Anda di halaman 1dari 143

Chapter 10:

Advanced Cisco Adaptive Security


Appliance
CCNA Security v2.0

10.0 Introduction

10.1 ASA Security Device


Manager
10.2 ASA VPN Configuration

10.3 Summary

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Upon completion of this section, you should be able to:


Configure an ASA to provide basic firewall services using ASDM.
Configure an ASA to provide additional firewall services using ASDM wizards.
Configure management settings and services in an ASA using ASDM.
Configure object groups on an ASA.

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Preparing the ASA


5505

Verify Connectivity to
the ASA

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

ASDM Security
Certificate

ASDM Launch
Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

ASDM Security
Warning - 1

ASDM Security
Warning - 2

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Authenticate to Use
ASDM

Smart Call Home


Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

ASDM Device Dashboard Page

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

10

ASDM Firewall Dashboard Page

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

11

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

12

Configuration View

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

13

Monitoring View

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

14

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

15

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

16

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

17

Startup Wizard Starting


Point Window

Startup Wizard Basic


Configuration Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

18

Startup Wizard Interface


Selection Window

Startup Wizard Switch


Port Allocation Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

19

Startup Wizard Interface IP


Address Configuration Window

Startup Wizard DHCP


Server Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

20

Startup Wizard Address


Translation (NAT/PAT) Window

Startup Wizard Administrative


Access Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

21

Startup Wizard Summary Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

22

ASDM VPN Wizards

ASDM Remote
Access VPN
Assistant

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

23

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

24

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

25

Configuration Device Setup Tab

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

26

Configuration Device Management Tab

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

27

Configuring Hostname, Domain


Name, and Enable Password

Configuring a Master
Passphrase

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

28

Configuring Legal Notification

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

29

Configuring Interfaces

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

30

Adding an Outside Interface

Change Switch Port Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

31

Adding an Outside Interface

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

32

Advanced Outside Interface Settings

Updated Interface Page

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

33

Verifying Interfaces

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

34

Enable Switch Ports

Apply
Configuration

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

35

Manually Change
the System Time

Use NTP to Change the


System Time

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

36

Add an NTP Server

Configure an NTP Server

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

37

Apply the Configuration

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

38

Configuring Routing

Configuring a Default
Static Route

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

39

Add or Edit Route Window

2013 Cisco and/or its affiliates. All rights reserved.

Add Static Route Details

Cisco Public

40

Apply the Configuration

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

41

Configure ASDM/HTTPS/Telnet/SSH Access

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

42

Add Device Access Configuration Window

Configure SSH Settings

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

43

DHCP Server Page

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

44

Edit DHCP Server Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

45

Configuring DHCP Server Services

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

46

Verifying DHCP Server Services

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

47

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

48

Network Objects/Groups Page

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

49

Adding a Network Object/Group

Add Network Object Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

50

Add Network Object Group Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

51

Service Objects/Group Page

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

52

Adding a Service Object/Group

Add Service Object Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

53

Add Service Object Group Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

54

ACLs in ASDM

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

55

Add Access Rule Window

2013 Cisco and/or its affiliates. All rights reserved.

Diagramming Access Rules

Cisco Public

56

Add Network Object Window

Creating a Network Object


for Public Addresses

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

57

Creating a Network Object for


Dynamic NAT

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

58

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

59

Static NAT in ASDM

Advanced Static NAT Settings in ASDM

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

60

User Accounts Page

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

61

Add User Account Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

62

AAA Server Groups Page

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

63

Add AAA Server Group Window

2013 Cisco and/or its affiliates. All rights reserved.

Add AAA Server Window

Cisco Public

64

Completed AAA Server Groups Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

65

AAA Access Page

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

66

AAA Access > Authentication Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

67

Service Policy in ASDM

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

68

Configure a Service Policy

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

69

Configure Traffic Classification Criteria

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

70

Configure Actions

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

71

Upon completion of this section, you should be able to:


Explain how the ASA supports site-to-site VPNs.
Configure remote-access VPNs on an ASA.
Configure remote-access VPN support using a clientless SSL VPN.
Configure remote-access VPN support using Cisco AnyConnect.

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

72

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

73

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

74

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

75

Basic ISR Configuration

Configure the ISAKMP Policy

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

76

Configure the IPsec and VPN ACL

Configure and Apply the Crypto Map

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

77

Basic ISR Configuration

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

78

Introduction Window

Peer Device
Identification Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

79

Traffic to Protect
Window

Security Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

80

NAT Exempt Window

Summary Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

81

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

82

Establish the VPN Tunnel Connection to the Remote Network

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

83

Monitoring the VPN Tunnel

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

84

Verify VPN Tunnel Connectivity from the External Host

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

85

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

86

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

87

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

88

Comparing IPsec and SSL

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

89

Remote Access VPN Wizards

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

90

Cisco ASA SSL Remote Access VPN Solutions

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

91

Cisco ASA Clientless SSL VPN Deployment

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

92

Clientless Login Web page

Web Portal Home Page

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

93

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

94

AnyConnect
Connection Window

AnyConnect
Authenticate
Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

95

AnyConnect
Authenticated Window

AnyConnect Statistics
Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

96

Cisco AnyConnect Secure Mobility Client is available on the following


platforms:
iOS
Android
BlackBerry

Windows Mobile

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

97

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

98

ASDM Assistant

Clientless VPN
Wizard

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

99

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

100

Clientless SSL VPN


Introduction Window

SSL VPN Interface


Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

101

User Authentication
Window

Group Policy Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

102

Bookmark List Window

Configure GUI Customization


Objects Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

103

Add Bookmark List


Window

Select Bookmark Type


Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

104

Add Bookmark Window

Revised Add Bookmark List


Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

105

Revised Configure GUI


Customization Objects Window

Revised Bookmark List


Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

106

Summary Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

107

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

108

Security Certificate Window

Logon Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

109

Web Portal Home Page

Web Portal Web Access


Page

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

110

Web Portal File Access Page

Log Out of the Web Portal

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

111

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

112

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

113

ASDM Assistant

Client-Based VPN Wizard

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

114

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

115

AnyConnect VPN Wizard


Introduction Window

Connection Profile
Identification Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

116

VPN Protocols Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

117

Client Images Window

Add AnyConnect
Client Image Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

118

Browse Flash Window

Add AnyConnect
Client Image Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

119

Completed Client Images Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

120

Authentication Methods Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

121

Client Address
Management Window

Add IPv4 Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

122

Completed Client Address


Management Window

Network Name Resolution


Servers Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

123

Completed Network Name Resolution Servers Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

124

NAT Exempt Window

Completed NAT Exempt


Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

125

AnyConnect Client
Deployment

Summary Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

126

AnyConnect Connection Profiles Page

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

127

Verifying the Client-Based Configuration

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

128

Security Certificate Window

Logon Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

129

Cisco AnyConnect VPN Client


Window

Manual Installation Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

130

Run Installer Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

131

Cisco AnyConnect VPN Client Setup Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

132

End-User Agreement Window

User Account Control Security Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

133

Ready to Install AnyConnect Client

Installing the AnyConnect Client

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

134

Complete Cisco AnyConnect VPN Installation

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

135

Start the Cisco AnyConnect VPN


Cisco

2013 Cisco and/or its affiliates. All rights reserved.

Cisco AnyConnect VPN Client


Window

Cisco Public

136

Cisco AnyConnect VPN Connect Window

Certificate Security Warning Window

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

137

Cisco AnyConnect VPN Authentication


Window
Cisco AnyConnect VPN Icon in
System Tray

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

138

Cisco AnyConnect VPN


Client Status

2013 Cisco and/or its affiliates. All rights reserved.

Verifying Connectivity to Internal


Network

Cisco Public

139

AnyConnect SSL
VPN Configuration
settings:
NAT
WebVPN
Group policy
Tunnel group

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

140

Chapter Objectives:
Implement an ASA firewall configuration.
Configure remote-access VPNs on an ASA.

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

141

Thank you.

Remember, there are

helpful tutorials and user


guides available via your
NetSpace home page.
(https://www.netacad.com)

1
2

These resources cover a

variety of topics including


navigation, assessments,
and assignments.
A screenshot has been

provided here highlighting


the tutorials related to
activating exams, managing
assessments, and creating
quizzes.

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

143