book

CCSP SNPA Quick Reference

Name: CCSP SNPA Quick Reference
Author: Brandon James Carroll
ISBN: 9781587057571

by Brandon James Carroll

February 2008

Intermediate to advanced

140 pages

2h 15m

English

Cisco Press

Read now

Unlock full access

Copyright
About the Author
About the Technical Editor
1. Cisco Security Appliance Technology and Features and Families
Overview of the Cisco Security ApplianceProprietary operating systemStateful packet inspectionHow it worksUser-based authenticationProtocol and application inspectionModular Policy FrameworkVirtual private networkingSecurity contexts (virtual firewalls)Stateful failover capabilityTransparent firewallsWeb-based management solutionsCisco ASA Product Line55055510552055405550ASA service modulesAIP SSMCSC SSMFour-Port Gigabit Ethernet SSMCisco PIX Product Line501506E515E525535Cisco PIX and ASA LicensingASA 5505 and 5510 licensingASA 5520, 5540, and 5550 LicensingASA context licensingPIX licensingPIX context licensingSummary
2. Getting Started with Cisco Security Appliance Configurations
Security Appliance CLI ModesGlobal configurationsHostnameEnable passwordSetting up the interfacesIP addressnameifSecurity levelno shutdownBasic routingDefault routeBasic outbound connectivity with NATNATglobalTurning off NAT controlSyslog setupLogging hostLogging consoleLogging bufferlogging trapTime setupThe clock commandConfiguring NTPSummary
3. Inbound Traffic, ACLs, Object Grouping
Requirements for Inbound TrafficStatic NATHow ACLs work on the security applianceConfiguring ACLSApplying ACLs to the interfacesVerifying the ACLEnhancing ACLs with object groupsNetwork object groupsService object groupsProtocol object groupsICMP-type object groupsVerifying object groupsSummary
4. AAA Configurations
AAA OverviewAuthenticationAuthorizationAccountingLocal AAAConfiguring local usersTelnet authenticationSSH authHTTP authEnable authVerifying the LOCAL databaseRemote Authentication Using Cisco Secure Access Control ServerCisco Secure ACSRADIUSTACACS+Configuring a user accountConfiguring the Security Appliance for Remote AAASpecifying the AAA server groupDefine the AAA serverConfiguring AuthorizationAuthorization configuration on the AAA serverDownloadable ACLsConfiguring AccountingViewing accounting on the AAA serverSummaryEnd Notes
5. Switching and Routing on ASA
Security Appliance VLAN CapabilitiesConfiguring subinterfacesSecurity Appliance Routing CapabilitiesStatic routingRIP routingOSPF routingMulticast RoutingStub multicast configurationPIM-SM multicast configurationSummary
6. Protocol Inspections
Understanding Modular Policy FrameworkHow class maps workHow policy maps workHow service policies workThe Default InspectionsConfiguring Protocol InspectionConfiguring the class mapsConfiguring the policy mapApply the service policyClass map typesPolicy map typesPutting it togetherSummary
7. PIX and ASA VPNs
Types of VPNs SupportedPlanning for VPN deploymentConfiguring site-to-site VPNsTest and verifyConfiguring Remote-Access VPNThe Cisco VPN clientTest and verifyWebVPNSummary

8. Understanding Transparent Firewall Mode
Overview of Transparent FirewallsBenefits and limitationsConfiguring transparent firewallsTesting and verifyingSummary
9. Virtual Firewalls
Overview of Virtual FirewallsUses of virtual firewallsContextsThe admin contextThe system configurationClassifying trafficConfiguring virtual firewallsEnabling multiple modeCreating a contextAllocating interfacesConfiguring the config URLChanging into a contextChanging to the systemOther configurations to be aware ofSummary
10. Failover
Modes of OperationFailover requirementsFailover linksPutting it togetherSerial-based active/standby failover configurationActive/standby failover configurationActive/active failover configurationSummary

Content preview from CCSP SNPA Quick Reference

Chapter 8. Understanding Transparent Firewall Mode

Overview of Transparent Firewalls

The major difference to understand between routed and transparent mode firewalls is that when you operate in transparent mode, you are telling the security appliance that it is to act like a bridge. This means it is to be based on MAC addresses. It will no longer separate IP subnets; instead, it will transparently bridge traffic that is allowed by the security policy.

Benefits and limitations

You might wonder what the benefits to this mode of operation are. One benefit is that you can deploy without modifying the existing network. There is no need to change your routing scheme, and there is no need to change default gateways on host machines. You also do not need ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781587057571

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design