You are previewing Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance.
O'Reilly logo
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance

Book Description

Identify, mitigate, and respond to network attacks

  • Understand the evolution of security technologies that make up the unified ASA device and how to install the ASA hardware

  • Examine firewall solutions including network access control, IP routing, AAA, application inspection, virtual firewalls, transparent (Layer 2) firewalls, failover and redundancy, and QoS

  • Evaluate Intrusion Prevention System (IPS) solutions including IPS integration and Adaptive Inspection and Prevention Security Services Module (AIP-SSM) configuration

  • Deploy VPN solutions including site-to-site IPsec VPNs, remote- access VPNs, and Public Key Infrastructure (PKI)

  • Learn to manage firewall, IPS, and VPN solutions with Adaptive Security Device Manager (ASDM)

Achieving maximum network security is a challenge for most organizations. Cisco® ASA, a new unified security device that combines firewall, network antivirus, intrusion prevention, and virtual private network (VPN) capabilities, provides proactive threat defense that stops attacks before they spread through the network.

This new family of adaptive security appliances also controls network activity and application traffic and delivers flexible VPN connectivity. The result is a powerful multifunction network security device that provides the security breadth and depth for protecting your entire network, while reducing the high deployment and operations costs and complexities associated with managing multiple point products.

Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance is a practitioner’s guide to planning, deploying, and troubleshooting a comprehensive security plan with Cisco ASA. The book provides valuable insight and deployment examples and demonstrates how adaptive identification and mitigation services on Cisco ASA provide a sophisticated security solution for both large and small network environments.

The book contains many useful sample configurations, proven design scenarios, and discussions of debugs that help you understand how to get the most out of Cisco ASA in your own network.

“I have found this book really highlights the practical aspects needed for building real-world security. It offers the insider’s guidance needed to plan, implement, configure, and troubleshoot the Cisco ASA in customer environments and demonstrates the potential and power of Self-Defending Networks.”

–Jayshree Ullal, Sr. Vice President, Security Technologies Group, Cisco Systems® 

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

Table of Contents

  1. Copyright
    1. Dedications
  2. About the Authors
    1. About the Technical Reviewers
  3. Acknowledgments
  4. Foreword
    1. Icons Used in This Book
    2. Command Syntax Conventions
  5. Introduction
    1. Who Should Read This Book
    2. How This Book Is Organized
  6. I. Product Overview
    1. 1. Introduction to Network Security
      1. Firewall Technologies
        1. Network Firewalls
          1. Packet-Filtering Techniques
          2. Application Proxies
          3. Network Address Translation
          4. Port Address Translation
          5. Static Translation
          6. Stateful Inspection Firewalls
        2. Personal Firewalls
      2. Intrusion Detection and Prevention Technologies
        1. Network-Based Intrusion Detection and Prevention Systems
          1. Pattern Matching and Stateful Pattern-Matching Recognition
          2. Protocol Analysis
          3. Heuristic-Based Analysis
          4. Anomaly-Based Analysis
        2. Host-Based Intrusion Detection Systems
      3. Network-Based Attacks
        1. DoS Attacks
          1. TCP SYN Flood Attacks
          2. land.c Attacks
          3. Smurf Attacks
        2. DDoS Attacks
        3. Session Hijacking
      4. Virtual Private Networks
        1. Understanding IPSec
        2. Internet Key Exchange
          1. IKE Phase 1
          2. IKE Phase 2
        3. IPSec Protocols
          1. Authentication Header
          2. Encapsulation Security Payload
        4. IPSec Modes
          1. Transport Mode
          2. Tunnel Mode
      5. Summary
    2. 2. Product History
      1. Cisco Firewall Products
        1. Cisco PIX Firewalls
        2. Cisco FWSM
        3. Cisco IOS Firewall
      2. Cisco IDS Products
      3. Cisco VPN Products
      4. Cisco ASA All-in-One Solution
        1. Firewall Services
        2. IPS Services
        3. VPN Services
      5. Summary
    3. 3. Hardware Overview
      1. Cisco ASA 5510 Model
      2. Cisco ASA 5520 Model
      3. Cisco ASA 5540 Model
      4. AIP-SSM Modules
      5. Summary
  7. II. Firewall Solution
    1. 4. Initial Setup and System Maintenance
      1. Accessing the Cisco ASA Appliances
        1. Establishing a Console Connection
        2. Command-Line Interface
      2. Managing Licenses
      3. Initial Setup
        1. Setting Up the Device Name
        2. Configuring an Interface
        3. Configuring a Subinterface
        4. Configuring a Management Interface
        5. DHCP Services
      4. IP Version 6
        1. IPv6 Header
        2. Configuring IPv6
          1. IP Address Assignment
            1. Global Address
            2. Site-Local Address
            3. Link-Local Address
            4. Auto-Configuration Address
      5. Setting Up the System Clock
        1. Manual Clock Adjustment Using clock set
        2. Automatic Clock Adjustment Using the Network Time Protocol
        3. Time Zones and Daylight Savings Time
      6. Configuration Management
        1. Running Configuration
        2. Startup Configuration
        3. Removing the Device Configuration
      7. Remote System Management
        1. Telnet
        2. Secure Shell
      8. System Maintenance
        1. Software Installation
          1. Image Upgrade via the Cisco ASA CLI
          2. Image Recovery Using ROMMON
        2. Password Recovery Process
        3. Disabling the Password Recovery Process
      9. System Monitoring
        1. System Logging
          1. Enabling Logging
          2. Logging Types
            1. Console Logging
            2. Terminal Logging
            3. Buffered Logging
            4. E-Mail Logging
            5. ASDM Logging
            6. Syslog Server Logging
          3. Additional Syslog Parameters
        2. Simple Network Management Protocol
          1. Configuring SNMP
          2. SNMP Monitoring
        3. CPU and Memory Monitoring
      10. Summary
    2. 5. Network Access Control
      1. Packet Filtering
        1. Types of ACLs
          1. Standard ACLs
          2. Extended ACLs
          3. IPv6 ACLs
          4. EtherType ACLs
          5. WebVPN ACLs
          6. Comparing ACL Features
        2. Configuring Packet Filtering
          1. Step 1: Set Up an ACL
          2. Step 2: Apply an ACL to an Interface
          3. Step 3: Set Up an IPv6 ACL (Optional)
      2. Advanced ACL Features
        1. Object Grouping
          1. Object Types
            1. Protocol
            2. Network
            3. Service
            4. ICMP-Type
          2. Object Grouping and ACLs
        2. Standard ACLs
        3. Time-Based ACLs
          1. Absolute
          2. Periodic
        4. Downloadable ACLs
        5. ICMP Filtering
      3. Content and URL Filtering
        1. Content Filtering
          1. ActiveX Filtering
          2. Java Filtering
          3. Configuring Content Filtering
        2. URL Filtering
          1. Configuring URL Filtering
            1. Step 1: Defining a Filtering Server
            2. Step 2: Configuring HTTP, HTTPS, and FTP Filtering
            3. Step 3: Buffering Server Responses (Optional)
            4. Step 4: Enabling Long URL Support (Optional)
            5. Step 5: Caching Server Responses (Optional)
      4. Deployment Scenarios Using ACLs
        1. Using ACLs to Filter Inbound and Outbound Traffic
        2. Enabling Content Filtering Using Websense
      5. Monitoring Network Access Control
        1. Monitoring ACLs
        2. Monitoring Content Filtering
      6. Understanding Address Translation
        1. Network Address Translation
        2. Port Address Translation
        3. Packet Flow Sequence
        4. Configuring Address Translation
          1. Static NAT
          2. Dynamic Network Address Translation
          3. Static Port Address Translation
          4. Dynamic Port Address Translation
          5. Policy NAT/PAT
        5. Bypassing Address Translation
          1. Identity NAT
          2. NAT Exemption
        6. NAT Order of Operation
        7. Integrating ACLs and NAT
      7. DNS Doctoring
      8. Monitoring Address Translations
      9. Summary
    3. 6. IP Routing
      1. Configuring Static Routes
      2. RIP
        1. Configuring RIP
        2. Verifying the Configuration
        3. Troubleshooting RIP
          1. Scenario 1: RIP Version Mismatch
          2. Scenario 2: RIP Authentication Mismatch
          3. Scenario 3: Multicast or Broadcast Packets Blocked
          4. Scenario 4: Correct Configuration and Behavior
      3. OSPF
        1. Configuring OSPF
          1. Enabling OSPF
          2. Virtual Links
          3. Configuring OSPF Authentication
          4. Configuring the Cisco ASA as an ASBR
          5. Stub Areas and NSSAs
          6. ABR Type 3 LSA Filtering
          7. OSPF neighbor Command and Dynamic Routing over VPN
        2. Troubleshooting OSPF
          1. Useful Troubleshooting Commands
          2. Mismatched Areas
          3. OSPF Authentication Mismatch
          4. Troubleshooting Virtual Link Problems
      4. IP Multicast
        1. IGMP
        2. IP Multicast Routing
        3. Configuring Multicast Routing
          1. Enabling Multicast Routing
          2. Statically Assigning an IGMP Group
          3. Limiting IGMP States
          4. IGMP Query Timeout
          5. Defining the IGMP Version
          6. Configuring Rendezvous Points
          7. Configuring Threshold for SPT Switchover
          8. Filtering RP Register Messages
          9. PIM Designated Router Priority
          10. PIM Hello Message Interval
          11. Configuring a Static Multicast Route
        4. Troubleshooting IP Multicast Routing
          1. show Commands
          2. debug Commands
      5. Deployment Scenarios
        1. Deploying OSPF
        2. Deploying IP Multicast
      6. Summary
    4. 7. Authentication, Authorization, and Accounting (AAA)
      1. AAA Protocols and Services Supported by Cisco ASA
        1. RADIUS
        2. TACACS+
        3. RSA SecurID
        4. Microsoft Windows NT
        5. Active Directory and Kerberos
        6. Lightweight Directory Access Protocol
      2. Defining an Authentication Server
      3. Configuring Authentication of Administrative Sessions
        1. Authenticating Telnet Connections
        2. Authenticating SSH Connections
        3. Authenticating Serial Console Connections
        4. Authenticating Cisco ASDM Connections
      4. Authenticating Firewall Sessions (Cut-Through Proxy Feature)
        1. Authentication Timeouts
        2. Customizing Authentication Prompts
      5. Configuring Authorization
        1. Command Authorization
        2. Configuring Downloadable ACLs
      6. Configuring Accounting
        1. RADIUS Accounting
        2. TACACS+ Accounting
      7. Deployment Scenarios
        1. Deploying Authentication, Command Authorization, and Accounting for Administrative Sessions
        2. Deploying Cut-Through Proxy Authentication
      8. Troubleshooting AAA
        1. Troubleshooting Administrative Connections to Cisco ASA
        2. Troubleshooting Firewall Sessions (Cut-Through Proxy)
      9. Summary
    5. 8. Application Inspection
      1. Enabling Application Inspection Using the Modular Policy Framework
      2. Selective Inspection
      3. Computer Telephony Interface Quick Buffer Encoding Inspection
      4. Domain Name System
      5. Extended Simple Mail Transfer Protocol
      6. File Transfer Protocol
      7. General Packet Radio Service Tunneling Protocol
        1. GTPv0
        2. GTPv1
        3. Configuring GTP Inspection
      8. H.323
        1. H.323 Protocol Suite
        2. H.323 Version Compatibility
        3. Enabling H.323 Inspection
        4. Direct Call Signaling and Gatekeeper Routed Control Signaling
        5. T.38
      9. HTTP
        1. Enabling HTTP Inspection
          1. strict-http
          2. content-length
          3. content-type-verification
          4. max-header-length
          5. max-uri-length
          6. port-misuse
          7. request-method
          8. transfer-encoding type
      10. ICMP
      11. ILS
      12. MGCP
      13. NetBIOS
      14. PPTP
      15. Sun RPC
      16. RSH
      17. RTSP
      18. SIP
      19. Skinny
      20. SNMP
      21. SQL*Net
      22. TFTP
      23. XDMCP
      24. Deployment Scenarios
        1. ESMTP
        2. HTTP
        3. FTP
      25. Summary
    6. 9. Security Contexts
      1. Architectural Overview
        1. System Execution Space
        2. Admin Context
        3. Customer Context
        4. Packet Flow in Multiple Mode
          1. Packet Classification
          2. Packet Forwarding Between Contexts
            1. Forwarding Without a Shared Interface
            2. Forwarding with a Shared Interface
      2. Configuration of Security Contexts
        1. Step 1: Enabling Multiple Security Contexts Globally
        2. Step 2: Setting Up the System Execution Space
        3. Step 3: Specifying a Configuration URL
        4. Step 4: Allocating the Interfaces
        5. Step 5: Configuring an Admin Context
        6. Step 6: Configuring a Customer Context
        7. Step 7: Managing the Security Contexts (Optional)
      3. Deployment Scenarios
        1. Virtual Firewall Using Two Customer Contexts
        2. Virtual Firewall Using a Shared Interface
      4. Monitoring and Troubleshooting the Security Contexts
        1. Monitoring
        2. Troubleshooting
      5. Summary
    7. 10. Transparent Firewalls
      1. Architectural Overview
        1. Single-Mode Transparent Firewall
          1. Packet Flow in an SMTF
        2. Multimode Transparent Firewall
          1. Packet Flow in an MMTF
      2. Transparent Firewalls and VPNs
      3. Configuration of Transparent Firewall
        1. Configuration Guidelines
        2. Configuration Steps
          1. Step 1: Enabling Transparent Firewalls
          2. Step 2: Setting Up Interfaces
          3. Step 3: Configuring an IP Address
          4. Step 4: Configuring Interface ACLs
          5. Step 5: Adding Static L2F Table Entries (Optional)
          6. Step 6: Enabling ARP Inspection (Optional)
          7. Step 7: Modifying L2F Table Parameters (Optional)
      4. Deployment Scenarios
        1. SMTF Deployment
        2. MMTF Deployment with Security Contexts
      5. Monitoring and Troubleshooting the Transparent Firewall
        1. Monitoring
        2. Troubleshooting
      6. Summary
    8. 11. Failover and Redundancy
      1. Architectural Overview
        1. Conditions that Trigger Failover
        2. Failover Interface Tests
        3. Stateful Failover
        4. Hardware and Software Requirements
        5. Types of Failover
          1. Active/Standby Failover
          2. Active/Active Failover
          3. Asymmetric Routing
      2. Failover Configuration
        1. Active/Standby Failover Configuration
          1. Step 1: Select the Failover Link
          2. Step 2: Assign Failover IP Addresses
          3. Step 3: Set Failover Key (Optional)
          4. Step 4: Designating the Primary Cisco ASA
          5. Step 5: Enable Stateful Failover (Optional)
          6. Step 6: Enable Failover Globally
          7. Step 7: Configure Failover on the Secondary Cisco ASA
        2. Active/Active Failover Configuration
          1. Step 1: Select the Failover Link
          2. Step 2: Assign Failover Interface IP Addresses
          3. Step 3: Set Failover Key
          4. Step 4: Designate the Primary Cisco ASA
          5. Step 5: Enable Stateful Failover
          6. Step 6: Set Up Failover Groups
          7. Step 7: Assign Failover Group Membership
          8. Step 8: Assign Interface IP Addresses
          9. Step 9: Set Up Asymmetric Routing (Optional)
          10. Step 10: Enable Failover Globally
          11. Step 11: Configure Failover on the Secondary Cisco ASA
        3. Optional Failover Commands
          1. Specifying Failover MAC Addresses
          2. Configuring Interface Policy
          3. Managing Failover Timers
          4. Monitoring Failover Interfaces
        4. Zero-Downtime Software Upgrade
      3. Deployment Scenarios
        1. Active/Standby Failover in Single Mode
        2. Active/Active Failover in Multiple Security Contexts
      4. Monitoring and Troubleshooting Failovers
        1. Monitoring
        2. Troubleshooting
      5. Summary
    9. 12. Quality of Service
      1. Architectural Overview
        1. Traffic Policing
        2. Traffic Prioritization
        3. Packet Flow Sequence
        4. Packet Classification
          1. IP Precedence Field
          2. IP DSCP Field
          3. IP Access Control List
          4. IP Flow
          5. VPN Tunnel Group
        5. QoS and VPN Tunnels
      2. Configuring Quality of Service
        1. Step 1: Set Up a Class Map
        2. Step 2: Configure a Policy Map
        3. Step 3: Apply the Policy Map on the Interface
        4. Step 4: Tune the Priority Queue (Optional)
      3. QoS Deployment Scenarios
        1. QoS for VoIP Traffic
        2. QoS for the Remote-Access VPN Tunnels
      4. Monitoring QoS
      5. Summary
  8. III. Intrusion Prevention System (IPS) Solution
    1. 13. Intrusion Prevention System Integration
      1. Adaptive Inspection Prevention Security Services Module Overview (AIP-SSM)
        1. AIP-SSM Management
        2. Inline Versus Promiscuous Mode
      2. Directing Traffic to the AIP-SSM
      3. AIP-SSM Module Software Recovery
      4. Additional IPS Features
        1. IP Audit
        2. Shunning
      5. Summary
    2. 14. Configuring and Troubleshooting Cisco IPS Software via CLI
      1. Cisco IPS Software Architecture
        1. MainApp
        2. SensorApp
        3. Network Access Controller
        4. AuthenticationApp
        5. cipsWebserver
        6. LogApp
        7. EventStore
        8. TransactionSource
      2. Introduction to the CIPS 5.x Command-Line Interface
        1. Logging In to the AIP-SSM via the CLI
        2. CLI Command Modes
        3. Initializing the AIP-SSM
      3. User Administration
        1. User Account Roles and Levels
          1. Administrator Account
          2. Operator Account
          3. Viewer Account
          4. Service Account
        2. Adding and Deleting Users by Using the CLI
          1. Creating Users
          2. Deleting Users
        3. Changing Passwords
      4. AIP-SSM Maintenance
        1. Adding Trusted Hosts
          1. SSH Known Host List
          2. TLS Known Host List
        2. Upgrading the CIPS Software and Signatures via the CLI
          1. One-Time Upgrades
          2. Scheduled Upgrades
        3. Displaying Software Version and Configuration Information
        4. Backing Up Your Configuration
        5. Displaying and Clearing Events
        6. Displaying and Clearing Statistics
      5. Advanced Features and Configuration
        1. IPS Tuning
          1. Disabling and Retiring IPS Signatures
        2. Custom Signatures
        3. IP Logging
          1. Automatic Logging
          2. Manual Logging of Specific Host Traffic
        4. Configuring Blocking (Shunning)
      6. Summary
  9. IV. Virtual Private Network (VPN) Solution
    1. 15. Site-to-Site IPSec VPNs
      1. Preconfiguration Checklist
      2. Configuration Steps
        1. Step 1: Enable ISAKMP
        2. Step 2: Create the ISAKMP Policy
        3. Step 3: Set the Tunnel Type
        4. Step 4: Configure ISAKMP Preshared Keys
        5. Step 5: Define the IPSec Policy
        6. Step 6: Specify Interesting Traffic
        7. Step 7: Configure a Crypto Map
        8. Step 8: Apply the Crypto Map to an Interface
        9. Step 9: Configuring Traffic Filtering
        10. Step 10: Bypassing NAT (Optional)
      3. Advanced Features
        1. OSPF Updates over IPSec
        2. Reverse Route Injection
        3. NAT Traversal
        4. Tunnel Default Gateway
      4. Optional Commands
        1. Perfect Forward Secrecy
        2. Security Association Lifetimes
        3. Phase 1 Mode
        4. Connection Type
        5. Inheritance
        6. ISAKMP Keepalives
      5. Deployment Scenarios
        1. Single Site-to-Site Tunnel Configuration Using NAT-T
        2. Fully Meshed Topology with RRI
      6. Monitoring and Troubleshooting Site-to-Site IPSec VPNs
        1. Monitoring Site-to-Site VPNs
        2. Troubleshooting Site-to-Site VPNs
          1. ISAKMP Proposal Unacceptable
          2. Mismatched Preshared keys
          3. Incompatible IPSec Transform Set
          4. Mismatched Proxy Identities
      7. Summary
    2. 16. Remote Access VPN
      1. Cisco IPSec Remote Access VPN Solution
        1. Configuration Steps
          1. Step 1: Enable ISAKMP
          2. Step 2: Create the ISAKMP Policy
          3. Step 3: Configure Remote-Access Attributes
          4. Step 4: Define the Tunnel Type
          5. Step 5: Configure ISAKMP Preshared Keys
          6. Step 6: Configure User Authentication
          7. Step 7: Assign an IP Address
          8. Step 8: Define the IPSec Policy
          9. Step 9: Set Up a Dynamic Crypto Map
          10. Step 10: Configure the Crypto Map
          11. Step 11: Apply the Crypto Map to an Interface
          12. Step 12: Configure Traffic Filtering
          13. Step 13: Set Up a Tunnel Default Gateway (Optional)
          14. Step 14: Bypass NAT (Optional)
          15. Step 15: Set Up Split Tunneling (Optional)
        2. Cisco VPN Client Configuration
          1. Software-Based VPN Clients
          2. Hardware-Based VPN Clients
      2. Advanced Cisco IPSec VPN Features
        1. Transparent Tunneling
          1. NAT Traversal
          2. IPSec over TCP
          3. IPSec over UDP
        2. IPSec Hairpinning
        3. VPN Load-Balancing
        4. Client Auto-Update
        5. Client Firewalling
          1. Personal Firewall Check
          2. Central Protection Policy
        6. Hardware based Easy VPN Client Features
          1. Interactive Hardware Client Authentication
          2. Individual User Authentication
          3. Cisco IP Phone Bypass
          4. Leap Bypass
          5. Hardware Client Network Extension Mode
      3. Deployment Scenarios of Cisco IPSec VPN
        1. IPSec Hairpinning with Easy VPN and Firewalling
        2. Load-Balancing and Site-to-Site Integration
      4. Monitoring and Troubleshooting Cisco Remote Access VPN
        1. Monitoring Cisco Remote Access IPSec VPNs
        2. Troubleshooting Cisco IPSec VPN Clients
      5. Cisco WebVPN Solution
        1. Configuration Steps
          1. Step 1: Enable the HTTP Service
          2. Step 2: Enable WebVPN on the Interface
          3. Step 3: Configure WebVPN Look and Feel
          4. Step 4: Configure WebVPN Group Attributes
          5. Step 5: Configure User Authentication
      6. Advanced WebVPN Features
        1. Port Forwarding
        2. Configuring URL Mangling
        3. E-Mail Proxy
          1. Authentication Methods for E-Mail Proxy
            1. Piggyback Authentication
            2. AAA Authentication
            3. Certificate Authentication
          2. Identifying E-Mail Servers for E-Mail Proxies
          3. Delimiters
            1. Username Delimiter
            2. Server Delimiter
        4. Windows File Sharing
        5. WebVPN Access Lists
      7. Deployment Scenarios of WebVPN
        1. WebVPN with External Authentication
        2. WebVPN with E-Mail Proxies
      8. Monitoring and Troubleshooting WebVPN
        1. Monitoring WebVPN
        2. Troubleshooting WebVPN
          1. SSL Negotiations
          2. WebVPN Data Capture
          3. E-Mail Proxy Issues
      9. Summary
    3. 17. Public Key Infrastructure (PKI)
      1. Introduction to PKI
        1. Certificates
        2. Certificate Authority
        3. Certificate Revocation List
        4. Simple Certificate Enrollment Protocol
      2. Enrolling the Cisco ASA to a CA Using SCEP
        1. Generating the RSA Key Pair
        2. Configuring a Trustpoint
      3. Manual (Cut-and-Paste) Enrollment
        1. Configuration for Manual Enrollment
        2. Obtaining the CA Certificate
        3. Generating the ID Certificate Request and Importing the ID Certificate
      4. Configuring CRL Options
      5. Configuring IPSec Site-to-Site Tunnels Using Certificates
      6. Configuring the Cisco ASA to Accept Remote-Access VPN Clients Using Certificates
        1. Enrolling the Cisco VPN Client
        2. Configuring the Cisco ASA
      7. Troubleshooting PKI
        1. Time and Date Mismatch
        2. SCEP Enrollment Problems
        3. CRL Retrieval Problems
      8. Summary
  10. V. Adaptive Security Device Manager
    1. 18. Introduction to ASDM
      1. Setting Up ASDM
        1. Uploading ASDM
        2. Setting Up Cisco ASA
        3. Accessing ASDM
      2. Initial Setup
        1. Startup Wizard
      3. Functional Screens
        1. Configuration Screen
        2. Monitoring Screen
      4. Interface Management
      5. System Clock
      6. Configuration Management
      7. Remote System Management
        1. Telnet
        2. SSH
        3. SSL (ASDM)
      8. System Maintenance
        1. Software Installation
        2. File Management
      9. System Monitoring
        1. System Logging
        2. SNMP
      10. Summary
    2. 19. Firewall Management Using ASDM
      1. Access Control Lists
      2. Address Translation
      3. Routing Protocols
        1. RIP
        2. OSPF
        3. Multicast
      4. AAA
      5. Application Inspection
      6. Security Contexts
      7. Transparent Firewalls
      8. Failover
      9. QoS
      10. Summary
    3. 20. IPS Management Using ASDM
      1. Accessing the IPS Device Management Console from ASDM
      2. Configuring Basic AIP-SSM Settings
        1. Licensing
        2. Verifying Network Settings
        3. Adding Allowed Hosts
        4. Configuring NTP
        5. Adding Users
      3. Advanced IPS Configuration and Monitoring Using ASDM
        1. Disabling and Enabling Signatures
        2. Configuring Blocking
        3. Creating Custom Signatures
        4. Creating Event Action Filters
        5. Installing Signature Updates and Software Service Packs
        6. Configuring Auto-Update
      4. Summary
    4. 21. VPN Management Using ASDM
      1. Site-to-Site VPN Setup Using Preshared Keys
      2. Site-to-Site VPN Setup Using PKI
      3. Cisco Remote-Access IPSec VPN Setup
      4. WebVPN
      5. VPN Monitoring
      6. Summary
    5. 22. Case Studies
      1. Case Study 1: Deploying the Cisco ASA at Branch Offices and Small Businesses
        1. Branch Offices
        2. Small Business Partners
      2. Case Study 2: Large Enterprise Firewall, VPN, and IPS Deployment
        1. Internet Edge and DMZ
        2. Filtering Websites
        3. Remote Access VPN Cluster
        4. Application Inspection
        5. IPS
      3. Case Study 3: Data Center Security with Cisco ASA
      4. Summary