Forskel mellem versioner af "SNAF 642-524"
Freesoft (diskussion | bidrag) (→Explain the purpose of virtual & transparent firewalls) |
Freesoft (diskussion | bidrag) (→Configure and verify the transparent firewall feature of the Security Appliance using CLI) |
||
| Linje 164: | Linje 164: | ||
==== Configure and verify the transparent firewall feature of the Security Appliance using CLI ==== | ==== Configure and verify the transparent firewall feature of the Security Appliance using CLI ==== | ||
| + | ASA(config)# firewall transparent | ||
==== Configure and verify the virtual firewall feature of the Security Appliance using ASDM ==== | ==== Configure and verify the virtual firewall feature of the Security Appliance using ASDM ==== | ||
Versionen fra 7. jun 2010, 10:32
Indholdsfortegnelse
- 1 SNAF - 642-524 - Securing Networks with ASA Foundation
- 1.1 Configure Security Appliances for secured network connectivity
- 1.2 Configure and verify routing and switching on Security Appliances
- 1.3 Configure and verify Authentication, Authorization, & Accounting services for Security Appliances
- 1.4 Configure and verify Layer 3 & 4 protocol inspection, Modular Policy Framework, and threat detection for Security Appliances
- 1.5 Configure and verify secure connectivity using VPNs
- 1.5.1 Configure and verify remote access VPNs using ASDM
- 1.5.2 Configure and verify IPsec VPN clients with preshared keys using ASDM
- 1.5.3 Configure and verify site-to-site VPNs with preshared keys using ASDM
- 1.5.4 Verify IKE and IPsec using ASDM and CLI
- 1.5.5 Configure and verify clientless SSL VPN using ASDM
- 1.6 Configure and verify active/standby and active/active failover features on Security Appliances
- 1.7 Configure transparent firewall and virtual firewall features on a Security Appliance
- 1.8 Monitor and manage installed Security Appliances
- 1.9 ASA Links
SNAF - 642-524 - Securing Networks with ASA Foundation
ASA version: 8.0.2
ASDM Version: 6.0.2
Configure Security Appliances for secured network connectivity
Configure and verify network and interface settings using ASDM and CLI
Interface Ethernet0/2 no shutdown nameif DMZ security-level 50 ip address 10.10.5.1 255.255.255.0
Sub interface
Fjern nameif fra "over" interface, for fjerne IP kontakt på denne.
Interface Ethernet0/2 no nameif
Interface Ethernet0/2.50 vlan 50 no shutdown description Interface for vlan 50 nameif Vlan50 security-level 50 ip address 10.10.50.1 255.255.255.0
DHCP
dhcpd address 10.10.10.10-10.10.10.20 inside
dhcpd enable inside
dhcpd dns 8.8.8.8 interface inside
Show
sh run nameif interface Ethernet0/0 nameif outside security-level 0
sh inter ip brief Interface IP-Address OK? Method Status Protocol Ethernet0/0 192.168.200.101 YES DHCP up up
Configure and verify NAT globals, statics, NAT exemption, and Identity NAT using ASDM
Static (høj, lav) lav høj netmask tcp [sim. tcp conn] [embryonic connections] udp [sim. udp conn]
Configure and verify access-lists with or without object groups using ASDM
Configure and verify routing and switching on Security Appliances
Describe the routing capabilities of the Security Appliance
ASDM: Conf -> Device Setup -> Routing
- Static
- RIP
- OSPF
- EIRGP
Use ASDM to configure VLANs on a Security Appliance interface
Se subinterface.
Hvis der ikke er nameif på "over" interfacet så er der IP kontakt på den og, med flere sub interfaces der automatisk en .1q trunk.
Use ASDM to configure the passive RIP routing functionality of the Security Appliance
RIP version 2
ASDM:
router rip version 2 passive-interface default
Configure and verify Authentication, Authorization, & Accounting services for Security Appliances
Configure ACS for Security Appliance support
Use ASDM to configure the Security Appliance AAA features
Configure and verify Auth-Proxy (cut-through proxy) using ASDM
Configure and verify Layer 3 & 4 protocol inspection, Modular Policy Framework, and threat detection for Security Appliances
Configure and verify Layer 3 and Layer 4 protocol inspection using ASDM
Configure and verify Modular Policy Framework using ASDM
Use ASDM to configure and verify threat detection
Configure and verify secure connectivity using VPNs
Configure and verify remote access VPNs using ASDM
Verify IKE and IPsec using ASDM and CLI
Configure and verify clientless SSL VPN using ASDM
Configure and verify active/standby and active/active failover features on Security Appliances
Configure and verify active/standby failover using ASDM
Configure and verify active/active failover using ASDM
Configure and verify redundant Interface using ASDM
Conf -> Device Setup -> Interfaces
Add Redundant Interface
Interface redundant1 member-interface Ethernet0/2 member-interface Ethernet0/3 no shutdown description Redundant Interface 1 nameif Redu1 security-level 100 ip address 10.10.5.1 255.255.255.0
Configure transparent firewall and virtual firewall features on a Security Appliance
Explain the purpose of virtual & transparent firewalls
Context: Virtuel firewall Understøtter ikke: VPN, dynamisk routing, .....
Transparent firewall:
Ingen IP på interfaces, kun mgmt ip
Vlan på forskellige vlan, men samme netværk
Ingen router hop, bump in the wire
Kan forware ting som router mode ikke kan, EtherTypes
Configure and verify the transparent firewall feature of the Security Appliance using CLI
ASA(config)# firewall transparent
Configure and verify the virtual firewall feature of the Security Appliance using ASDM
Monitor and manage installed Security Appliances
Update, backup, and restore configurations and software images using ASDM and CLI
Blank conf, åbne for ASDM:
- Name: inside, give IP og netmask
- Sæt tid, hostname, og domæne
- Starte http service
- Tillade hosts ind på http
- Opt: Vælge asdm image
interface Management0/0 nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 hostname ASA domain-name domain.local clock set hh:mm:ss DAY MONTH Year http server enable http 192.168.1.0 255.255.255.0 management asdm image disk0:/asdm-602.bin
Boot image:
boot system disk0:/asa802-k8.bin
Install and verify Licensing using ASDM
ASDM: Configuration > Device Management > System Image/Configuration > Activation Key
1. Få key fra cisco.com ud fra serial no med show version kommando
2. Genstart ASA, for at sikre image i flash er det samme som kørende.
3. Gå til Configuration > Device Management > System Image/Configuration > Activation
Key, skriv key ind med 4 eller 5 blokke med mellemrum i mellem.
4. Tryk på Update Activation Key
5. Genstart ASA for at aktivere key.
Configure and verify Console and SSH/Telnet access
ASDM: Conf -> Device Management -> Management Access -> Command Line (CLI) -> Secure Shell (SSH)
SSH kræver:
- Hostname
- Domain name
- Bruger oprettet
- RSA key
ASDM: Conf -> Device Management -> Users/AAA -> AAA Access -> Authentication
Ud for SSH, sæt hak og vælg LOCAL.
username AdminUser password AdminPass aaa authentication ssh console LOCAL crypto key generate rsa modulus 1024 ssh 192.168.1.0 255.255.255.0 management
ASDM: Conf -> Device Management -> Management Access -> Command Line (CLI) -> Telnet
telnet 192.168.1.0 255.255.255.0 management
Configure and utilize Logging using ASDM
ASDM: Conf -> Device Management -> Logging
-> Event Lists
-> Logging Filters
-> Syslog Servers
ASA Links
ASA CLI Configuration Guide 8.0
https://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b1ee95.shtml
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml
https://supportforums.cisco.com/docs/DOC-1268
http://www.networkstraining.com/ciscoasaebook.php
http://www.networkworld.com/community/node/58537
http://www.iflipr.com/deck/search?query=snaf
https://learningnetwork.cisco.com/docs/DOC-2800
https://learningnetwork.cisco.com/message/11409#11409
http://blog.ine.com/2009/04/19/understanding-modular-policy-framework/
http://oav.net/mirrors/cidr.html
http://www.quia.com/quiz/497859.html?AP_rand=334332925
http://www.ciscopress.com/articles/article.asp?p=24833&seqNum=6
