Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL



Network security has always been a challenge for many organizations that cannot deploy separate devices to provide firewall, intrusion prevention, and virtual private network (VPN) services. The Cisco ASA is a high-performance, multifunction security appliance that offers firewall, IPS, network antivirus, and VPN services. The Cisco ASA delivers these features through improved network integration, resiliency, and scalability.

This book is an insider’s guide to planning, implementing, configuring, and troubleshooting the Cisco Adaptive Security Appliances. It delivers expert guidance from senior Cisco network security consulting engineers. It demonstrates how adaptive identification and mitigation services on the Cisco ASA provide a sophisticated network security solution to small, medium, and large organizations. This book brings together expert guidance for virtually every challenge you will face—from building basic network security policies to advanced VPN and IPS implementations.

Who Should Read This Book?

This book serves as a guide for any network professional who manages network security or installs and configures firewalls, VPN devices, or intrusion detection/prevention systems. It encompasses topics from an introductory level to advanced topics on security and VPNs. The requirements of the reader include a basic knowledge of TCP/IP and networking.

How This Book Is Organized

This book has five parts, which provide a Cisco ASA product introduction and then focus on firewall features, intrusion prevention, content security, and VPNs. Each part includes many sample configurations, accompanied by in-depth analyses of design scenarios. Your learning is further enhanced by a discussion of a set of debugs included in each technology. Ground-breaking features, such as SSL VPN and virtual and Layer 2 firewalls, are discussed extensively.

The core chapters, Chapters 2 through 12, cover the following topics:

  • Part I, “Product Overview,” includes the following chapters:

    • Chapter 1, “Introduction to Security Technologies”—This chapter provides an overview of different technologies that are supported by the Cisco ASA and widely used by today’s network security professionals.

    • Chapter 2, “Cisco ASA Product and Solution Overview”—This chapter describes how the Cisco ASA incorporates features from each of these products, integrating comprehensive firewall, intrusion detection and prevention, and VPN technologies in a cost-effective, single-box format. Additionally, it provides a hardware overview of the Cisco ASA, including detailed technical specifications and installation guidelines. It also covers an overview of the Adaptive Inspection and Prevention Security Services Module (AIP-SSM) and Content Security and Control Security Services Module (CSC-SSM).

    • Chapter 3, “Initial Setup and System Maintenance”—A comprehensive list of initial setup tasks and system maintenance procedures is included in this chapter. These tasks and procedures are intended to be used by network professionals who will be installing, configuring, and managing the Cisco ASA.

  • Part II, “Firewall Technology,” includes the following chapters:

    • Chapter 4, “Controlling Network Access”—The Cisco ASA can protect one or more networks from intruders. Connections between these networks can be carefully controlled by advanced firewall capabilities, enabling you to ensure that all traffic from and to the protected networks passes only through the firewall based on the organization’s security policy. This chapter shows you how to implement your organization’s security policy, using the features the Cisco ASA provides.

    • Chapter 5, “IP Routing”—This chapter covers the different routing capabilities of the Cisco ASA.

    • Chapter 6, “Authentication, Authorization, and Accounting (AAA)”—The Cisco ASA supports a wide range of AAA features. This chapter provides guidelines on how to configure AAA services by defining a list of authentication methods applied to various implementations.

    • Chapter 7, “Application Inspection”—The Cisco ASA stateful application inspection helps to secure the use of applications and services in your network. This chapter describes how to use and configure application inspection.

    • Chapter 8, “Virtualization”—The Cisco ASA virtual firewall feature introduces the concept of operating multiple instances of firewalls (contexts) within the same hardware platform. This chapter shows how to configure and troubleshoot each of these security contexts.

    • Chapter 9, “Transparent Firewalls”—This chapter introduces the transparent (Layer 2) firewall model within the Cisco ASA. It explains how users can configure the Cisco ASA in transparent single mode and multiple mode while accommodating their security needs.

    • Chapter 10, “Failover and Redundancy”—This chapter discusses the different redundancy and failover mechanisms that the Cisco ASA provides. It includes not only the overview and configuration, but also detailed troubleshooting procedures.

    • Chapter 11, “Quality of Service”—QoS is a network feature that lets you give priority to certain types of traffic. This chapter covers how to configure and troubleshoot QoS in the Cisco ASA.

  • Part III, “Intrusion Prevention System (IPS) Solutions,” includes the following chapters:

    • Chapter 12, “Configuring and Troubleshooting Intrusion Prevention System (IPS)”—Intrusion detection and prevention systems provide a level of protection beyond the firewall by securing the network against internal and external attacks and threats. This chapter describes the integration of Intrusion Prevention System (IPS) features within the Cisco ASA and expert guidance on how to configure the AIP-SSM IPS software. Troubleshooting scenarios are also included to enhance learning.

    • Chapter 13, “Tuning and Monitoring IPS”—This chapter covers the IPS tuning process, as well as best practices on how to monitor IPS events.

  • Part IV, “Content Security,” includes the following chapters:

    • Chapter 14, “Configuring Cisco Content Security and Control Security Services Module”—The Content Security and Control Security Services Module (CSC-SSM) is used to detect and take action on viruses, worms, Trojans, and other security threats. It supports the inspection of SMTP, POP3, HTTP, and FTP network traffic. This chapter provides configuration and troubleshooting guidelines to successfully deploy the CSC-SSM within your organization.

    • Chapter 15, “Monitoring and Troubleshooting the Cisco Content Security and Control Security Services Module”—This chapter provides best practices and methodologies used while monitoring the CSC-SSM and troubleshooting any problems you may encounter.

  • Part V, “Virtual Private Network (VPN) Solutions,” includes the following chapters:

    • Chapter 16, “Site-to-Site IPSec VPNs”—The Cisco ASA supports IPSec VPN features that enable you to connect networks in different geographic locations. This chapter provides configuration and troubleshooting guidelines to successfully deploy site-to-site IPSec VPNs.

    • Chapter 17, “IPSec Remote-Access VPNs”—This chapter discusses two IPSec remote-access VPN solutions (Cisco IPSec and L2TP over IPSec) that are supported on the Cisco ASA. A large number of sample configurations and troubleshooting scenarios are provided.

    • Chapter 18, “Public Key Infrastructure (PKI)”—This chapter starts by introducing PKI concepts. It then covers the configuration and troubleshooting of PKI in the Cisco ASA.

    • Chapter 19, “Clientless Remote-Access SSL VPNs”—This chapter provides details about the Clientless SSL VPN functionality in Cisco ASA. This chapter covers the Cisco Secure Desktop (CSD) solution in detail and also discusses the Host Scan feature that is used to collect posture information about end-workstations. The dynamic access policy (DAP) feature, its usage, and detailed configuration examples are also provided. To reinforce learning, many different deployment scenarios are presented along with their configurations.

    • Chapter 20, “Client-Based Remote-Access SSL VPNs”—This chapter provides details about the AnyConnect SSL VPN functionality in Cisco ASA.

  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint