Book description
Cisco authorized self-study book for CCSP 642-521 foundation learning
Gain proficiency with new features of PIX Firewall version 6.3, including OSPF, 802.1Q VLANs, NAT-T, and more
Learn the ins and outs of the PIX product family and its complete feature set
Use the PIX Device Manager (PDM) 3.0 to configure and manage the PIX Firewall
Use advanced techniques to control traffic on your network using ACLs (access control lists), content filtering, and object groups
Improve security using PIX Firewall attack guards, intrusion detection, and shunning features
Learn about techniques and security considerations for configuring OSPF on PIX Firewall version 6.3
Configure scalable site-to-site and client remote access VPNs using the PIX Firewall version 6.3
Configure high-availability solutions using stateful and LAN-based failover techniques
Use logical interfaces and 802.1Q trunks to scale your PIX Firewall implementation
Master enterprise management and maintenance techniques using CiscoWorks Management Center for Firewalls 1.2 and Auto Update Server 1.1
Configure the PIX Firewall Services Module (FWSM)
The use of firewalls-devices residing at the network perimeter to protect against intrusion-is an essential building block to even the most basic security program. Cisco Systems has continued the support and development of the PIX OS to provide networks top-notch security while maintaining compatibility with the latest standards and protocols. Now offered in many models, the PIX Firewall is perfectly suited to meet the requirements of small offices (501 model), medium to large businesses (506E, 515E, and 525 models), and large enterprise and service provider customers (525 and 535 models and the Firewall Services Module). CCSP Self-Study: Cisco Secure PIX Firewall Advanced (CSPFA), Second Edition, offers in-depth configuration and deployment information for this popular and versatile firewall solution.
CCSP Self-Study: Cisco Secure PIX Firewall Advanced (CSPFA), Second Edition, teaches you the skills needed to configure and operate the PIX Firewall product family. Chapter overviews bring you quickly up to speed and help you get to work right away. Lab exercises and scenario-based solutions allow you to adapt configurations to your network for rapid implementation, helping you make the most of your PIX Firewall. Chapter-ending review questions test your knowledge. PIX Device Manager (PDM) configuration procedures are presented to complement extensive coverage of traditional CLI commands.
Whether you are looking for a reference guide on working with the various PIX Firewall models or seeking a study tool for the CSPFA 642-521 exam, CCSP Self-Study: Cisco Secure PIX Firewall Advanced (CSPFA), Second Edition, supports your effective use of the PIX Firewall.
CCSP Self-Study: Cisco Secure PIX Firewall Advanced (CSPFA), Second Edition, is part of a recommended learning path from Cisco Systems that can include simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.
This volume is in the Certification Self-Study Series offered by Cisco Press. Books in this series provide officially developed training solutions to help networking professionals understand technology implementations and prepare for the Cisco Career Certifications examinations.
Table of contents
- Copyright
- About the Author
- About the Technical Reviewers
- Acknowledgments
- Icons Used in This Book
- Command Syntax Conventions
- Foreword
- Introduction
- I. Introduction and Overview
-
II. Getting Started with Cisco PIX Firewall
- 4. Implementing Cisco PIX Firewall in the Network
-
III. Firewall Configuration Topics
-
5. Getting Started with the Cisco PIX Firewall
- CLI
- Configuring the PIX Firewall
- Examining the PIX Firewall Status
- Time Setting and NTP Support
- ASA Security Levels
- Basic PIX Firewall Configuration
- nat Command
- Syslog Configuration
- DHCP Server Configuration
- PPPoE and the PIX Firewall
- Summary
- Chapter Review Questions
-
Lab Exercise—Get Started with the Cisco PIX Firewall
- Objectives
- Lab Topology
- Task 1—Execute General Commands
- Task 2—Configure PIX Firewall Interfaces
- Task 3—Configure Global Addresses, NAT, and Routing for Inside and Outside Interfaces
- Task 4—Test the Inside and Outside Interface Connectivity
- Task 5—Configure Syslog Output
- Task 6—Configure Syslog Output to a Syslog Server
-
6. Cisco PIX Device Manager
- PDM Overview
- PDM Operational Requirements
- Preparing for PDM
- Using PDM to Configure the PIX Firewall
- Summary
- Chapter Review Questions
-
Lab Exercise—Configure the PIX Firewall with PDM
- Objectives
- Lab Topology
- Task 1—Use the PDM Startup Wizard
- Task 2—Use the PDM Startup Wizard to Configure a Privileged Mode Password
- Task 3—Configure Outbound Access with NAT
- Task 4—Test Connectivity Through the PIX Firewall
- Task 5—Configure and Test Inbound Access
- Task 6—Configure Intrusion Detection
- Task 7—Configure PDM to Monitor Intrusion Detection
-
7. Translations and Connections
- Transport Protocols
- NAT
- Configuring DNS Support
- PAT
- Port Redirection
- Configuring Multiple Interfaces
- Summary
- Chapter Review Questions
-
Lab Exercise—Configure Access Through the PIX Firewall
- Objectives
- Lab Topology
- Task 1—Configure a Conduit to Allow ICMP Through the PIX Firewall
- Task 2—Configure the PIX Firewall to Allow Users on the Inside Interface to Access the Bastion Host
- Task 3—Configure the PIX Firewall to Allow Users on the Outside Interface to Access the Bastion Host
- Task 4—Configure the PIX Firewall to Allow Users on the Outside Interface to Access the Inside Host
- 8. Access Control Lists and Content Filtering
- 9. Object Grouping
- 10. Routing
-
5. Getting Started with the Cisco PIX Firewall
-
IV. Advanced Configuration Topics
- 11. Advanced Protocol Handling
- 12. Attack Guards, Intrusion Detection, and Shunning
-
13. Authentication, Authorization, and Accounting
- AAA Basics
- Cut-Through Proxy Operation
- Supported AAA Servers
- Installation of CSACS for Windows NT
- Authentication Configuration
- Authorization Configuration
- Accounting Configuration
- Troubleshooting AAA Configurations
- Summary
- Chapter Review Questions
-
Lab Exercise—Configure the PIX Firewall with AAA
- Objectives
- Lab Topology
- Task 1—Install the CSACS for a Windows 2000 Server
- Task 2—Add a User to the CSACS Database
- Task 3—Identify the AAA Server and Protocol
- Task 4—Configure and Test Inbound Authentication
- Task 5—Configure and Test Outbound Authentication
- Task 6—Configure and Test Console Access Authentication
- Task 7—Configure and Test Virtual Telnet Authentication
- Task 8—Change and Test Authentication Timeouts and Prompts
- Task 9—Configure ACS to Write Downloadable ACLs During Authentication
- Task 10—Test Downloadable ACLs with Inbound Authentication
- Task 11—Configure and Test Accounting
- 14. Failover
-
V. VPN Configuration
- 15. Virtual Private Networks
-
16. Site-to-Site VPNs
- IPSec Configuration Tasks
- Easy VPN Operation
- VPN Configuration Using PDM
- Creating a Crypto Map
- Case Study: Three-Site Full-Mesh IPSec Tunnels Using Preshared Keys
- Summary
- Chapter Review Questions
- Lab Exercise—Configure Site-to-Site VPNs
-
17. Client Remote Access VPNs
- Cisco VPN Client
- Configuring Remote Access VPNs
- Remote Access VPN Configuration with PDM
- Summary
- Chapter Review Questions
-
Lab Exercise—Remote Access VPNs
- Objectives
- Lab Topology
- Task 1—Configure the PIX Firewall
- Task 2—Create a User in CSACS
- Task 3—Verify Your Configuration
- Task 4—Install the Cisco VPN Client on Host 1
- Task 5—Configure the Cisco VPN Client
- Task 6—Verify the Cisco VPN Client Properties
- Task 7—Launch the Cisco VPN Client
- Task 8—Verify the VPN Connection
- Task 9—Reconfigure Remote Access VPN Connection Using PDM (Optional)
-
VI. PIX System Management
-
18. System Maintenance
- Remote Access
- Command Authorization
- SNMP
- Management Tools
- Activation Keys
- Password Recovery and Image Upgrade
- Summary
- Chapter Review Questions
-
Lab Exercise—System Maintenance
- Objectives
- Lab Topology
- Task 1—Configure Enable-Level Command Authorization with Passwords
- Task 2—Test Enable-Level Command Authorization
- Task 3—Generate an RSA Key Pair for Encrypted SSH Sessions
- Task 4—Establish an SSH Connection to the PIX Firewall
- Task 5—Configure Command Authorization Using the Local User Database
- Task 6—Test Command Authorization Using the Local User Database
- Task 7—Perform a Password Recovery
- Task 8—Upgrade the PIX Firewall Software Image
-
19. PIX Firewall Management in Enterprise Networks
- Introduction to Firewall MC
- Key Features and Concepts
- Installation
- Getting Started
- Navigating the Firewall MC
-
Firewall MC Task Flow
- Task 1—Create a New Activity
- Task 2—Create Device Groups
- Task 3—Import and Manage Devices
- Task 4—Configure Building Blocks
-
Task 5—Configure Settings
- PIX Firewall Version
- Interface Settings
- Static Routes
- Administration: Passwords
- Administration: HTTPS (SSL)
- Administration: SSH
- Administration: Log Setup
- Servers and Services: Easy VPN Remote
- MC Settings: Management
- MC Settings: Import Devices
- MC Settings: Firewall Device Contact Information
- Firewall MC Controls: Configuration Additions
- Task 6—Configure Access and Translation Rules
- Tasks 7 and 8—Generate and View the Configuration and Submit Activity for Approval
- Tasks 9 and 10—Create a Job and Submit the Job for Approval
- Task 11—Deploy a Job
- Reporting, Tools, and Administration
- Summary
- Chapter Review Questions
-
Lab Exercise—Enterprise PIX Firewall Management
- Objectives
- Lab Topology
- Task 1—Install the Firewall MC
- Task 2—Bootstrap the PIX Firewall
- Task 3—Launch the Firewall MC
- Task 4—Open an Activity and Create a Group
- Task 5—Import the PIX Firewall
- Task 6—Configure the Inside and Outside Interfaces
- Task 7—Configure Service Definitions, Service Groups, and Address Translation Pool Building Blocks
- Task 8—Create Translation Rules
- Task 9—Configure the PIX Firewall to Allow HTTP and CiscoWorks Traffic to the Inside Host
- Task 10—Configure a Global Security Policy
- Task 11—Approve an Activity, Create a Job, and Deploy a Job
- Task 12—Test the PIX Firewall Configuration
- 20. PIX Firewall Maintenance in Enterprise Networks
-
18. System Maintenance
-
VII. Special Topics
- 21. Firewall Services Module
- 22. PIX Firewall in SOHO Networks
- VIII. Appendixes
- Inside Front Cover
Product information
- Title: CCSP Self-Study: Cisco Secure PIX Firewall Advanced (CSPFA), Second Edition
- Author(s):
- Release date: January 2004
- Publisher(s): Cisco Press
- ISBN: None
You might also like
book
CCNP Security FIREWALL 642-618 Official Cert Guide
Trust the best selling Official Cert Guide series from Cisco Press to help you learn, prepare, …
book
Securing Cisco IP Telephony Networks
The real-world guide to securing Cisco-based IP telephony applications, devices, and networks Cisco IP telephony leverages …
book
Cisco CCNA Routing and Switching ICND2 200-101 Official Cert Guide
The Publisher regrets that the CD/DVD content for this title cannot be made available Online. Cisco …
book
Cisco Router Configuration Handbook, Second Edition
Fast answers and reliable solutions for all widely-used Cisco router features - all in one time-saving …