Professional Documents
Culture Documents
July, 2012
Bogdan Doinea
Assoc. Technical Manager
CEE&RCIS
Cisco Networking Academy
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
Cisco Confidential
Advanced features
Virtual Firewalling
Transparent/Routed mode
High Availability
Advanced Threat Control (AIP-SSM, AIP-SSC modules)
Identity Firewall
Cisco Confidential
Cisco Confidential
or exploits.
Cisco Confidential
DMZ
Security Level 50
inside
Security Level 100
outside
Security Level 0
E0/2
E0/1
Internet
E0/3
Cisco Confidential
Cisco Confidential
Routed-mode
the ASA is a layer 3 device
all the ASA features and capabilities are active
Transparent-mode
the ASA is a layer 2 device(works with VLANs instead of IP Subnets)
can have a global IP used for remote management
is invisible to any attacker coming from the Internet
Some functionalities are disabled: routing protocols, VPNs, QoS, DHCP
Relay.
Cisco Confidential
A series of LEDs
Speed and link activity LEDs
Power LED
Status LED
Active LED
VPN LED
Security Services Card (SSC) LED
Cisco Confidential
One Security Service Card (SSC) slot for expansion. The slot can be used to
add the Cisco Advanced Inspection and Prevention Security Services Card (AIPSSC).
Cisco Confidential
10
Cisco Confidential
11
Privileged mode
Generaly used for show commands
Global configuration
Used for general configurations (e.g password for priviledged mode, static routes,
banners, hostname configuration etc)
Configuration sub-modes
Used for advanced configurations of specific features (firewall, VPN, routing
protocols etc)
Cisco Confidential
12
ciscoasa>enable 15
Password:
ciscoasa#configure terminal
ciscoasa(config)#interface fa0/1
ciscoasa(config-if)#exit
ciscoasa(config)#exit
ciscoasa#exit
ciscoasa>
Cisco Confidential
13
ciscoasa > ?
enable
exit
login
logout
perfmon
ping
quit
USAGE:
enable [<priv_level>]
DESCRIPTION:
enable
2011 Cisco and/or its affiliates. All rights reserved.
14
First we delete
startup-config
running- config
Flash
RAM
Deleting configurations
Cisco Confidential
15
Then we save!
startup-config
running- config
Flash
RAM
Salvarea configuraiei
Cisco Confidential
16
Cisco Confidential
17
Configuring a hostname
ciscoasa(config)# hostname ipd
ipd(config)#
Cisco Confidential
18
Cisco Confidential
19
DMZ
Security Level 50
inside
Security Level 100
outside
Security Level 0
E0/2
E0/1
Internet
E0/3
Cisco Confidential
20
have L3 connectivity
DMZ
Security Level 50
inside
Security Level 100
outside
Security Level 0
E0/2
E0/1
Internet
E0/3
Cisco Confidential
21
inside
Security Level 100
outside
Security Level 0
E0/2
E0/1
Internet
E0/3
ciscoasa(config)#interface e0/1
ciscoasa(config-if)#nameif DMZ
INFO: Security level for "DMZ" set to 0 by default.
ciscoasa(config-if)#security-level 50
ciscoasa(config-if)#ip address 192.168.2.1 255.255.255.0
ciscoasa(config-if)#no shutdown
Cisco Confidential
22
Cisco Confidential
23
Cisco Confidential
24
Name
outside
inside
dmz
Security
0
100
50
Cisco Confidential
25
Cisco Confidential
26
27
Protocol
up
up
Cisco Confidential
27
Cisco Confidential
28
R1
ASA
e0/0
G0
G1
e0/0
R2
outside
inside
Cisco Confidential
29
Thank you.