1 / 14

Cisco ASA 5500 Series Nebojte se jí 

Cisco ASA 5500 Series Nebojte se jí . Tomáš Chott at Cisco tomas.chott @ lsg-global.com. Agenda. Cisco ASA 5500 Series Software Feature Overview Cisco ASA 5500 Series Platforms and Modules Cisco ASDM 6.0 Teleworker Deployment Model Demo Scenario Configuration tasks.

randi
Download Presentation

Cisco ASA 5500 Series Nebojte se jí 

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cisco ASA 5500 Series Nebojte se jí  Tomáš Chott at Cisco tomas.chott@lsg-global.com

  2. Agenda • Cisco ASA 5500 Series Software Feature Overview • Cisco ASA 5500 Series Platforms and Modules • Cisco ASDM 6.0 • Teleworker Deployment Model • Demo Scenario • Configuration tasks

  3. Cisco ASA 5500 Series: Breadth and DepthIndustry First Scalable, Multi-Function, Feature Rich Appliance • Multi-layer packet and traffic analysis • Advanced application and protocol inspection services • Network application controls • Advanced VoIP/multimedia security Firewall with Application Layer Security • Real-time protection from application and OS level attacks • Network-based worm and virus mitigation • Spyware, adware, malware detection and control • On-box event correlation and proactive response IPS and Anti-X Defenses • Flexible user and network based access control services • Stateful packet inspection • Integration with popular authentication sources includingMicrosoft Active Directory, LDAP, Kerberos, and RSA SecurID Access ControlandAuthentication • Threat protected SSL and IPSec VPN services • Zero-touch, automatically updateable IPSec remote access • Flexible clientless and full tunneling client SSL VPN services • QoS/routing-enabled site-to-site VPN SSL and IPSecConnectivity Cisco Intelligent NetworkingServices • Low latency • Diverse topologies • Multicast support • Services virtualization • Network segmentation & partitioning • Routing, resiliency, load-balancing

  4. Teleworker / Branch Office /SMB SMB and SME MediumEnterprise LargeEnterprise Target Market Enterprise Performance Max Firewall Max Firewall + IPS Max IPSec VPN Max IPSec/SSL VPN Peers 150 Mbps Future 100 Mbps 25/25 300 Mbps 300 Mbps 170 Mbps 250/250 450 Mbps 375 Mbps 225 Mbps 750/750 650 Mbps 450 Mbps 325 Mbps 5000/2500 1.2 Gbps N/A 425 Mbps 5000/5000 Platform Capabilities Max Firewall Conns Max Conns/Second Packets/Second (64 byte) Base I/O VLANs Supported HA Supported 10,000/25,0003,00085,000 8-port FE switch3/20 (trunk)Stateless A/S (Sec Plus) 50,000/130,0006,000 190,0005 FE50/100A/A and A/S (Sec Plus) 280,0009,000 320,0004 GE + 1 FE150A/A and A/S 400,00020,000 500,0004 GE + 1 FE200 A/A and A/S 650,00028,000 600,0008 GE + 1 FE250 A/A and A/S Cisco ASA 5500 Series Product LineupSolutions Ranging from SMB to Large Enterprise Cisco ASA 5505 Cisco ASA 5510 Cisco ASA 5520 Cisco ASA 5540 Cisco ASA 5550

  5. IPS Security Services Module (AIP SSM) • Provides full-featured IPS and IDS services for protection of critical network assets • Available in two models: SSM-10 and SSM-20 • Delivers up to 450 Mbps of IPS throughput • Has thumbscrews for easy insertion/removal • 10/100/1000 out-of-band management port • Supported on ASA 5510, 5520, and 5540 Anti-X Security Services Module (CSC SSM) • Provides full-featured Anti-X services (anti-virus, anti-spyware, anti-spam, anti-phishing, URL filtering, and more) • Available in two models SSM-10 and SSM-20 • Anti-virus and anti-spyware services licensed by number of users, others optional add-on • Supported on ASA 5510, 5520, and 5540 4-Port GE Services Module (4GE SSM) • I/O module offers four copper 10/100/1000 ports in addition to four SFP ports for improved flexibility and network segmentation • Customers can use up-to four ports total out of these eight ports, with the ability to mix and match copper and optical GE ports • Supported on ASA 5510, 5520, and 5540 Wide-Range of Cisco ASA 5500 SeriesSecurity Service Modules (SSMs)

  6. Cisco Adaptive Security Device Manager v6.0Introduces a Wealth of New Features and Usability Enhancements • Fresh new interface provides easy access to all services offered by ASA • Security Dashboards • Packet Tracer • Packet Capture • Provides live ACL hitcount in firewall rule table for easy policy auditing • Real-Time Syslog Viewer • Syslog to ACL correlation features • New Wizards

  7. Typické požadavky zákazníka • Překlad adres - NAT • Kontrola provozu na L2-L7 • Podpora dynamických aplikací • Připojení poboček • Remote Access VPN • Web VPN (SSL VPN) • Ochrana proti hrozbám z internetu

  8. Home VLAN Teleworker Deployment ModelEasy to Install ModernNetworking Services Business VLAN Internet VLAN • DHCP and Dynamic DNS services • PPPoE support • Backup ISP support (Security Plus) • Secure access to both Home and Internet VLANs • Power Over Ethernet for IP Phones and WiFi Access Points • Secure access for a wide range of applications through the Internet VLAN • DHCP Server Services

  9. ASA poprvé • #Show version • #Show run • #Show flash • #Configure terminal • (config)#Configure factory-default • #Write memory / Write erase • #Reload

  10. Configuration tasks • Povolení pouze autorizovaného přístupu • SSH přístup • Logging • DHCP • Povolení provozu pomocí ACL • NAT • Inspekce provozu • AAA pravidla • Ochrana proti útokům • Monitoring • ...

  11. HTTP server 172.16.1.10 Povolit HTTP,ICMP Povolit HTTP 172.16.1.1 DMZ E0/7 HTTP server Inside E0/1 Outside E0/0 10.0.0.0/24 Internet 10.0.0.1 DHCP Povolit vše, inspekce HTTP, FTP Syslog server Demo scenario VLAN 10 – INSIDE VLAN 20 – OUTSIDE VLAN 30 – DMZ

  12. Externí dema • SSL VPN demo https://vpndemo-external.cisco.com • ASDM demo http://www.cisco.com/go/asdm

  13. Q and A

More Related