The Accidental Administrator: Cisco ASA Security Appliance: A Step-by-Step Configuration Guide

The Accidental Administrator: Cisco ASA Security Appliance: A Step-by-Step Configuration Guide

by Don R Crawley


Members save with free shipping everyday! 
See details


There is a newer version of this book, updated for software version 9.x and later. Look for ISBN 978-0983660750. This version is appropriate for software versions 8.3 and 8.4.
The Accidental Administrator: Cisco ASA Step-by-Step Configuration Guide is packed with 56 easy-to-follow hands-on exercises to help you build a working firewall configuration from scratch. It's the most straight-forward approach to learning how to configure the Cisco ASA Security Appliance, filled with practical tips and secrets learned from years of teaching and consulting on the ASA. There is no time wasted on boring theory. The essentials are covered in chapters on installing, backups and restores, remote administration, VPNs, DMZs, usernames, transparent mode, static NAT, port address translation, access lists, DHCP, password recovery, logon banners, AAA (authentication, authorization, and accounting), filtering content, and more. This book is based on software version 8.3(1).

All this information is presented in a straightforward style that you can understand and use right away. The idea is for you to be able to sit down with your ASA and build a working configuration in a matter of minutes. Of course, some of the more advanced configs may take a little longer, but even so, you'll be able to "get it done" in a minimal amount of time!

Product Details

ISBN-13: 9781449596620
Publisher: CreateSpace Publishing
Publication date: 08/03/2010
Pages: 186
Product dimensions: 8.00(w) x 10.00(h) x 0.40(d)

About the Author

DON R. CRAWLEY, Linux+, CCNA Security invested his 35 years of workplace technology experience and 15 years as a technical trainer in the Accidental Administrator book series. He is also author of Skillpath Publications best-selling Windows Wit and Wisdom and is President/Chief Technologist of, the Seattle-based firm specializing in accelerated training for I.T. professionals on Cisco and Linux products, plus workplace skills for I.T. pros.

Table of Contents

Chapter One: Understanding Firewall Fundamentals

Online Companion Resources

What do firewalls do?

Types of Firewalls

Soundthinking point: Are desktop firewalls really necessary?

Classification of Firewalls

Firewall Spectrum

Stateful Inspection

Adaptive Security Algorithm

AAA: Authentication, Authorization, and Accounting

Basics of Encryption including Single Key and PKI

Network Address Translation

An Overview of Cisco Security Appliances

The Cisco ASA 5505 Chassis

Controlling the Appliance from its Serial Cable Console Interface

Password Recovery

Hands-On Exercise 1.1: Password Recovery and Initial Configuration

Erasing the Stored Configuration

Hands-On Exercise 1.2: Removing the Existing Configuration

Understanding VLANs

Understanding the Eight Basic Commands on a Cisco ASA Security Appliance

Hands-On Exercise 1.3: Using the Eight Commands Required to Enable Basic Firewall Functionality

Adaptive Security Device Manager (ASDM)

Hands-On Exercise 1.4: Building a Base Configuration on the ASA Security Appliance

Chapter Two: Backing Up and Restoring Configurations and Software Images

Online Companion Resources

Analyzing the Base Configuration of the Security Appliance

Hands-On Exercise 2.1: Analyzing the Base Configuration and Saving It

Backing Up Your Configuration and Your Software

Hands-On Exercise 2.2: Backing Up and Restoring the Configuration

Hands-On Exercise 2.3: Backing Up and Restoring the Software Image

Upgrading Software Directly from Cisco in the ASDM

Chapter Three: Sending Logging Output to a Syslog Server

Online Companion Resources

Using syslogd with the Security Appliance

Hands-On Exercise 3.1: Sending Logging Output to a Syslog Server

Chapter Four: Remote Management Options

Online Companion Resources

Remote Console Access

Hands-On Exercise 4.1: Telnet and Secure Shell (SSH)

Configuring and Managing Remote Management through ASDM

Chapter Five: Logon Banners and Authentication, Authorization, and Accounting

Online Companion Resources

Configuring Banners

Hands-On Exercise 5.1: Creating Banners on the Security Appliance

Configuring Authentication, Authorization, and Accounting (AAA)

Remote Authentication Technologies

Cisco Secure Access Control Server

Configuring the CiscoSecure ACS

Local database

Hands-On Exercise 5.2: Configuring Usernames and Local Authentication

Configuring ASA Authentication through Active Directory

Configuring the ASA to Authenticate through Active Directory

Hands-On Exercise 5.3: Configuring ASA Authentication through Active Directory

Configuring VPN Authentication through Active Directory

Chapter Six: Configuring the Appliance as a DHCP Server

Online Companion Resources

Configuring DHCP on an ASA Security Appliance

Hands-On Exercise 6.1: Reconfiguring Your DHCP Server

Chapter Seven: Access Control Lists

Online Companion Resources

Understanding Access Control Lists

Rules for Access-Control Lists

soundthinking point: Order of entries in an ACL is important

Types of Access-Control Lists

ACL Syntax

Using Access-Control Lists

Understanding Network Address Translation (NAT)

soundthinking point: Making static NAT work

Chapter Eight: Virtual Private Networking (VPNs)

Online Companion Resources

Understanding the Purpose and Types of Virtual Private Networks

VPN Protocols

Hands-On Exercise 8.1: Site-to-Site VPNs

Troubleshooting VPN Connections

Hands-On Exercise 8.1.3: Wrapping up the Site-to-Site VPN Exercise

Configuring a Site-to-Site VPN Using the GUI-based Wizard

Remote Access VPNs

Hands-On Exercise 8.2: Remote Access VPNs

Creating a Web-Based SSL VPN

Hands-On Exercise 8.3: Configuring a Web-Based SSL VPN

Enhancing the Web VPN Portal with Plug-Ins

Installing Plug-Ins on the Security Appliance

Hands-On Exercise 8.4: Installing and Removing Plug-Ins

Configuring an SSL VPN Using AnyConnect

Hands-On Exercise 8.5: Configuring AnyConnect Support

To troubleshoot and test the configuration

Chapter Nine: De-Militarized Zones (DMZs)

Online Companion Resources

Understanding a De-Militarized Zone

Hands-On Exercise 9.1: Configuring a DMZ

Allowing Inside Hosts and Internet Hosts Access to the DMZ Web Server

Port Scanning

Hands-On Exercise 9.2: Analyzing Potential Vulnerabilities with Port Scanning

Chapter Ten: Filtering Content

Online Companion Resources

Options for Filtering Content

Hands-On Exercise 10.1: Filtering Dynamic Content

Chapter Eleven: Configuring Transparent Mode

Online Companion Resources

Understanding Transparent Mode

Hands-On Exercise 11.1: Viewing and Changing the Mode


Appendix One: Security Fundamentals

Policies and Procedures

Internal network

Server hardening

Firewall on host

Virus protection

Intrusion prevention

Patch management

Data security

Application and Data

Appendix Two: Understanding Security Contexts

Appendix Three: The Tools of the Book

Customer Reviews