        1. Installation Requirements
        2. Installation Process
      4. Getting Started
        1. CiscoWorks
          1. CiscoWorks User Management
      5. Navigating the Firewall MC
      6. Firewall MC Task Flow
        1. Task 1—Create a New Activity
        2. Task 2—Create Device Groups
        3. Task 3—Import and Manage Devices
          1. Creating a Device
          2. Importing Configuration from a Device
          3. Importing Configuration File for a Device
          4. Importing Multiple Configurations from a CSV File
          5. Importing Configuration Files for Multiple Devices
          6. Managing Devices
        4. Task 4—Configure Building Blocks
          1. Network Objects
          2. Service Definitions
          3. Service Groups
          4. AAA Server Group
          5. Address Translation Pool
        5. Task 5—Configure Settings
          1. PIX Firewall Version
          2. Interface Settings
          3. Static Routes
          4. Administration: Passwords
          5. Administration: HTTPS (SSL)
          6. Administration: SSH
          7. Administration: Log Setup
            1. Syslog Configuration
            2. Logging Level
          8. Servers and Services: Easy VPN Remote
          9. MC Settings: Management
          10. MC Settings: Import Devices
          11. MC Settings: Firewall Device Contact Information
          12. Firewall MC Controls: Configuration Additions
        6. Task 6—Configure Access and Translation Rules
          1. Access Rules
            1. Firewall Rules
            2. AAA Rules
            3. Web Filter Rules
          2. Static Translation Rule
          3. Dynamic Translation Rule
        7. Tasks 7 and 8—Generate and View the Configuration and Submit Activity for Approval
        8. Tasks 9 and 10—Create a Job and Submit the Job for Approval
        9. Task 11—Deploy a Job
      7. Reporting, Tools, and Administration
        1. Reporting
        2. Support
        3. Administration: Workflow Setup
        4. Administration: Maintenance
      8. Summary
      9. Chapter Review Questions
      10. Lab Exercise—Enterprise PIX Firewall Management
        1. Objectives
        2. Lab Topology
        3. Task 1—Install the Firewall MC
        4. Task 2—Bootstrap the PIX Firewall
        5. Task 3—Launch the Firewall MC
        6. Task 4—Open an Activity and Create a Group
        7. Task 5—Import the PIX Firewall
        8. Task 6—Configure the Inside and Outside Interfaces
        9. Task 7—Configure Service Definitions, Service Groups, and Address Translation Pool Building Blocks
        10. Task 8—Create Translation Rules
        11. Task 9—Configure the PIX Firewall to Allow HTTP and CiscoWorks Traffic to the Inside Host
        12. Task 10—Configure a Global Security Policy
        13. Task 11—Approve an Activity, Create a Job, and Deploy a Job
        14. Task 12—Test the PIX Firewall Configuration
    3. 20. PIX Firewall Maintenance in Enterprise Networks
      1. Introduction to the AUS
        1. Installation Overview
        2. Installation Requirements
        3. Client Access Requirements
        4. Installation Process
      2. AUS Initial Configuration Settings
        1. Firewall MC and AUS Communications
        2. AUS Activation
        3. AUS and PIX Firewall Communications
        4. PIX Firewall Unique Identity
        5. PIX Firewall Configuration Deployment
      3. Getting Started
        1. CiscoWorks Login
        2. AUS Interface
      4. Devices, Images, and Assignments
        1. AUS Devices
        2. AUS Images
        3. AUS Assignments
          1. Multiple Images to a Single Device
          2. Single Image to Multiple Devices
      5. Reports and Administration
        1. Reports—System Information
        2. Reports—Event Report
        3. Admin—NAT Settings
        4. Admin—AUS Database Password Change
      6. Summary
      7. Chapter Review Questions
      8. Lab Exercise—PIX Firewall Maintenance in Enterprise Networks
        1. Objectives
        2. Lab Topology
        3. Task 1—Install the AUS
        4. Task 2—Configure the Firewall MC and PIX Firewall to Use the AUS
        5. Task 3—Verify the Operation of the PIX Firewall and the AUS
        6. Task 4—Add a PIX Firewall Software and a PDM Image to the AUS
        7. Task 5—Assign Images to a Device
  15. VII. Special Topics
    1. 21. Firewall Services Module
      1. FWSM Overview
      2. FWSM and PIX Firewall Feature Comparison
      3. Catalyst 6500 Switch Requirements
      4. Network Model
      5. Configuring the FWSM
        1. Initializing the FWSM
        2. Configuring the Switch VLAN
        3. Configuring the FWSM Interfaces
      6. Using PDM with FWSM
      7. Troubleshooting the FWSM
        1. Resetting and Rebooting the FWSM
        2. Memory Test
      8. Summary
      9. Chapter Review Questions
    2. 22. PIX Firewall in SOHO Networks
      1. PIX Firewall Models
      2. PIX Firewall Features for SOHO Networks
        1. PIX Device Manager
        2. PIX Firewall as an Easy VPN Remote Device
        3. PIX Firewall PPPoE Client
        4. PIX Firewall DHCP Server
          1. Using Cisco IP Phones with a DHCP Server
        5. PIX Firewall DHCP Relay
        6. PIX Firewall DHCP Client
          1. Configuring the DHCP Client
      3. Summary
      4. Chapter Review Questions
  16. VIII. Appendixes
    1. A. Answers to Review Questions
      1. Chapter 1
      2. Chapter 2
      3. Chapter 3
      4. Chapter 4
      5. Chapter 5
      6. Chapter 6
      7. Chapter 7
      8. Chapter 8
      9. Chapter 9
      10. Chapter 10
      11. Chapter 11
      12. Chapter 12
      13. Chapter 13
      14. Chapter 14
      15. Chapter 15
      16. Chapter 16
      17. Chapter 17
      18. Chapter 18
      19. Chapter 19
      20. Chapter 20
      21. Chapter 21
      22. Chapter 22
    2. B. Security Resources
  17. Inside Front Cover