1 2014 Cisco Systems, Inc. All rights reserved. Cisco Networking Academy, .S.!

Canada
Introd"ction to #irewalls and the
Cisco Ada$tive Sec"rity
A$$liance %ASA&
Mr. Jim Riedmueller
Network Engineer
Janus Research Group, Inc.
dbf IT Training enter, !" #rm$ National Guard
%rofessional Education enter, !"#
2 2014 Cisco Systems, Inc. All rights reserved. Cisco Networking Academy, .S.!Canada
N# R&" ' "ecurit$
N% R&" ' (oice
N# ' N%
Instructor Trainer
Grandfather, Ra)orback *an,
Motorc$cle Enthusiast, !"
#rm$ Retired
'ore a(o"t the S$eaker
) 2014 Cisco Systems, Inc. All rights reserved. Cisco Networking Academy, .S.!Canada
*oals and Agenda
At the end o+ this session, the $artici$ant will
, nderstand what a -#irewall. is
, /e +amiliar with the di++erent ty$es o+ #irewall
, /e +amiliar with the range o+ Cisco #irewalls
, /e +amiliar with the ASA 0000 and 0010 devices
, nderstand the (asic o$erational $rinci$les o+ the ASA
4 2014 Cisco Systems, Inc. All rights reserved. Cisco Networking Academy, .S.!Canada
1e+ining -2he #irewall.
A Firewall is a so+tware3 or
hardware3(ased network
sec"rity system that connects
two or more networks together
and $ermits or restricts the +low
o+ in+ormation (etween the
connected networks according
to a set o+ r"les
0 2014 Cisco Systems, Inc. All rights reserved. Cisco Networking Academy, .S.!Canada
2y$es 4+ #irewalls
,
5acket #iltering #irewall
,
A$$lication 6ayer #irewall
,
State+"l '"ltilayer Ins$ection #irewall
7 2014 Cisco Systems, Inc. All rights reserved. Cisco Networking Academy, .S.!Canada
2he Cisco Ada$tive Sec"rity A$$liance
Provides intelligent threat defense and
secure communications services that stop
attacks before they impact business
continuity. The Cisco ASA !! series
enables organi"ations to lower their
deployment and operations costs while
delivering comprehensive network security
for networks of all si"es#
8 2014 Cisco Systems, Inc. All rights reserved. Cisco Networking Academy, .S.!Canada
ASA 0000
9 2014 Cisco Systems, Inc. All rights reserved. Cisco Networking Academy, .S.!Canada
ASA 0010:
#o"r 10!100
;thernet $orts
10!100 o"t3o+3(and
management $ort
A< $ort
Com$act#lash
+disk,-
2wo S/ 2.0 $orts
5ower s"$$ly
%AC or 1C&
Console
$ort
$The %!& '!& and (! all have the same hardware form factor. They differ in terms of interface capability
)Fast*thernet vs +igabit*thernet, and licensing options
= 2014 Cisco Systems, Inc. All rights reserved. Cisco Networking Academy, .S.!Canada
Sec"rity 6evels and 2ra++ic #low
-4"tside.
Sec"rity 6evel > 0
-Inside.
Sec"rity 6evel > 100
-1'?.
Sec"rity 6evel > 00
10 2014 Cisco Systems, Inc. All rights reserved. Cisco Networking Academy, .S.!Canada
'odes o+ 4$eration
1=2.179.1.0!24
182.17.1.0!24
1=2.179.1.1
182.17.1.1
@o"ted 'ode
10.1.1.0!)0
.1 .2
2rans$arent 'ode
'0!0
10.1.1.1
A6AN 10
;0!1.0
182.17.1.1
A6AN 0
;0!1.=
182.20.1.1
A6AN =
Sharing ;0!0
==.0.0.2
Sharing ;0!0
==.0.0.)
Admin 5C
10.1.1.==!24
A6AN 10
C"st A 5C
182.17.1.==!24
A6AN 0
C"st / 5C
182.20.1.==!24
A6AN =
'"lti3conteBt 'ode
11 2014 Cisco Systems, Inc. All rights reserved. Cisco Networking Academy, .S.!Canada
Active Active
Active
Stand(y Stand(y
Stand(y
Cigh Availa(ility
#ailover
Control
Active
Stand(y
Stand(y Active
Active
Active Stand(y
Stand(y
Active
12 2014 Cisco Systems, Inc. All rights reserved. Cisco Networking Academy, .S.!Canada
@eview
In this session, we haveD
, 1e+ined what a #irewall is and the di++erent ty$es o+
#irewall
, /ecome +amiliar with a $ortion o+ CiscoEs #irewall
$rod"ct $ort+olio
, 1isc"ssed the (asic o$erational $rinci$les o+ the ASA
1) 2014 Cisco Systems, Inc. All rights reserved. Cisco Networking Academy, .S.!Canada
2hank yo"F