All-in-One Next-Generation Firewall, IPS, and VPN Services, Third Edition

Identify, mitigate, and respond to today’s highly-sophisticated network attacks.

Today, network attackers are far more sophisticated, relentless, and dangerous. In response, Cisco ASA: All-in-One Next-Generation Firewall, IPS, and VPN Services has been fully updated to cover the newest techniques and Cisco technologies for maximizing end-to-end security in your environment. Three leading Cisco security experts guide you through every step of creating a complete security plan with Cisco ASA, and then deploying, configuring, operating, and troubleshooting your solution.

Fully updated for today’s newest ASA releases, this edition adds new coverage of ASA 5500-X, ASA 5585-X, ASA Services Module, ASA next-generation firewall services, EtherChannel, Global ACLs, clustering, IPv6 improvements, IKEv2, AnyConnect Secure Mobility VPN clients, and more. The authors explain significant recent licensing changes; introduce enhancements to ASA IPS; and walk you through configuring IPsec, SSL VPN, and NAT/PAT.

You’ll learn how to apply Cisco ASA adaptive identification and mitigation services to systematically strengthen security in network environments of all sizes and types. The authors present up-to-date sample configurations, proven design scenarios, and actual debugs–

all designed to help you make the most of Cisco ASA in your rapidly evolving network.

Table of contents

Chapter 1: Introduction to Security Technologies

Chapter 2: Cisco ASA Product and Solution Overview

Chapter 3: Licensing

Chapter 4: Initial Setup

Chapter 5: System Maintenance

Chapter 6: Cisco ASA Services Module

Chapter 7: Authentication, Authorization, and Accounting (AAA) Services

Chapter 8: Controlling Network Access: The Traditional Way

Chapter 9: Implementing Next-Generation Firewall Services with ASA CX

Chapter 10: Network Address Translation

Chapter 11: IPv6 Support

Chapter 12: IP Routing

Chapter 13: Application Inspection

Chapter 14: Virtualization

Chapter 15: Transparent Firewalls

Chapter 16: High Availability

Chapter 17: Implementing Cisco ASA Intrusion Prevention System (IPS)

Chapter 18: Tuning and Monitoring IPS

Chapter 19: Site-to-Site IPsec VPNs

Chapter 20: IPsec Remote-Access VPNs

Chapter 21: Configuring and Troubleshooting PKI

Chapter 22: Clientless Remote-Access SSL VPNs

Chapter 23: Client-Based Remote-Access SSL VPNs

Chapter 24: IP Multicast Routing

Chapter 25: Quality of Service

About the Authors

Jazib Frahim, CCIE® No. 5459 (Routing and Switching; Security), Principal Engineer in the Global Security Solutions team, guides top-tier Cisco customers in security-focused network design and implementation. He architects, develops, and launches new security services concepts. His books include Cisco SSL VPN Solutions and Cisco Network Admission Control, Volume II: NAC Deployment and Troubleshooting.

Omar Santos, CISSP No. 463598, Cisco Product Security Incident Response Team (PSIRT) technical leader, leads and mentors engineers and incident managers in investigating and resolving vulnerabilities in Cisco products and protecting Cisco customers. Through 18 years in IT and cybersecurity, he has designed, implemented, and supported numerous secure networks for Fortune® 500 companies and the U.S. government. He is also the author of several other books and numerous whitepapers and articles.

Andrew Ossipov, CCIE® No. 18483 and CISSP No. 344324, is a Cisco Technical Marketing Engineer focused on firewalls, intrusion prevention, and data center security. Drawing on more than 16 years in networking, he works to solve complex customer technical problems, architect new features and products, and define future directions for Cisco’s product portfolio. He holds several pending patents.