Atjaunināt sīkdatņu piekrišanu

Cisco ASA Configuration [Mīkstie vāki]

3.50/5 (38 ratings by Goodreads)
  • Formāts: Paperback / softback, 752 pages, height x width x depth: 229x188x37 mm, weight: 893 g, 100 Illustrations
  • Izdošanas datums: 16-Aug-2009
  • Izdevniecība: Osborne/McGraw-Hill
  • ISBN-10: 0071622691
  • ISBN-13: 9780071622691
Citas grāmatas par šo tēmu:
  • Mīkstie vāki
  • Cena: 71,61 €
  • Grāmatu piegādes laiks ir 3-4 nedēļas, ja grāmata ir uz vietas izdevniecības noliktavā. Ja izdevējam nepieciešams publicēt jaunu tirāžu, grāmatas piegāde var aizkavēties.
  • Daudzums:
  • Ielikt grozā
  • Piegādes laiks - 4-6 nedēļas
  • Pievienot vēlmju sarakstam
Cisco ASA ConfigurationPalielināt
  • Formāts: Paperback / softback, 752 pages, height x width x depth: 229x188x37 mm, weight: 893 g, 100 Illustrations
  • Izdošanas datums: 16-Aug-2009
  • Izdevniecība: Osborne/McGraw-Hill
  • ISBN-10: 0071622691
  • ISBN-13: 9780071622691
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9780071622691.html
Keywords:
Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.











A hands-on guide to implementing Cisco ASA

Configure and maintain a Cisco ASA platform to meet the requirements of your security policy. Cisco ASA Configuration shows you how to control traffic in the corporate network and protect it from internal and external threats. This comprehensive resource covers the latest features available in Cisco ASA version 8.0, and includes detailed examples of complex configurations and troubleshooting. Implement and manage Cisco's powerful, multifunction network adaptive security appliance with help from this definitive guide.





Configure Cisco ASA using the command-line interface (CLI) and Adaptive Security Device Manager (ASDM)

Control traffic through the appliance with access control lists (ACLs) and object groups Filter Java, ActiveX, and web content Authenticate and authorize connections using Cut-through Proxy (CTP) Use Modular Policy Framework (MPF) to configure security appliance features

Perform protocol and application inspection Enable IPSec site-to-site and remote access connections Configure WebVPN components for SSL VPN access Implement advanced features, including the transparent firewall, security contexts, and failover Detect and prevent network attacks

Prepare and manage the AIP-SSM and CSC-SSM cards
Foreword xxiii
Preface xxv
Acknowledgments xxvii
Introduction xxix
Part I Introduction to ASA Security Appliances and Basic Configuration Tasks
ASA Product Family
3(30)
ASA Features
4(19)
Operating System
5(2)
Security Algorithm
7(8)
Redundancy
15(3)
Advanced Features of the Operating System
18(5)
ASA Hardware
23(10)
ASA Models
23(5)
Hardware Modules
28(2)
Licensing
30(3)
CLI Basics
33(12)
Access to the Appliance
34(2)
Console Access
34(1)
Other Access Methods
35(1)
CLI
36(9)
ASA Bootup Sequence
36(2)
CLI Modes
38(3)
ASA and Router IOS CLI Comparison
41(4)
Basic ASA Configuration
45(30)
Setup Script
46(2)
Basic Management Commands
48(4)
Viewing Configurations
48(1)
Copy Commands
49(2)
Write Commands
51(1)
Clear Commands
51(1)
Basic Configuration Commands
52(13)
Host and Domain Names
52(1)
Device Names
53(1)
Passwords
53(1)
Login Banner
54(1)
Interfaces
55(7)
Dynamic Addressing
62(3)
Management
65(5)
Remote Access
65(3)
Connectivity Testing
68(2)
Hardware and Software Information
70(3)
Version Information
71(1)
Memory Usage
72(1)
CPU Utilization
72(1)
ASA Configuration Example
73(2)
Routing and Multicasting
75(30)
Routing Features
76(19)
Routing Recommendations
76(1)
Administrative Distance
76(1)
Static Routes
77(5)
RIP
82(2)
OSPF
84(7)
EIGRP
91(4)
Multicast Features
95(10)
Multicast Traffic and the Appliances
95(1)
Multicast Usage
96(1)
Stub Multicast Routing
96(4)
PIM Multicast Routing
100(5)
Part II Controlling Traffic Through the ASA
Address Translation
105(46)
Protocol Overview
106(7)
TCP Overview
106(2)
UDP Overview
108(1)
ICMP Overview
109(1)
Other Protocols
110(1)
Protocol and Application Issues
110(3)
Translations and Connections
113(6)
Connections
113(2)
Translations
115(1)
TCP Connection Example
115(4)
Address Translation Overview
119(9)
Private Addresses
119(1)
Needs for Address Translation
120(2)
Examples of Address Translation
122(6)
Address Translation Configuration
128(15)
Requiring Address Translation
128(1)
Configuring Dynamic Address Translation
129(9)
Configuring Static NAT Translation
138(2)
Configuring Static PAT Translation
140(1)
Finding a Matching Translation Policy
141(2)
TCP SYN Flood Attacks
143(1)
The Original TCP Intercept
143(1)
TCP Intercept with SYN Cookies
143(1)
Translation and Connection Verification
144(7)
Viewing Active Translations
144(2)
Viewing Active Connections
146(1)
Viewing Local Host Information
147(1)
Clearing Entries in the Xlate and Conn Tables
148(3)
Access Control
151(38)
Access Control Lists (ACLs)
152(19)
Introduction to ACLs
152(3)
Creating and Activating ACLs
155(5)
ACL Activation
160(1)
ACL Verification
160(1)
ACL Maintenance
161(2)
ACL Configuration Examples
163(8)
Object Groups
171(6)
Advantages of Object Groups
171(1)
Creating Object Groups
171(3)
Examining Your Object Groups
174(1)
Deleting Object Groups
174(1)
Using Object Groups
175(1)
Object Group Configuration Example
176(1)
ICMP Filtering
177(4)
ICMP Traffic Through the Appliances
178(1)
ICMP Traffic Directed at the Appliances
179(2)
Connection Troubleshooting
181(8)
Packet Tracer Feature
181(3)
Packet Capture Feature
184(5)
Web Content
189(18)
Java and ActiveX Filtering
190(2)
Java and ActiveX Issues
190(1)
Java and ActiveX Filtering Solutions
191(1)
Configuring Java Filters
191(1)
Configuring ActiveX Filters
192(1)
Web Content Filtering
192(11)
Web Filtering Process
193(2)
URL Filtering Server
195(5)
URL Filtering Verification
200(2)
URL Filtering Example
202(1)
Web Caching
203(4)
WCCP Process
203(1)
WCCP Configuration
204(1)
WCCP Verification
205(1)
WCCP Configuration Example
206(1)
CTP
207(26)
AAA Overview
208(3)
AAA Components
208(1)
AAA Example
208(1)
AAA Protocols
209(2)
AAA Servers
211(2)
AAA Server Configuration
211(2)
CTP Authentication
213(11)
CTP Overview
214(1)
Appliance Configuration of CTP Authentication
215(7)
Verifying CTP Authentication
222(2)
CTP Authorization
224(6)
CTP Authorization Options
225(1)
Classic Authorization Configuration
226(2)
Downloadable ACL Configuration
228(2)
CTP Accounting
230(3)
Appliance Configuration for Accounting
230(1)
Cisco Secure ACS Reports
231(2)
IPv6
233(14)
IPv6 Overview
234(2)
IPv6 Capabilities of the Appliances
234(1)
IPv6 Limitations of the Appliances
235(1)
IPv6 Interface Configuration
236(2)
Stateless Autoconfiguration
236(1)
Link-Local Address Configuration
237(1)
Global Address Configuration
237(1)
IPv6 Interface Configuration Verification
238(1)
IPv6 Routing
238(1)
IPv6 Neighbors
239(3)
Neighbor Solicitation Messages
240(1)
Router Advertisement Messages
241(1)
IPv6 ACLs
242(5)
IPv6 ACL Configuration
242(2)
IPv6 ACL Example
244(3)
Part III Policy Implementation
Modular Policy Framework
247(30)
MPF Overview
248(4)
MPF Policies
248(1)
Why MPF Is Necessary
249(3)
MPF Components
252(1)
Class Maps
252(8)
Layer 3/4 Class Maps
253(3)
Application Layer Class Maps
256(4)
Policy Maps
260(14)
Layer 3/4 Policy Map
261(10)
Layer 7 Policy Map
271(3)
Service Policies
274(3)
Activating a Layer 3/4 Policy Map
274(1)
Service Policy Verification
275(2)
Protocols and Policies
277(18)
ICMP Inspection Policies
278(2)
ICMP Issues
278(1)
ICMP Inspection Configuration
279(1)
DCE/RPC Inspection Policies
280(1)
DCE/RPC Policy Configuration
280(1)
DCE/RPC Example Configuration
281(1)
Sun RPC Inspection Policies
281(3)
Sun RPC Policy Configuration
282(1)
Sun RPC Example Configuration
283(1)
ILS/LDAP Inspection Policies
284(1)
Mechanics of ILS/LDAP Connections
284(1)
ILS/LDAP Policy Configuration
285(1)
ILS/LDAP Example Configuration
285(1)
NetBIOS Inspection Policies
285(2)
NetBIOS Policy Configuration
286(1)
NetBIOS Example Configuration
286(1)
IPSec Pass-Thru Inspection Policies
287(1)
IPSec Pass-Thru Policy Configuration
287(1)
IPSec Pass-Thru Example Configuration
288(1)
PPTP Inspection Policies
288(1)
PPTP Policy Configuration
289(1)
PPTP Example Configuration
289(1)
XDMCP Inspection Policies
289(6)
Mechanics of XDMCP Connections
290(1)
XDMCP Policy Configuration
291(1)
Established Command Configuration
291(2)
XDMCP Example Configuration
293(2)
Data Applications and Policies
295(32)
DNS Inspection
296(6)
DNS Inspection Features
296(3)
DNS Policy Configuration
299(2)
DNS Example Configuration
301(1)
SMTP and ESMTP Inspection
302(4)
SMTP and ESMTP Inspection Features
302(1)
SMTP and ESMTP Policy Configuration
303(2)
SMTP and ESMTP Example Configuration
305(1)
FTP Inspection
306(6)
FTP Operation
306(3)
FTP Inspection Features
309(1)
FTP Policy Configuration
309(2)
FTP Example Configuration
311(1)
TFTP Inspection
312(1)
TFTP Operation
312(1)
TFTP Policy Configuration
313(1)
HTTP Inspection
313(5)
HTTP Inspection Features
313(1)
HTTP Policy Configuration
314(3)
HTTP Example Configuration
317(1)
Instant Messaging Inspection
318(3)
IM Policy Configuration
318(2)
IM Example Configuration
320(1)
RSH Inspection
321(1)
Mechanics of RSH Connections
321(1)
RSH Policy Configuration
322(1)
SNMP Inspection
322(1)
SNMP Policy Configuration
322(1)
SNMP Example Configuration
323(1)
SQL*Net Inspection
323(4)
Mechanics of SQL*Net Connections
323(2)
SQL*Net Policy Configuration
325(2)
Voice and Policies
327(20)
SIP Inspection
328(7)
SIP Connections and Application Inspection
328(3)
SIP Policy Configuration
331(3)
SIP Example Configuration
334(1)
SCCP Inspection
335(5)
SCCP Connections and Application Inspection
335(2)
SCCP Policy Configuration
337(2)
SCCP Example Configuration
339(1)
CTIQBE Inspection
340(2)
CTIQBE Connections and Application Inspection
340(1)
CTIQBE Policy Configuration
341(1)
MGCP Inspection
342(5)
MGCP Connections and Application Inspection
343(1)
MGCP Policy Configuration
344(1)
MGCP Example Configuration
345(2)
Multimedia and Policies
347(24)
Multimedia Overview
348(1)
Common Problems with Multimedia Applications and Firewalls
348(1)
Firewall Solutions for Multimedia Applications
348(1)
RTSP Inspection
349(6)
RTSP Connections and Application Inspection
350(3)
RTSP Policy Configuration
353(2)
RTSP Example Configuration
355(1)
H.323 Inspection
355(16)
H.323 Overview
356(1)
H.323 Connections and Application Inspection
357(7)
H.323 Policy Configuration
364(2)
H.323 Example Configuration
366(5)
Part IV Virtual Private Networks (VPNs)
IPSec Phase 1
371(24)
IPSec Introduction
372(1)
IPSec Preparations
372(1)
Same Interface Traffic
373(1)
ISAKMP Configuration
373(5)
Global ISAKMP Properties
373(2)
ISAKMP Policies
375(1)
NAT Traversal and IPSec over TCP
375(2)
VPN Traffic and ACLs
377(1)
Tunnel Groups
378(2)
Tunnel Group Creation
378(1)
General Tunnel Group Attributes
379(1)
VPN-Specific Tunnel Group Attributes
380(1)
Certificate Authorities
380(15)
Introducing Certificates
381(1)
Obtaining Certificates
381(11)
Using Certificates
392(3)
IPSec Site-to-Site
395(14)
Site-to-Site Preparation
396(3)
ISAKMP Phase 1 Configuration
397(1)
Tunnel Group Configuration
397(1)
VPN Traffic and Address Translation
398(1)
ISAKMP Phase 2 Configuration
399(5)
Crypto ACLs
400(1)
Transform Sets
400(1)
Connection Lifetimes
401(1)
Crypto Maps
402(2)
Site-to-Site Verification
404(3)
Viewing and Clearing Connections
405(2)
Troubleshooting Connections
407(1)
Site-to-Site Example
407(2)
IPSec Remote Access Server
409(32)
Easy VPN Overview
410(4)
Easy VPN Products
411(1)
Easy VPN Features
412(1)
Easy VPN Connectivity
413(1)
Remote Access Preparation
414(2)
VPN Traffic
415(1)
VPN Traffic and Address Translation
415(1)
Tunnel Limits
415(1)
ISAKMP Phase 1 Configuration
416(14)
ISAKMP Phase 1 Commands
416(1)
Group Policy Configuration
417(8)
Tunnel Group Configuration
425(3)
Auto Update
428(2)
ISAKMP Phase 2 Configuration
430(2)
Dynamic Crypto Maps
430(1)
Static Crypto Maps
431(1)
Remote Access Verification
432(2)
Viewing Remote Access Connections
432(2)
Disconnecting Remote Access Users
434(1)
IPSec Remote Access Server Example
434(2)
VPN Load Balancing
436(5)
Clustering Overview
437(1)
Clustering Configuration
438(1)
Clustering Example
439(2)
IPSec Remote Access Client
441(10)
Connection Modes
442(3)
Client Mode
442(2)
Network Extension Mode
444(1)
Network Extension Plus Mode
445(1)
ASA 5505 Remote Client
445(4)
Hardware Client XAUTH Authentication Methods
445(1)
User Authentication
446(1)
Basic Client Configuration
447(1)
Tunnel Maintenance
448(1)
Easy VPN Configuration Example with a Hardware Remote
449(2)
ASA 5505 Configuration Example
449(1)
Example Easy VPN Server Configuration
449(2)
SSL VPNs: Clientless
451(36)
Introduction to SSL VPNs
452(3)
Connection Modes
453(1)
WebVPN Restrictions
454(1)
Basic WebVPN Configuration
455(5)
Implementing SSL Policies
455(1)
Enabling WebVPN
456(1)
Supporting Both WebVPN and ASDM
456(1)
Performing DNS Lookups
457(1)
Implementing Web Proxying
458(2)
Defining General WebVPN Properties
460(1)
WebVPN Group Policies
460(7)
Configuring Group Policies
460(5)
Overriding Group Policies on a Per-User Basis
465(2)
Tunnel Groups
467(3)
Tunnel Group General Attributes
467(1)
Tunnel Group WebVPN Attributes
468(1)
Group Matching Methods
469(1)
WebVPN Clientless Home Portal
470(5)
Login Screen
471(1)
Home Portal Overview
472(1)
Home Portal Tabs
473(2)
Non-Web Traffic
475(10)
Port Forwarding
476(4)
Web Browser Plug-Ins
480(1)
Smart Tunneling
481(4)
WebVPN Verification and Troubleshooting
485(2)
Show Commands
485(1)
Debug Commands
485(2)
SSL VPNs: AnyConnect Client
487(22)
AnyConnect Client Overview
488(2)
WebVPN Network Clients
488(1)
AnyConnect Client Implementation
489(1)
AnyConnect Client Connections
489(1)
AnyConnect Client Preparation and Installation
490(11)
ASA Preparation for the AnyConnect Client
491(2)
AnyConnect Policies
493(4)
WebVPN Tunnel Groups
497(2)
Client Profiles
499(2)
Managing and Troubleshooting AnyConnect Sessions
501(8)
Connecting to a WebVPN Server
501(3)
Viewing and Managing Connected Users
504(5)
Part V Advanced Features of the ASA
Transparent Firewall
509(14)
Layer 2 Processing of Traffic
510(5)
Routed vs. Transparent Mode
510(1)
Bridges vs. Transparent Mode
511(2)
Supported and Unsupported Features
513(2)
Traffic Flow and ACLs
515(1)
Configuring Transparent Mode
515(3)
Switching to Transparent Mode
516(1)
Management IP Address
516(1)
MAC Address Table and Learning
517(1)
Additional Layer 2 Features
518(2)
Non-IP Traffic and Ether-Type ACLs
518(1)
ARP Inspection
519(1)
Transparent Firewall Example Configuration
520(3)
Contexts
523(18)
Context Overview
524(4)
Licensing
524(1)
Context Uses
524(1)
Context Restrictions
525(1)
Context Implementation
526(1)
Traffic Classification
527(1)
Context Mode
528(7)
Switching to Multiple Mode
528(1)
System Area Configuration
529(1)
Designating the Administrative Context
529(1)
Creating Contexts
530(2)
Managing Resources
532(3)
Context Management
535(1)
Switching Between Contexts
535(1)
Saving Configurations
535(1)
Removing Contexts
536(1)
Context Example
536(5)
Example: Changing to Multiple Mode
537(1)
Example: Setting Up the Interfaces
537(1)
Example: Creating the Contexts
538(1)
Example: Configuring the Admin Context
538(1)
Example: Configuring the ctx Context
539(1)
Example: Saving the Appliance Configuration
540(1)
Failover
541(36)
Failover Introduction
542(3)
Failover Types
542(1)
Failover Requirements
543(2)
Failover Restrictions
545(1)
Software Upgrades
545(1)
Failover Implementations
545(3)
Active/Standby Failover
546(1)
Addressing and Failover
546(1)
Active/Active Failover
547(1)
Failover Cabling
548(3)
Failover Link
548(1)
Stateful Link
549(1)
PIX Cabling
550(1)
ASA Cabling
550(1)
Failover Operation
551(4)
Failover Communications
551(1)
Failover Triggers
552(2)
Switch Connections
554(1)
Active/Standby Configuration
555(11)
Active/Standby: PIXs and the Serial Cable
555(3)
Active/Standby: LBF
558(2)
Active/Standby: Optional Commands
560(1)
Active/Standby: Example Configuration
561(5)
Active/Active Configuration
566(11)
Active/Active: LBF Configuration
566(3)
Active/Active: Optional Commands
569(1)
Active/Active: Example Configuration
570(7)
Network Attack Prevention
577(20)
Threat Detection
578(9)
Basic Threat Detection
578(4)
Scanning Threat Detection
582(2)
Threat Detection Statistics
584(3)
IP Audit
587(3)
IP Audit Signatures
587(3)
IP Audit Configuration
590(1)
Additional Features
590(7)
TCP Normalization
590(3)
Reverse Path Forwarding
593(1)
Fragmentation Limits
594(3)
SSM Cards
597(22)
AIP-SSM Card
598(8)
AIP-SSM Card Modes and Failure Options
598(1)
Traffic and the AIP-SSM Card
599(1)
Traffic Forwarding to the AIP-SSM Card
600(1)
AIP-SSM Basic Configuration
601(5)
CSC-SSM Card
606(6)
Traffic and the CSC Card
606(1)
Forwarding Traffic to the CSC-SSM Card
607(2)
Setting Up the CSC-SSM Card
609(3)
SSM Card Management
612(7)
Verifying an SSM Card Operational Status
612(2)
Hardware Module Commands
614(1)
Re-Imaging an SSM Card
615(4)
Part VI Management of the ASA
Basic Management from the CLI
619(28)
DHCP Services
620(3)
DHCP Server
620(2)
DHCP Relay
622(1)
Remote Management Features
623(7)
Date and Time
623(2)
Logging
625(4)
SNMP
629(1)
File Management
630(5)
Files and Flash
630(1)
OS Upgrades
631(2)
Controlling the Bootup Process
633(1)
License Keys
634(1)
Password Recovery
635(4)
Restricting the Password Recovery Process
635(1)
Performing the PIX Password Recovery Process
636(2)
Performing the ASA Password Recovery Process
638(1)
AAA
639(8)
Restricting CLI Access
639(3)
Command Authorization
642(3)
Management Accounting
645(2)
ASDM
647(56)
ASDM Overview
648(2)
ASDM Requirements
648(1)
ASDM Restrictions
649(1)
ASDM Configuration Preparations
650(1)
Setup Script
650(1)
Basic Configuration Commands
651(1)
ASDM Access
651(3)
Web Browser Access
652(1)
Startup Wizard
653(1)
ASDM Home Screen
654(9)
Menu Items
655(6)
Toolbar Buttons
661(1)
Home Screen Elements
662(1)
ASDM Configuration Screens
663(29)
Device Setup Tab
663(1)
Firewall Tab
664(4)
Remote Access VPN Tab
668(10)
Cisco Secure Desktop
678(12)
Site-to-Site VPN Tab
690(1)
Device Management Tab
691(1)
ASDM Monitoring Screens
692(5)
Interfaces Tab
693(1)
VPN Tab
694(1)
Routing Tab
694(1)
Properties Tab
695(1)
Logging Tab
695(2)
ASDM and Contexts
697(6)
Initial Access and Context Manipulation
698(2)
Failover
700(3)
Index 703
Richard A. Deal operates his own company, The Deal Group Inc., recently relocated to Orlando, FL. He has almost 15 years experience in the computing and networking industry including networking, training, systems administration, and programming. In addition to a BS in Mathematics and Literature from Grove City College, Richard has certifications from Cisco: Cisco instructor, Cisco Certified Network Associate (CCNA), Cisco Certified Design Associate (CCDA), Cisco Certified Network Professional (CCNP), and Cisco Certified Design Professional (CCDP). As a Cisco instructor, Richard teaches 9 different Cisco classes.