Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
33 Cards in this Set
- Front
- Back
ASA Security Device Manager (ASDM) |
a Java-based GUI tool that facilitates the setup, configuration, monitoring, and troubleshooting of Cisco ASAs. |
|
Cisco ASA can be configured and managed using either |
command line interface (CLI) graphical user interface (GUI) ASA Security Device Manager (ASDM) |
|
ASDM is accessed using |
aSecure Socket Layer (SSL) web browser connection to the ASA Web Server. |
|
At a minimum, the ASA requires that a |
management interface be configured. |
|
management interface consists of |
inside logical VLAN interface (VLAN 1) physical Ethernet port other than Ethernet 0/0. |
|
prepare for ASDM access on an ASA 5505, the following must be configured: |
Inside logical VLAN interface - Assign the Layer 3 address and the security level. Ethernet 0/1 physical port - By default it is assigned to VLAN 1, but must be enabled. Enable the ASA Web Server - Disabled by default. Permit access to the ASA Web Server - By default, the ASA operates in a closed policy; therefore, all connections to the HTTP server are denied. |
|
Run Cisco ASDM as a local application |
This provides the Install ASDM Launcher option to connect to the ASA from the host’s desktop using SSL. advantage of doing so is that one application can be used to manage several ASA devices, and an Internet browser is not required to start ASDM. |
|
Run Cisco ASDM as a Java Web Start application |
This provides the Run ASDM option to run the ASDM application. Internet browser is required to establish a connection Not installed on local host(ASDM) The Run Startup Wizardoption can be selected instead. (provides step-by-step initial config) |
|
Intrusion prevention |
Appears only if an IPS module or card is installed. The additional tab displays status information about the IPS software. |
|
Content security |
Appears only if a Content Security and Control Security Services Module (CSC-SSM) is installed in the ASA. displays status information about the CSC-SSM software. |
|
Device Dashboard |
provides a view of important information about the ASA, such as the status of interfaces, the OS version, licensing information, and performance related information. |
|
Firewall Dashboard |
provides security-related information about the traffic that passes through the ASA, such as connection statistics, dropped packets, scan, and SYN attack detection. |
|
All pages include the following elements: |
Menu bar Toolbar (Home, Configuration, Monitoring) Device list button (list other ASA devices) Status bar |
|
The navigation pane of the Configuration view displays the following tabs: |
Device Setup Firewall Remote Access VPN Site-to-Site VPN Device Management |
|
The navigation pane of the Monitoring view displays the following tabs: |
Interfaces VPN Routing Properties Logging |
|
Cisco ASDM offers several wizards to help simplify the configuration of the appliance: |
Startup Wizard VPN Wizards High Availability and Scalability Wizard Unified Communication Wizard ASDM Identity Certificate Wizard Packet Capture Wizard |
|
different types of VPN wizards include: |
Site-to-site VPN Wizard AnyConnect VPN Wizard Clientless SSL VPN Wizard IPsec (IKEv1) Remote Access VPN Wizard |
|
High Availability and Scalability Wizard |
Used to configure failover with high availability and VPN cluster load balancing. |
|
Unified Communication Wizard |
Used to configure the ASA to support the Cisco Unified Communications Proxy feature. |
|
ASDM Identity Certificate Wizard |
When using current Java versions, the ASDM Launcher requires a trusted certificate. |
|
Packet Capture Wizard |
Useful to configure and run captures for troubleshooting errors including validating a NAT policy. |
|
Site-to-Site VPNs |
Create a secure LAN-to-LAN connection. |
|
Remote Access VPNs |
Create a secure single-user-to-LAN connection. |
|
Five tasks must be completed to implement the site-to-site VPN on the ISR: |
Step 1. Configure the ISAKMP policy for IKE Phase 1 Step 2. Configure the IPsec Policy for IKE Phase 2 Step 3. Configure an ACL to define interesting traffic Step 4. Configure a crypto map for the IPsec policy Step 5. Apply the crypto map to the outgoing interface |
|
Simple Configuration |
Uses a pre-shared keyword to use when authenticating with the identified peer. It selects common IKE and ISAKMP security parameters to establish the tunnel. |
|
Customized Configuration |
Uses either a pre-shared key or a digital certificate to authenticate with the identified peer. The IKE and ISAKMP security parameters can also be specifically selected. |
|
two primary remote-access VPN technologies. |
IPsec SSL |
|
SSL is mostly used to protect |
HTTP traffic (HTTPS)
email protocols such as IMAP and POP3. |
|
SSL |
Layer 7 VPN does not require any pre-installed VPN softwar |
|
Client-based SSL VPN requires |
a client, such as the Cisco AnyConnect Secure Mobility Client to be pre-installed on the host three types of bookmarks can be used. |
|
During the establishment phase, the AnyConnect client has the ability perform an |
endpoint posture assessment by identifying the operating system, antivirus, antispyware, and firewall software installed on the host prior to creating a remote access connection to the ASA. |
|
ASDM Assistant |
This feature guides an administrator through the SSL VPN configuration. |
|
VPN wizard |
This is an ASDM wizard that simplifies the SSL VPN configuration. |