-
This training replaces the Cisco Secure Firewall and Cisco ASA VPN - Configuration and Design courses.
-
The more corporate processes are reflected in the IT infrastructure, the more necessary secure network structures and data protection become. Firewalls have become an integral part of modern networks. This course provides solid knowledge of the application and configuration options of the Cisco Secure Firewall ASA, both for use as a firewall and as a VPN gateway. Participants will be able to understand and competently use all relevant firewall functions of the software. The course covers installation and operation on both classic ASA platforms and Firepower devices.
-
Course Contents
-
- Basic configuration and management of the ASA
- Routing
- Access rules and objects
- NAT and PAT
- Inspection/Application Layer Gateway
- Contexts
- Redundancy concepts and clustering
- VPN basics
- Site-to-site VPN
- Remote access VPN
- Troubleshooting tools of the ASA
- Maintenance
The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.
Premium Course Documents
In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.
- High-quality color prints of the ExperTeach documentation
- Exclusive folder in an elegant design
- Document pouch in backpack shape
- Elegant LAMY ballpoint pen
- Practical notepad
The Premium Print Package can be added during the ordering process for € 200,- plus VAT (only for classroom participation).
-
Target Group
-
The course is aimed at networkers who want to get to know the firewall and VPN features of the ASA.
-
Knowledge Prerequisites
-
This course assumes knowledge of the TCP/IP protocol stack and its security risks as well as the basics of switching and routing.
| 1 | Die Grundkonfiguration der ASA |
| 1.1 | ASA als Firewall |
| 1.2 | Firepower-Modellreihen |
| 1.3 | ASA-Software |
| 1.3.1 | FPR4100 und 9300: FXOS und Applikationen |
| 1.3.2 | ASA – Die ersten Schritte im CLI |
| 1.3.3 | Das CLI des FXOS |
| 1.3.4 | Die Konfigurationsdateien |
| 1.4 | Smart Licensing |
| 1.5 | Initiale Konfiguration |
| 1.5.1 | Management-Zugriff |
| 1.6 | Management mit dem ASDM |
| 1.6.1 | Management-Zugriff |
| 1.7 | Das Security-Konzept der ASA |
| 1.8 | Interface-Konfiguration |
| 1.8.1 | Interface-Konfiguration: Desktop-Modelle |
| 1.8.2 | Interface-Konfiguration: Routed Ports |
| 1.8.3 | ASDM – Interface-Konfiguration |
| 1.9 | Die Systemzeit |
| 1.10 | Logging und Debugging |
| 1.11 | SNMP |
| 1.12 | NetFlow |
| 2 | Routing |
| 2.1 | Die Routing-Tabelle |
| 2.1.1 | Routing-Entscheidungen |
| 2.2 | Statische Routen |
| 2.3 | OSPF |
| 2.3.1 | OSPFv3 |
| 3 | Firewalling |
| 3.1 | NAT |
| 3.1.1 | Objects und Object Groups |
| 3.1.2 | Dynamisches Network Object NAT |
| 3.1.3 | Statisches Network Object NAT |
| 3.1.4 | Dynamisches Manual NAT |
| 3.1.5 | Statisches Manual NAT |
| 3.1.6 | NAT und IPv6 |
| 3.1.7 | Abarbeitung der NAT-Regeln |
| 3.1.8 | Die Xlate-Tabelle |
| 3.2 | Troubleshooting |
| 3.2.1 | Packet Tracer |
| 3.2.2 | Packet Capture |
| 3.3 | Access-Listen |
| 3.3.1 | Objects und Object Groups in ACLs |
| 3.3.2 | Time-based Access-Lists |
| 3.3.3 | Access-Listen und IPv6 |
| 3.3.4 | Connections |
| 3.4 | Inspection |
| 3.4.1 | Editieren einer Policy |
| 3.4.2 | Troubleshooting und Monitoring |
| 3.4.3 | Management Policy |
| 3.5 | Paketverarbeitung |
| 3.5.1 | Accelerated Security Path ASP |
| 4 | Contexte und Redundanzkonzepte |
| 4.1 | Contexte |
| 4.1.1 | Der Admin-Context |
| 4.1.2 | Anlegen weiterer Contexte |
| 4.1.3 | Zuteilung von Ressourcen |
| 4.1.4 | Die Sicht im ASDM – Admin-Context |
| 4.1.5 | Zuordnung der Pakete |
| 4.1.6 | Contexte – die Kontrolle |
| 4.2 | Redundanz |
| 4.2.1 | Redundant Interface und Etherchannel |
| 4.2.2 | Active/Standby Failover |
| 4.2.3 | Failover und Lizenzen |
| 4.2.4 | Active/Active Failover |
| 4.2.5 | Firewall Cluster |
| 5 | VPN-Grundlagen |
| 5.1 | VPN-Varianten von Cisco |
| 5.1.1 | Verschiedene Wege bei VPNs |
| 5.2 | Der Secure Client |
| 5.2.1 | Lizenzen |
| 5.3 | Die Struktur von IPsec |
| 5.4 | IPsec – Die Betriebsarten |
| 5.5 | Die IPsec-Protokolle |
| 5.5.1 | ESP: Vertraulichkeit und Integrität |
| 5.5.2 | IPsec und NAT |
| 5.5.3 | Anti Replay – Sequence Number |
| 5.5.4 | Überprüfung des Paketes beim Empfang |
| 5.6 | IKEv2 |
| 5.6.1 | Security Associations |
| 5.6.2 | IKEv2 – der Ablauf |
| 5.6.3 | Die Authentisierung |
| 5.6.4 | Option: Extensible Authentication Protocol |
| 5.6.5 | Option: Remote Access VPN |
| 5.7 | TLS – Transport Layer Security |
| 5.7.1 | Der TLS Verbindungsaufbau |
| 5.7.2 | Sichere Datenübertragung |
| 6 | IPsec Site-to-Site VPNs |
| 6.1 | Site-to-Site VPNs: Das Konzept |
| 6.2 | Konfiguration per Assistent |
| 6.3 | Manuelle Konfiguration |
| 6.3.1 | Connection Profile und Tunnel Group |
| 6.3.2 | Die Group Policy |
| 6.3.3 | Die Crypto Map |
| 6.3.4 | Die IKE Policies |
| 6.3.5 | IKE Parameter |
| 6.3.6 | IPsec Transform Sets |
| 6.3.7 | System Options |
| 6.3.8 | Kontrolle im ASDM |
| 6.3.9 | Kontrolle im CLI |
| 6.3.10 | NAT |
| 6.4 | Kontrolle im CLI |
| 6.4.1 | Debugging |
| 6.5 | Authentisierung mit Zertifikaten |
| 6.5.1 | Stammzertifikat |
| 6.5.2 | Identity Certificate |
| 6.5.3 | Zertifikate und Tunnel Groups |
| 6.5.4 | Konfiguration im CLI |
| 6.6 | Dynamische IP-Adressen |
| 6.6.1 | Die dynamische Crypto Map |
| 6.7 | Virtual Tunnel Interfaces |
| 6.7.1 | VTI: Konfiguration im ASDM |
| 6.7.2 | VTI-Konfiguration im CLI |
| 6.7.3 | VTI: Kontrolle |
| 7 | SSL VPNs |
| 7.1 | SSL VPN: Varianten |
| 7.1.1 | Das Konzept: Vererbung der Rechte |
| 7.1.2 | Grundlegende SSL/TLS-Einstellungen |
| 7.2 | Der Cisco Secure Client |
| 7.2.1 | Anpassung des Secure Client |
| 7.3 | Benutzerauthentisierung per AAA |
| 7.3.1 | 2-Faktor-Authentisierung |
| 7.4 | Konfiguration von RA SSL VPNs |
| 7.4.1 | Das Connection Profile |
| 7.4.2 | Die Group Policy |
| 7.4.3 | Secure Client Image |
| 7.4.4 | Secure Client Profile |
| 7.4.5 | Die Konfiguration im CLI |
| 7.4.6 | Authentisierung mit externem AAA-Server |
| 7.4.7 | Kontrolle auf dem Client |
| 7.4.8 | Kontrolle auf der ASA |
| 7.4.9 | Client-Authentisierung mit Zertifikaten |
| 7.4.10 | Tunnelgruppen und Zertifikate |
| 7.5 | HostScan/Posture und DAP |
| 7.5.1 | Host Scan/Secure Firewall Posture |
| 7.5.2 | Dynamic Access Policies |
| 7.5.3 | ISE Posture |
| 8 | ASA-Maintenance |
| 8.1 | Upgrade der ASA |
| 8.2 | Upgrade der Serien FPR4100 und 9300 |
| 8.2.1 | Interface-Typen |
| 8.2.2 | Konfiguration der Interfaces |
| 8.2.3 | Chassis-Management: FXOS |
| 8.2.4 | Installation der ASA als Logical Device |
| 8.2.5 | Installation der ASA als Logical Device: FCM |
| 8.2.6 | Monitoring |
| 8.2.7 | FPR4100/9300: Software-Update |
| 8.3 | Password und Desaster Recovery |
| 8.3.1 | Password Recovery bei FPR 4100, 9300 |
| 8.4 | Backup und Restore |
| A | Cisco Secure Firewall – Übungen |
| A.1 | Netzwerktopologie |
| A.2 | Interfacekonfiguration |
| A.3 | Administrativer Zugriff |
| A.4 | Statisches Routing |
| A.5 | NAT |
| A.6 | Accesslisten |
| A.7 | Inspections |
| A.8 | Active/Standby Failover |
| A.9 | Site-to-Site VPN mit PSK |
| A.9.1 | Authentisierung mit Zertifikaten |
| A.10 | SSL VPN mit dem Cisco Secure Client |
| A.10.1 | AAA mit externer Authentisierung |
| A.10.2 | Zertifikat auf dem Client |
| A.11 | Contexte und Active/Active Failover (optional) |
| A.12 | Lösungsmöglichkeit für die ACL-Übung |
| A.13 | Lösung für die NAT-Übung |
| A.14 | Lösungmöglichkeit für die Inspection-Übung |
| A.15 | Lösungsmöglichkeit für RA VPN |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.-
This training replaces the Cisco Secure Firewall and Cisco ASA VPN - Configuration and Design courses.
-
The more corporate processes are reflected in the IT infrastructure, the more necessary secure network structures and data protection become. Firewalls have become an integral part of modern networks. This course provides solid knowledge of the application and configuration options of the Cisco Secure Firewall ASA, both for use as a firewall and as a VPN gateway. Participants will be able to understand and competently use all relevant firewall functions of the software. The course covers installation and operation on both classic ASA platforms and Firepower devices.
-
Course Contents
-
- Basic configuration and management of the ASA
- Routing
- Access rules and objects
- NAT and PAT
- Inspection/Application Layer Gateway
- Contexts
- Redundancy concepts and clustering
- VPN basics
- Site-to-site VPN
- Remote access VPN
- Troubleshooting tools of the ASA
- Maintenance
The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.
Premium Course Documents
In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.
- High-quality color prints of the ExperTeach documentation
- Exclusive folder in an elegant design
- Document pouch in backpack shape
- Elegant LAMY ballpoint pen
- Practical notepad
The Premium Print Package can be added during the ordering process for € 200,- plus VAT (only for classroom participation).
-
Target Group
-
The course is aimed at networkers who want to get to know the firewall and VPN features of the ASA.
-
Knowledge Prerequisites
-
This course assumes knowledge of the TCP/IP protocol stack and its security risks as well as the basics of switching and routing.
| 1 | Die Grundkonfiguration der ASA |
| 1.1 | ASA als Firewall |
| 1.2 | Firepower-Modellreihen |
| 1.3 | ASA-Software |
| 1.3.1 | FPR4100 und 9300: FXOS und Applikationen |
| 1.3.2 | ASA – Die ersten Schritte im CLI |
| 1.3.3 | Das CLI des FXOS |
| 1.3.4 | Die Konfigurationsdateien |
| 1.4 | Smart Licensing |
| 1.5 | Initiale Konfiguration |
| 1.5.1 | Management-Zugriff |
| 1.6 | Management mit dem ASDM |
| 1.6.1 | Management-Zugriff |
| 1.7 | Das Security-Konzept der ASA |
| 1.8 | Interface-Konfiguration |
| 1.8.1 | Interface-Konfiguration: Desktop-Modelle |
| 1.8.2 | Interface-Konfiguration: Routed Ports |
| 1.8.3 | ASDM – Interface-Konfiguration |
| 1.9 | Die Systemzeit |
| 1.10 | Logging und Debugging |
| 1.11 | SNMP |
| 1.12 | NetFlow |
| 2 | Routing |
| 2.1 | Die Routing-Tabelle |
| 2.1.1 | Routing-Entscheidungen |
| 2.2 | Statische Routen |
| 2.3 | OSPF |
| 2.3.1 | OSPFv3 |
| 3 | Firewalling |
| 3.1 | NAT |
| 3.1.1 | Objects und Object Groups |
| 3.1.2 | Dynamisches Network Object NAT |
| 3.1.3 | Statisches Network Object NAT |
| 3.1.4 | Dynamisches Manual NAT |
| 3.1.5 | Statisches Manual NAT |
| 3.1.6 | NAT und IPv6 |
| 3.1.7 | Abarbeitung der NAT-Regeln |
| 3.1.8 | Die Xlate-Tabelle |
| 3.2 | Troubleshooting |
| 3.2.1 | Packet Tracer |
| 3.2.2 | Packet Capture |
| 3.3 | Access-Listen |
| 3.3.1 | Objects und Object Groups in ACLs |
| 3.3.2 | Time-based Access-Lists |
| 3.3.3 | Access-Listen und IPv6 |
| 3.3.4 | Connections |
| 3.4 | Inspection |
| 3.4.1 | Editieren einer Policy |
| 3.4.2 | Troubleshooting und Monitoring |
| 3.4.3 | Management Policy |
| 3.5 | Paketverarbeitung |
| 3.5.1 | Accelerated Security Path ASP |
| 4 | Contexte und Redundanzkonzepte |
| 4.1 | Contexte |
| 4.1.1 | Der Admin-Context |
| 4.1.2 | Anlegen weiterer Contexte |
| 4.1.3 | Zuteilung von Ressourcen |
| 4.1.4 | Die Sicht im ASDM – Admin-Context |
| 4.1.5 | Zuordnung der Pakete |
| 4.1.6 | Contexte – die Kontrolle |
| 4.2 | Redundanz |
| 4.2.1 | Redundant Interface und Etherchannel |
| 4.2.2 | Active/Standby Failover |
| 4.2.3 | Failover und Lizenzen |
| 4.2.4 | Active/Active Failover |
| 4.2.5 | Firewall Cluster |
| 5 | VPN-Grundlagen |
| 5.1 | VPN-Varianten von Cisco |
| 5.1.1 | Verschiedene Wege bei VPNs |
| 5.2 | Der Secure Client |
| 5.2.1 | Lizenzen |
| 5.3 | Die Struktur von IPsec |
| 5.4 | IPsec – Die Betriebsarten |
| 5.5 | Die IPsec-Protokolle |
| 5.5.1 | ESP: Vertraulichkeit und Integrität |
| 5.5.2 | IPsec und NAT |
| 5.5.3 | Anti Replay – Sequence Number |
| 5.5.4 | Überprüfung des Paketes beim Empfang |
| 5.6 | IKEv2 |
| 5.6.1 | Security Associations |
| 5.6.2 | IKEv2 – der Ablauf |
| 5.6.3 | Die Authentisierung |
| 5.6.4 | Option: Extensible Authentication Protocol |
| 5.6.5 | Option: Remote Access VPN |
| 5.7 | TLS – Transport Layer Security |
| 5.7.1 | Der TLS Verbindungsaufbau |
| 5.7.2 | Sichere Datenübertragung |
| 6 | IPsec Site-to-Site VPNs |
| 6.1 | Site-to-Site VPNs: Das Konzept |
| 6.2 | Konfiguration per Assistent |
| 6.3 | Manuelle Konfiguration |
| 6.3.1 | Connection Profile und Tunnel Group |
| 6.3.2 | Die Group Policy |
| 6.3.3 | Die Crypto Map |
| 6.3.4 | Die IKE Policies |
| 6.3.5 | IKE Parameter |
| 6.3.6 | IPsec Transform Sets |
| 6.3.7 | System Options |
| 6.3.8 | Kontrolle im ASDM |
| 6.3.9 | Kontrolle im CLI |
| 6.3.10 | NAT |
| 6.4 | Kontrolle im CLI |
| 6.4.1 | Debugging |
| 6.5 | Authentisierung mit Zertifikaten |
| 6.5.1 | Stammzertifikat |
| 6.5.2 | Identity Certificate |
| 6.5.3 | Zertifikate und Tunnel Groups |
| 6.5.4 | Konfiguration im CLI |
| 6.6 | Dynamische IP-Adressen |
| 6.6.1 | Die dynamische Crypto Map |
| 6.7 | Virtual Tunnel Interfaces |
| 6.7.1 | VTI: Konfiguration im ASDM |
| 6.7.2 | VTI-Konfiguration im CLI |
| 6.7.3 | VTI: Kontrolle |
| 7 | SSL VPNs |
| 7.1 | SSL VPN: Varianten |
| 7.1.1 | Das Konzept: Vererbung der Rechte |
| 7.1.2 | Grundlegende SSL/TLS-Einstellungen |
| 7.2 | Der Cisco Secure Client |
| 7.2.1 | Anpassung des Secure Client |
| 7.3 | Benutzerauthentisierung per AAA |
| 7.3.1 | 2-Faktor-Authentisierung |
| 7.4 | Konfiguration von RA SSL VPNs |
| 7.4.1 | Das Connection Profile |
| 7.4.2 | Die Group Policy |
| 7.4.3 | Secure Client Image |
| 7.4.4 | Secure Client Profile |
| 7.4.5 | Die Konfiguration im CLI |
| 7.4.6 | Authentisierung mit externem AAA-Server |
| 7.4.7 | Kontrolle auf dem Client |
| 7.4.8 | Kontrolle auf der ASA |
| 7.4.9 | Client-Authentisierung mit Zertifikaten |
| 7.4.10 | Tunnelgruppen und Zertifikate |
| 7.5 | HostScan/Posture und DAP |
| 7.5.1 | Host Scan/Secure Firewall Posture |
| 7.5.2 | Dynamic Access Policies |
| 7.5.3 | ISE Posture |
| 8 | ASA-Maintenance |
| 8.1 | Upgrade der ASA |
| 8.2 | Upgrade der Serien FPR4100 und 9300 |
| 8.2.1 | Interface-Typen |
| 8.2.2 | Konfiguration der Interfaces |
| 8.2.3 | Chassis-Management: FXOS |
| 8.2.4 | Installation der ASA als Logical Device |
| 8.2.5 | Installation der ASA als Logical Device: FCM |
| 8.2.6 | Monitoring |
| 8.2.7 | FPR4100/9300: Software-Update |
| 8.3 | Password und Desaster Recovery |
| 8.3.1 | Password Recovery bei FPR 4100, 9300 |
| 8.4 | Backup und Restore |
| A | Cisco Secure Firewall – Übungen |
| A.1 | Netzwerktopologie |
| A.2 | Interfacekonfiguration |
| A.3 | Administrativer Zugriff |
| A.4 | Statisches Routing |
| A.5 | NAT |
| A.6 | Accesslisten |
| A.7 | Inspections |
| A.8 | Active/Standby Failover |
| A.9 | Site-to-Site VPN mit PSK |
| A.9.1 | Authentisierung mit Zertifikaten |
| A.10 | SSL VPN mit dem Cisco Secure Client |
| A.10.1 | AAA mit externer Authentisierung |
| A.10.2 | Zertifikat auf dem Client |
| A.11 | Contexte und Active/Active Failover (optional) |
| A.12 | Lösungsmöglichkeit für die ACL-Übung |
| A.13 | Lösung für die NAT-Übung |
| A.14 | Lösungmöglichkeit für die Inspection-Übung |
| A.15 | Lösungsmöglichkeit für RA VPN |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.
Guaranteed date
Guaranteed with the next booking
Hybrid Training
Trainer language German