Cisco ASA 5505
Getting Started Guide
Software Version 8.0
Getting Started Guide
Software Version 8.0
|
|
Friday
250 Cisco Press ASA 5505 Getting started guide
249 Cisco Press IPSec VPN Design
The definitive design and deployment guide for secure virtual private networks
- Learn about IPSec protocols and Cisco IOS IPSec packet processing
- Understand the differences between IPSec tunnel mode and transport mode
- Evaluate the IPSec features that improve VPN scalability and fault tolerance, such as dead peer detection and control plane keepalives
- Overcome the challenges of working with NAT and PMTUD
- Explore IPSec remote-access features, including extended authentication, mode-configuration, and digital certificates
- Examine the pros and cons of various IPSec connection models such as native IPSec, GRE, and remote access
- Apply fault tolerance methods to IPSec VPN designs
- Employ mechanisms to alleviate the configuration complexity of a large- scale IPSec VPN, including Tunnel End-Point Discovery (TED) and Dynamic Multipoint VPNs (DMVPN)
- Add services to IPSec VPNs, including voice and multicast
- Understand how network-based VPNs operate and how to integrate IPSec VPNs with MPLS VPNs
Among the many functions that networking technologies permit is the ability for organizations to easily and securely communicate with branch offices, mobile users, telecommuters, and business partners. Such connectivity is now vital to maintaining a competitive level of business productivity. Although several technologies exist that can enable interconnectivity among business sites, Internet-based virtual private networks (VPNs) have evolved as the most effective means to link corporate network resources to remote employees, offices, and mobile workers. VPNs provide productivity enhancements, efficient and convenient remote access to network resources, site-to-site connectivity, a high level of security, and tremendous cost savings.
IPSec VPN Design is the first book to present a detailed examination of the design aspects of IPSec protocols that enable secure VPN communication. Divided into three parts, the book provides a solid understanding of design and architectural issues of large-scale, secure VPN solutions. Part I includes a comprehensive introduction to the general architecture of IPSec, including its protocols and Cisco IOS® IPSec implementation details. Part II examines IPSec VPN design principles covering hub-and-spoke, full-mesh, and fault-tolerant designs. This part of the book also covers dynamic configuration models used to simplify IPSec VPN designs. Part III addresses design issues in adding services to an IPSec VPN such as voice and multicast. This part of the book also shows you how to effectively integrate IPSec VPNs with MPLS VPNs.
IPSec VPN Design provides you with the field-tested design and configuration advice to help you deploy an effective and secure VPN solution in any environment.
This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
248 SSL Remote Access VPN
SSL Remote Access VPNs
An introduction to designing and configuring SSL virtual private networks
Jazib Frahim, CCIE® No. 5459
Qiang Huang, CCIE No. 4937
Cisco® SSL VPN solutions (formerly known as Cisco WebVPN solutions) give you a flexible and secure way to extend networking resources to virtually any remote user with access to the Internet and a web browser. Remote access based on SSL VPN delivers secure access to network resources by establishing an encrypted tunnel across the Internet using a broadband (cable or DSL) or ISP dialup connection.
SSL Remote Access VPNs provides you with a basic working knowledge of SSL virtual private networks on Cisco SSL VPN-capable devices. Design guidance is provided to assist you in implementing SSL VPN in existing network infrastructures. This includes examining existing hardware and software to determine whether they are SSL VPN capable, providing design recommendations, and guiding you on setting up the Cisco SSL VPN devices. Common deployment scenarios are covered to assist you in deploying an SSL VPN in your network.
SSL Remote Access VPNs gives you everything you need to know to understand, design, install, configure, and troubleshoot all the components that make up an effective, secure SSL VPN solution.
Jazib Frahim, CCIE® No. 5459, is currently working as a technical leader in the Worldwide Security Services Practice of the Cisco Advanced Services for Network Security. He is responsible for guiding customers in the design and implementation of their networks, with a focus on network security. He holds two CCIEs, one in routing and switching and the other in security.
Qiang Huang, CCIE No. 4937, is a product manager in the Cisco Campus Switch System Technology Group, focusing on driving the security and intelligent services roadmap for market-leading modular Ethernet switching platforms. During his time at Cisco, Qiang has played an important role in a number of technology groups, including the Cisco TAC security and VPN team, where he was responsible for trouble-shooting complicated customer deployments in security and VPN solutions. Qiang has extensive knowledge of security and VPN technologies and experience in real-life customer deployments. Qiang holds CCIE certifications in routing and switching, security, and ISP Dial.
* Understand remote access VPN technologies, such as Point-to-Point Tunneling Protocol (PPTP), Internet Protocol Security (IPsec), Layer 2 Forwarding (L2F), Layer 2 Tunneling (L2TP) over IPsec, and SSL VPN
* Learn about the building blocks of SSL VPN, including cryptographic algorithms and SSL and Transport Layer Security (TLS)
* Evaluate common design best practices for planning and designing an SSL VPN solution
* Gain insight into SSL VPN functionality on Cisco Adaptive Security Appliance (ASA) and Cisco IOS® routers
* Install and configure SSL VPNs on Cisco ASA and Cisco IOS routers
* Manage your SSL VPN deployment using Cisco Security Manager
This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
247 IPSec Virtual Private Networks
What is IPSec? What’s a VPNNetworksinglesecurity. Starting with a primer on the IP protocol suite, the book travels layer by layer through the protocols and the technologies that make VPNs possible. It includes security theory, cryptography, RAS, authentication, IKE, IPSec, encapsulation, keys, and policies. After explaining the technologies and their interrelationships, the book provides sections on implementation and product evaluation. A Technical Guide to IPSec Virtual Private Networks arms information security, network, and system engineers and administrators with the knowledge and the methodologies to design and deploy VPNs in the real world for real companies. point of information that represents hundreds or resources and years of experience with IPSec VPN solutions. It cuts through the complexity surrounding IPSec and the idiosyncrasies of design, implementation, operations, and (VPN) has become one of the most recognized terms in our industry, yet there continuously seems to be different impressions of what VPNs really are and can become.
Thursday
245 Cisco press Firewall Fundamentals
The essential guide to understanding and using firewalls to protect personal computers and your network
- An easy-to-read introduction to the most commonly deployed network security device
- Understand the threats firewalls are designed to protect against
- Learn basic firewall architectures, practical deployment scenarios, and common management and troubleshooting tasks
- Includes configuration, deployment, and management checklists
Increasing reliance on the Internet in both work and home environments has radically increased the vulnerability of computing systems to attack from a wide variety of threats. Firewall technology continues to be the most prevalent form of protection against existing and new threats to computers and networks. A full understanding of what firewalls can do, how they can be deployed to maximum effect, and the differences among firewall types can make the difference between continued network integrity and complete network or computer failure. Firewall Fundamentals introduces readers to firewall concepts and explores various commercial and open source firewall implementations--including Cisco, Linksys, and Linux--allowing network administrators and small office/home office computer users to effectively choose and configure their devices. Firewall Fundamentals is written in clear and easy-to-understand language and helps novice users understand what firewalls are and how and where they are used. It introduces various types of firewalls, first conceptually and then by explaining how different firewall implementations actually work. It also provides numerous implementation examples, demonstrating the use of firewalls in both personal and business-related scenarios, and explains how a firewall should be installed and configured. Additionally, generic firewall troubleshooting methodologies and common management tasks are clearly defined and explained.
243 Cisco ASA Configuration Guide
Cisco ASA Configuration - Networking Professional's Library (2009)
McGraw-Hill Osborne Media | English | 2009-06-05 | ISBN: 0071622691 | 752 pages | PDF | 5.8 MB
"Richard Deal's gift of making difficult technology concepts understandable has remained constant. Whether it is presenting to a room of information technology professionals or writing books, Richard's communication skills are unsurpassed. As information technology professionals we are faced with overcoming challenges every day...Cisco ASA Configuration is a great reference and tool for answering our challenges." --From the Foreword by Steve Marcinek (CCIE 7225), Systems Engineer, Cisco SystemsMcGraw-Hill Osborne Media | English | 2009-06-05 | ISBN: 0071622691 | 752 pages | PDF | 5.8 MB
A hands-on guide to implementing Cisco ASA
Configure and maintain a Cisco ASA platform to meet the requirements of your security policy. Cisco ASA Configuration shows you how to control traffic in the corporate network and protect it from internal and external threats. This comprehensive resource covers the latest features available in Cisco ASA version 8.0, and includes detailed examples of complex configurations and troubleshooting. Implement and manage Cisco's powerful, multifunction network adaptive security appliance with help from this definitive guide.
• Configure Cisco ASA using the command-line interface (CLI) and Adaptive Security Device Manager (ASDM)
• Control traffic through the appliance with access control lists (ACLs) and object groups
• Filter Java, ActiveX, and web content
• Authenticate and authorize connections using Cut-through Proxy (CTP)
• Use Modular Policy Framework (MPF) to configure security appliance features
• Perform protocol and application inspection
• Enable IPSec site-to-site and remote access connections
• Configure WebVPN components for SSL VPN access
• Implement advanced features, including the transparent firewall, security contexts, and failover
• Detect and prevent network attacks
• Prepare and manage the AIP-SSM and CSC-SSM cards
241 PIX Firewall Simulator
PIX Firewall Simulator
240 CCSP CBT Nuggets - IPS 642-533
Think back to one of those spy movies where laser sensors surround a protected area - like where a rare jewel is stored. Even if the crook gets into the building, the alarm still goes off, and they get caught red-handed.
That's what an Intrusion Prevention System does for your network. It creates virtual "trip-lines" to catch threatening traffic. Even if an intruder makes it past your firewall or other network defense systems, the IPS sensor catches them, sounds an alarm, and even blocks their movement through your network.
IPS recognizes and stops most types of attacks. When your IPS identifies an attack's signature, it alerts you that your network could be in danger. It also watches for other danger signals, including unexpected activity from specific computers on the network, or protocols modified to work in non-standard ways. Because every network is different, you can custom configure your IPS to minimize false-positive alarms, while still blocking rogue traffic.
Exam-Pack: 642-533 IPS will show you how to deploy, configure and maintain IPS sensors on your corporate network. This includes using both the GUI and command line administration environments for setting up and maintaining your IPS. You'll even learn how to configure it to manage access lists on all your network devices. This allows you to setup on-the-fly access list configuration on other Cisco devices to block the intruder's IP address from reaching the network.
The 5 video updates include lots of exciting new IPS features, such as Self-Defending Network and Defense in Depth. After completing this IPS video series -- including the updates -- you'll provide your organization with:
236 Cisco Networkers 2009 - Troubleshooting Intrusion Prevention Systems
This session focuses on troubleshooting Cisco Intrusion Prevention System (IPS) software 7.0 on standalone sensors and modules, as well as modules for Cisco Adaptive Security Appliances (ASA) 5500 Series appliances. The session uses command-line and Web-based configuration tools for IPS appliances, like IPS Device Manager (IDM), IPS Manager Express (IME), Adaptive Security Device Manager (ASDM), and Cisco Security Manager. This session is for attendees who configure, maintain, and troubleshoot intrusion protection systems consisting of IPS sensors 6.x and 7.0.
235 Cisco Networkers 2009 - Advanced Concepts Of Dynamic Multipoint VPN
This session covers in detail the concepts of the Dynamic Multipoint VPN (DMVPN) solution. It starts with an overview of basic DMVPN functionality including in-depth descriptions of how Next Hop Resolution Protocol (NHRP) is used in DMVPN hub-and-spoke and dynamic spoke-spoke networks, including DMVPN Phase 2 and Phase 3 functionality and discussion and examples of using DMVPN for Network Virtualization with VRF-lite and 2547oDMVPN. The session also covers how DMVPN interacts with NAT, QoS, MPLS, and dynamic routing. This session is for designers, managers, and troubleshooters of extended corporate DMVPNs and for service providers that are deploying these services for their customers.
 |  |  |  |  |
 |  |  |  |
234 Cisco Networkers 2009 - Troubleshooting Dynamic Multipoint VPN
This session presents a methodical technique for troubleshooting Dynamic Multipoint VPN (DMVPN) networks. The session starts with a short overview of DMVPN functionality and then concentrates on a four-layer troubleshooting methodology. These four layers are IP infrastructure layer (peer connectivity), IPsec encryption layer (IPsec/ISAKMP), GRE/NHRP layer (NHRP), and the VPN layer (IP routing protocols). Explicit troubleshooting examples with solutions are shown that are based on the most common DMVPN design and implementation issues as seen by Cisco Technical Assistance Center (TAC) engineers. This session is for designers, managers, and troubleshooters of extended corporate DMVPNs and for service providers deploying these services.
233 Cisco Networkers 2009 - PKI for Large Scale IPsec
232 Cisco Networkers 2009 - CCVP Mobility Features in CUCM 6 & 7
BRKCRT-1963 - CCVP:Mobility Features in Cisco Unified Communications Manager version 6 and 7. This session discusses Cisco Unified Device Mobility and Cisco Unified Mobility and their implementation in Cisco Unified Communications Manager versions 6 and 7. It describes how Cisco Unified Device Mobility and Cisco Unified Mobility work and how they are implemented. The session discusses how these features interact with different calling privileges implementation models such as the traditional calling search space approach, the line/device calling search space approach, and the corresponding changes in Cisco Unified Communications Manager version 7, for example when using the Local Route Group feature.
231 Cisco Networkers 2009 - Firewall Design and Deployment
This session addresses Cisco firewalls and how they are used to enforce security policy around the network. It includes best practices as part of a case study that illustrates these various techniques in practice and options on how they can be implemented. Common design scenarios are covered for both the ASA firewall appliance and the Cisco Firewall Services Module, including virtualization and transparent (Layer 2) mode. Pros and cons of each design are discussed in depth. Participants should have a working knowledge of TCP/IP and understand general networking and packet flow. This session focuses on the Cisco ASA Adaptive Security Appliance and Firewall Services Module and does not cover any Cisco IOS based firewall solutions.
230 Cisco Networkers 2009 - Advanced IPSec with GET VPN
This session covers the design principles associated with the deployment of Group Encrypted Transport (GET) VPNs. A brief overview covers the protocols (GDOI and COOP) and state machines associated with group members and key servers. Best practices are emphasized for redundancy, scalability, manageability, and network performance. Discussion also covers various deployment scenarios. Knowledge of GET VPN architecture is highly recommended as a prerequisite.
227 CCSP SNAA Quick reference Guide
CCSP SNAA Quick reference Guide
