Cisco Asa, Pix, and Fwsm Firewall Handbook
, by Hucaby, David
- ISBN: 9781587054570 | 1587054574
- Cover: Paperback
- Copyright: 8/9/2007
The complete guide to the most popular Cisco ASA, PIX, and FWSM firewall security features.
David Hucaby, CCIE No. 4594, is a lead network engineer for the University of Kentucky, where he works with health-care networks based on the Cisco Catalyst, ASA, FWSM, and VPN product lines. He was one of the beta reviewers of the ASA 8.0 operating system software. He has a B.S. and M.S. in electrical engineering from the University of Kentucky. He is the author of three other books from Cisco Press: CCNP BCMSN Official Exam Certification Guide, Cisco Field Manual: Router Configuration, and Cisco Field Manual: Catalyst Switch Configuration.
He lives in Kentucky with his wife, Marci, and two daughters.
| Foreword | p. xxii |
| Introduction xxiii | |
| Firewall Overview 31 | p. 1 |
| Overview of Firewall Operation | p. 4 |
| Initial Checking | p. 5 |
| Xlate Lookup | p. 6 |
| Conn Lookup | p. 7 |
| ACL Lookup | p. 8 |
| Uauth Lookup | p. 8 |
| Inspection Engine | p. 9 |
| Inspection Engines for ICMP, UDP, and TCP 9ICMP Inspection | p. 10 |
| A Case Study in ICMP Inspection | p. 12 |
| UDP Inspection 13TCP Inspection | p. 15 |
| Additional TCP Connection Controls | p. 17 |
| TCP Normalization | p. 18 |
| Other Firewall Operations | p. 19 |
| Hardware and Performance | p. 19 |
| Basic Security Policy Guidelines | p. 21 |
| Further Reading | p. 24 |
| Configuration Fundamentals | p. 27 |
| User Interface | p. 27 |
| User Interface Modes | p. 28 |
| User Interface Features | p. 29 |
| Entering Commands | p. 29 |
| Command Help | p. 31 |
| Command History | p. 32 |
| Searching and Filtering Command Output | p. 32 |
| Terminal Screen Format | p. 34 |
| Firewall Features and Licenses | p. 34 |
| Upgrading a License Activation Key | p. 40 |
| Initial Firewall Configuration | p. 41 |
| Building Connectivity | p. 45 |
| Configuring Interfaces | p. 45 |
| Surveying Firewall Interfaces | p. 46 |
| Configuring Interface Redundancy | p. 48 |
| Basic Interface Configuration | p. 50 |
| Interface Configuration Examples | p. 58 |
| Configuring IPv6 on an Interface | p. 60 |
| Testing IPv6 Connectivity | p. 67 |
| Configuring the ARP Cache | p. 68 |
| Configuring Interface MTU and Fragmentation | p. 70 |
| Configuring an Interface Priority Queue | p. 73 |
| Displaying Information About the Priority Queue | p. 77 |
| Firewall Topology Considerations | p. 77 |
| Securing Trunk Links Connected to Firewalls | p. 79 |
| Bypass Links | p. 81 |
| Configuring Routing | p. 83 |
| Using Routing Information to Prevent IP Address Spoofing | p. 84 |
| Configuring Static Routes | p. 86 |
| Static Route Example | p. 89 |
| Favoring Static Routes Based on Reachability | p. 89 |
| Reachable Static Route Example | p. 92 |
| Configuring RIP to Exchange Routing Information | p. 95 |
| RIP Example | p. 97 |
| Configuring EIGRP to Exchange Routing Information | p. 97 |
| An EIGRP Configuration Example | p. 101 |
| Configuring OSPF to Exchange Routing Information | p. 101 |
| OSPF Routing Scenarios with a Firewall | p. 102 |
| OSPF Used Only on the Inside | p. 102 |
| OSPF Used Only on the Outside | p. 102 |
| OSPF Used on Both Sides of the Firewall (Same Autonomous System) | p. 103 |
| OSPF Used on Both Sides of the Firewall (Different Autonomous Systems) | p. 104 |
| Configuring OSPF | p. 105 |
| Redistributing Routes from Another Source into OSPF | p. 112 |
| OSPF Example | p. 115 |
| DHCP Server Functions | p. 116 |
| Using the Firewall as a DHCP Server | p. 117 |
| DHCP Server Example | p. 120 |
| Updating Dynamic DNS from a DHCP Server | p. 120 |
| Verifying DDNS Operation | p. 123 |
| Relaying DHCP Requests to a DHCP Server | p. 124 |
| DHCP Relay Example | p. 125 |
| Multicast Support | p. 126 |
| Multicast Overview | p. 126 |
| Multicast Addressing | p. 127 |
| Forwarding Multicast Traffic | p. 128 |
| Multicast Trees | p. 128 |
| Reverse Path Forwarding | p. 128 |
| IGMP: Finding Multicast Group Recipients | p. 129 |
| IGMPv1 | p. 129 |
| IGMPv2 | p. 130 |
| PIM: Building a Multicast Distribution Tree | p. 130 |
| PIM Sparse Mode | p. 131 |
| PIM RP Designation | p. 136 |
| Configuring PIM | p. 137 |
| Using a Multicast Boundary to Segregate Domains | p. 142 |
| Filtering PIM Neighbors | p. 143 |
| Filtering Bidirectional PIM Neighbors | p. 144 |
| Configuring Stub Multicast Routing (SMR) | p. 145 |
| Configuring IGMP Operation | p. 147 |
| Stub Multicast Routing Example | p. 150 |
| PIM Multicast Routing Example | p. 151 |
| Verifying IGMP Multicast Operation | p. 151 |
| Verifying PIM Multicast Routing Operation | p. 152 |
| Firewall Management | p. 157 |
| Using Security Contexts to Make Virtual Firewalls | p. 157 |
| Security Context Organization | p. 158 |
| Sharing Context Interfaces | p. 158 |
| Issues | |
| Table of Contents provided by Publisher. All Rights Reserved. |
What is included with this book?
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.
Please wait while the item is added to your bag...
×
Digital License
You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.
More details can be found here.