Start with 7 free days of training.

Gain instant access to our entire IT training library, free for your first week.
Train anytime on your desktop, tablet, or mobile devices.

Deploying Cisco ASA Firewall Solutions v2.0

Firewalls have come a long way over the years, and the Cisco Adaptive Security Appliance (ASA) firewall has as well. In this "soup-to-dessert" Cisco ASA training course, trainer Keith Barker walks you through the entire process of implementing the ASA on the network, beginning with bootstrapping the ASA so that it will allow basic management, all the way to configuring advanced features such as the new Network Address Translation (NAT, which changed between versions 8.2 and 8.3), redundant interfaces, etherchannel, transparent L2 firewall services, multiple-contexts (virtual firewalls), application layer inspection, failover for high availability (HA), and more. By the time you finish this Cisco ASA training, you'll be able to return to your network with confidence in the care and feeding of the ASA....
Firewalls have come a long way over the years, and the Cisco Adaptive Security Appliance (ASA) firewall has as well. In this "soup-to-dessert" Cisco ASA training course, trainer Keith Barker walks you through the entire process of implementing the ASA on the network, beginning with bootstrapping the ASA so that it will allow basic management, all the way to configuring advanced features such as the new Network Address Translation (NAT, which changed between versions 8.2 and 8.3), redundant interfaces, etherchannel, transparent L2 firewall services, multiple-contexts (virtual firewalls), application layer inspection, failover for high availability (HA), and more. By the time you finish this Cisco ASA training, you'll be able to return to your network with confidence in the care and feeding of the ASA.

This Cisco ASA training course addresses all the objectives for exam 642-618 (Firewall v2), which is part of the Cisco Firewall Specialist, ASA Specialist and CCNP Security certifications. Plus, a GNS3 Nugget covers how to create a complete ASA virtual lab environment, for hands-on practice.

Viewers who have taken the CCNA Security (or has the equivalent knowledge) will get the most out of this course. Exam 642-618 is one of the requirements for ASA Specialist, Firewall Specialist and CCNP Security certifications; pre-requisites for these three certifications include CCNA (RS) and CCNA Security. This Cisco ASA training course is also valuable if you're applying for network/security positions where the employer has ASAs in place and are looking for skilled ASA network technicians and engineers.
 show less
1. Firewall v2.0 Introduction (13 min)
2. Out of the Box (36 min)
3. ASA & ASDM Essentials (54 min)
4. NAT on the ASA, 8.2, 8.3 and beyond (71 min)
5. ACLs on the ASA (56 min)
6. Routing on the ASA (23 min)
7. MPF 101 (54 min)
8. TCP Advanced Options (39 min)
9. Layer 5-7 Advanced Inspection (43 min)
10. Interfaces: Sub, Ether-channel and Redundant (39 min)
11. Transparent Firewall (57 min)
12. AAA on the ASA (47 min)
13. Active/Standby Failover (50 min)
14. Virtual Firewalls (contexts) (51 min)
15. Active/Active Failover (66 min)
16. Botnet Filtering (17 min)
17. Management, Logging, Anti-spoofing and More... (46 min)
18. GNS3 and the ASA (31 min)

Firewall v2.0 Introduction


Hello, and welcome to the ASA Firewall Video Series. I'm Keith Barker, and on behalf of the entire CBT Nuggets family, we'd like to thank you for joining us. We've put together this intro to give you an overview of what to expect from this brand new series.


Let's jump in. Our objective in this video series is really simple. And that's to give you the skills and knowledge you need to not only survive, but to thrive when you've been given the responsibility for setting up or managing an ASA firewall. And I personally would like to apply for the job of being your tour guide and coach as we go through this video series together.


So who exactly is this series for? We created this series for one person, and that is you, my friend. Every Nugget, every piece, every concept, we created as if I was sitting right next to you just having a conversation. Whether we're configuring the 5505 together, or bootstrapping it to get it out of the box and running, or working on a bigger appliance, like the 5540.


Each and every step of the way, I did it as if you were sitting exactly right next to me. And I also understand that everybody comes from different walks of life and different experience levels. I've organized the Nuggets that you and I get to go through together in organized, logical, just makes sense fashion.


For example, let's say somebody comes to us and says, hey, here's an ASA. Set it up. Well, let's say it's the first time we've seen an ASA. What are we going to do? Well that's where we start. You and I are going to take a look at getting an appliance and saying, wow, this has no operating system on the flash.


How do we even get the operating system on the flash? How do we start the process? And then from there, we'll just logically take it one step at a time. The basics of how to work with ASDM, and how the ASA thinks. We're going to get inside of its head so that when it has a problem on our production network, we can think to ourselves, OK.


I understand what it's thinking, why it would do what it does. And we can become better troubleshooters as well. We'll also take a look at NAT. That was huge. With 8.2 to 8.3, there was a significant change with how we implemented NAT. I'll tell you what, I was not a big fan.


I am now. After I learned it, I thought, whoa, check this out. Here's how it works. And I actually deployed it with the new 8.3 and 8.4 code. It's fantastic. So we'll cover both how it used to work, how it works now, and you can love it too. And you can be really good at it as well.


And we'll continue in that same orderly, makes sense, just in time pace all the way through every single one of our Nuggets together. As we go through these together, when we're done with the entire series and we look back on the series, we're going to be amazed with what we know.


For example, we'll know how to do EtherChannel on an interface, if we want to, for fault tolerance and more throughput. We'll be able to make redundant interfaces if we want to. We could do whole boxes with something called failover, both active standby failover, and active active failover, where we have full system redundancy.


We're going to play with virtual firewalls, with something called multiple mode, and with multiple context. And when we're all done, again, the goal is simple, is to make sure that you have the skills and knowledge and comfort level that you need to do extremely well when you're implementing and/or managing an ASA firewall.


In addition to learning all the details regarding the ASA that we've put together in the series, we're also going to have some skills required for some certification, if we are pursuing that. So what I want to do for those interested in certification is give you a little road map of currently where things sit.


This course, which is the Firewall version 2.0, is relevant for this exam here in red-- 642-618, which is Firewall v2.0. How could we use that, or why would we use it? First of all, if you have no interest in certification, this course, from soup to dessert, is perfect for you if you really want to learn the ASA.


That was my first and foremost priority. But I also addressed each and every single objective, the published objectives from Cisco, for this exam, which is 642-618 Firewall v2.0. Now, how could we use that? Well if you're pursuing a certification, here's how it plays out.


If you're pursuing an ASA Specialist, let's focus on that one first. The ASA Specialist, to get that, it requires a CCNA Route/Switch. And when people talk about CCNA without any other things after it, they're referring to the traditional CCNA for routing and switching.


To get that, you can get that in one of two ways. You can get a one exam approach, or the two exam approach. Either way works great. But you do need a CCNA. Why? Because a CCNA for route and switch is required, a prerequisite from Cisco, for the CCNA Security.


Well, Keith, how does that relate to the firewall certification that we're taking a look at? Well, that also happens to be a prerequisite. CCNA Security is a prerequisite for the ASA Specialist. So in order to be an ASA Specialist, you'd have to be a CCNA, you'd have to be a CCNA Security.


You'd have to take this exam, which is our focus point for this course as far as what it's relevant to. And you'd also have to take one additional exam, which is the 642-648 VPN. And so as you look up, the reason I built in this fashion is that everything that's stacked is required.


So the prerequisite for the ASA Specialist is everything within this line. If you want to be a Firewall Specialist, everything in this line is required. So the CCNA Route/Switch, CCNA Security, this exam, and also the Secure exam, version 1.0. Now, if somebody is pursuing, which I hope you are, a CCNP Security, it requires everything below this line.


That means you have to be a CCNA Security, it's a prereq. And a prereq for CCNA Security is CCNA Route/Switch. It requires the exams-- the Firewall exam, the Secure exam, the VPN exam, and the IPS exam to be a CCNP Security. So you can see this guy right here in the middle, the firewall, is the core of everything.


He's required. No matter which path or which option you're choosing. The Firewall v2 Certification exam is there. So I wanted to put this in a nice, logical, visual representation so you can know exactly where you are in your track. Now, for those of you who are thinking, wow, I have no knowledge of networking at all.


I have basic Windows skills, Maybe. Some basic Linux skills, but I really don't know networking at all. How can I start? And the answer to that, my friend, is quite easy. I would recommend-- it's not a prerequisite for CCNA, but if you're just brand new, I would recommend Network +.


It's a CompTIA certification, CBT Nugget testing, great content on that as well. So if you're brand new, say, you know what. I'm not sure about the details of how networks operate, you can start here, and then work your way into CCNA Route/Switch. And then if you wanted to pursue security, go right into the Security CCNA, and then onto Firewall, which we're here in this course.


And then onto your specializations, and then finally CCNP security. It's interesting to note that CCIE for security, which I happen to be one of those, it doesn't have any these prerequisites. So if you want to go get a CCIE in security, all you need to do is take a written exam for it, and then take the practical lab.


One of the tips that I've learned over the years is that, let's say that this is our track, and we're going on to CCMP Security, and eventually maybe even CCIE. We want to make sure that while we're studying a topic, for example, the ASA Firewall, make sure we learn it.


Don't just gloss over pieces. Make sure we really get every piece of it while we're studying it. Put your whole heart into it. And that way, as you proceed and you take that knowledge into your company, you take that knowledge into a job interview, you take that knowledge into production, you'll be a better technician.


You'll be able to better implement the real hardware. You'll be able to troubleshoot it better. And you'll be an overall happier person, because it's not a mystery how this ASA right here is operating. So we've taken a look at exactly who this series is for.


And do you remember exactly who that is? It's Y-O-U, my friend, you. It is for you, the person who is brand new to the ASA. Doesn't know it yet, but needs to know it. Or the person who has one in their network, or multiple ASA firewalls in your network, and simply want to become better at understanding it, configuring it, and troubleshooting it.


We also took a look at Cisco's certification requirements, if you're going that direction, as far as what it takes to become an ASA Specialist, or a Firewall Specialist, or even the CCN piece, all of which are relevant for the content in this series.


And then, I'd like to take a look, just for a moment with you, at some specific things that you and I can do to be successful with this content, and make it really ours. Number one, scheduling time. If we don't have time to take the actual videos and watch them, it's not very likely we're going to learn from them.


So I'd like you to schedule time. What's realistic? What's realistic might be two to three vids a week. And that would be based on your schedule, family, your commitments, your job, everything else. So you want to commit to certain-- because that's measurable.


I love it because it's measurable. So you can then commit to somebody else and say, OK, to a spouse, to a child, you can go up to a website and publicly say, I'm going to watch two to three videos a week. Maybe even pick the days. Last night, I didn't want to exercise.


It was Saturday night. I didn't want to exercise because I was tired. So here's the deal. I'm committed to three days a week of exercising. So I thought to myself, if I don't exercise, I've got a lot of people on Facebook who are going to know that I didn't get my three for the week.


That's my goal. So at 8:30 last night, I'm exercising for a half hour. So I finished and it felt great, but I did it because one, it's good for me. And secondly, I knew I had other people that I had committed to. So put a little bit of pressure on yourself to make sure that you're going to, in measurable terms, watch two or three a week.


Two or three videos. Secondly, I'd like you to take notes. As we go through the concepts together, write out notes. You can use your computer if you want to, type out notes. I find for me, personally, if I write out notes and then read through those later, that's very helpful for me remembering the concepts that I've learned.


I'd also like you to practice everything. Whoa, Keith. What do you mean practice everything? Let me tell you a little story about GNS3. I'm a huge fan of GNS3. It is free. GNS3 is a free tool that we can use to simulate. It's great for practicing. We can't use it for production, but we can use it for practicing.


For many years, ever since the version 7 of the code came out for the ASA-- when it was first brand new, came out with version seven-- there was no really great GNS3 support for it. And that continued all the way to mid-2012. They finally came out with a version of GNS3 and some support from the community that allows version 8.4 to run well on GNS3.


So I had fought it for years. I took out like a half day or a full day a couple times a year previously, and tried to get it working. And interfaces wouldn't come up. And it was frustrating. This feature didn't work, that feature didn't work. But now, 8.4, it works like a champ.


And there's tons of documentation. So I've got a GNS3 Nugget in this video series. If you've already got it running, you probably don't need to go watch it. But if you want to find the components that I use to implement a virtualized environment for practice purposes, check out that video as well.


And I'll just walk you through the resources that I used, including Virtual Box, which also is free, and GNS3 to go ahead and support practicing with 8.4 including ASDM support. So practice everything. So that means you're watching a video, you're watching us configure, for example, maybe it's multiple context mode.


Or together we're configuring network address translation. Or we're doing access control list. Or we're doing modular policy framework, whatever it is. I want you to do it as well along with me. Build the environment in GNS3, and then practice it. Practice, practice, practice everything.


That's the secret to getting really good with the ASA is to practice it and make that knowledge yours. Then teach it to somebody else. Maybe you don't have to teach the graphical user interface to somebody else, like ASDM, but you do you definitely want to make sure you share information with others.


Take a spouse, a loved one, a child, what have you, a co-worker, and say, hey, let me teach you all about application layer inspection and what it does. Let me tell you why FTP doesn't work traditionally if we don't have inspection on it. Let me tell you about ICMP, and whether it's inspected or not by default.


Let me tell you how to set up the stateful failover. Or whatever the topic is, find somebody and explain it to them, because that'll help embed in your mind even better, giving you that deep, deep level of knowledge that you need in today's competitive environment to be very competent with an ASA.


And last but not least, have fun. Every single step of the way, have a blast. I have fun creating every single Nugget that I create. And that's because I'm doing it thinking, hey, I'm going to be teaching this to you. You and I are going through this content together.


It's important. Let's keep it fun and let's keep it real. So not only did I cover all the objectives that are published from Cisco for their certification for this Firewall version 2.0, I've also included a lot of real world, good to know features and functions that you'd also come across on a daily basis as you work in a production network.


So I'm going to keep this intro fairly brief so we can get right into our very first Nugget, and that's taking a brand new ASA, pulling it out of the box, and getting the operating system on it so we can start to use it. I am so looking forward to spending time with you in this video series.


I hope this has been informative for you. And I'd like to thank you for viewing.

Out of the Box

ASA & ASDM Essentials

NAT on the ASA, 8.2, 8.3 and beyond

ACLs on the ASA

Routing on the ASA

MPF 101

TCP Advanced Options

Layer 5-7 Advanced Inspection

Interfaces: Sub, Ether-channel and Redundant

Transparent Firewall

AAA on the ASA

Active/Standby Failover

Virtual Firewalls (contexts)

Active/Active Failover

Botnet Filtering

Management, Logging, Anti-spoofing and More...

GNS3 and the ASA

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
Intermediate 13 hrs 18 videos


Training Features

Practice Exams
These practice tests help you review your knowledge and prepare you for exams.

Virtual Lab
Use a virtual environment to reinforce what you are learning and get hands-on experience.

Offline Training
Our iOS and Android mobile apps offer the ability to download videos and train anytime, anywhere offline.

Accountability Coaching
Develop and maintain a study plan with one-to-one assistance from coaches.

Supplemental Files
Files/materials that supplement the video training.

Speed Control
Play videos at a faster or slower pace.

Included in this course
Pick up where you left off watching a video.

Included in this course
Jot down information to refer back to at a later time.

Closed Captions
Follow what the trainers are saying with ease.
Keith Barker
Nugget trainer since 2012