Saturday, August 24, 2013

ASA 5505 Firewall Practice

In the interim before studying for CCNP, I have decided to get in some firewall practice. As I stated in earlier posts, I recently purchased a Cisco ASA 5505 with the Security Plus Bundle. As promised, pics are below. Currently the configuration is basic. As I continue to implement the ASA into my network topology as a fully active security appliance, I will post more pics, topologies, and configurations. Right now, it is only firewalling my lab network and our home desktop PC so my Vyatta build remains my Internet gateway/edge and firewall device for my WLAN. Enjoy.

The ASA sits quietly on top of my Vyatta Internet Router/Firewall

I will ultimately want to purchase the rack kit for the 5505.

The black Vyatta box below is starting to accumulate dust...

The ASA is a nice addition and adds some variety to my growing lab.

The ASA 5505 has 8 switchports e0/0 rather than routed interfaces.

I was able to easily add the ASA to my out-of-band Cyclades ACS.

The ASDM for those of us who find [Cisco] firewall CLIs a bit daunting.

The ASDM makes managing ACLs a lot easier for firewall novices.

Other services such as DHCP and NAT are also easily managed in the ASDM.

The ASDM is nice, but the CLI is where all the magic is.

The Security Plus license is the ceiling for an ASA 5505 model.

Using switchports as opposed to routed interfaces means VLANs.





Posted by at No comments:

Tuesday, August 13, 2013

CCNP Study + Firewall

As I recently told a friend, "Half-time is officially over." I have officially returned from a one month reprieve from studying after achieving my CCNA. My wife let me order two presents for myself last night.

larger cover 



















Yes. Time for CCNP R&S. I'm ready to take my career, but most importantly, my understanding of networking to another level. I ordered the CCNP Routing & Switching Official Certification Library (includes 3 books - ROUTE, SWITCH, TSHOOT) from Cisco Press. I have to say, I was thoroughly amazed with the overall lack of CCNP material out there in comparison to the CCNA, especially in terms of reading material. I checked multiple vendors and the lack of variety is a little discouraging. I will probably use the Official Library in conjunction with a CBT  subscription for all library access that my employer currently maintains for our small IT Team. I also heard Chris Bryant's Train Signal videos are a great tool. One thing I found that held true for my CCNA studies is what everyone said when comparing books to video; videos provide a great overview, but books combined with hands on labs are where you will receive most of your knowledge.


http://www.cisco.com/web/ANZ/assets/images/asa5505_front.JPG

And, as promised, I ordered an ASA5505 off of ebay to help polish up my security skills. I work with dual ASA5520s at work, but the 5505 will do for home labs. I purchased one with the Security Plus bundle license because it allows:  
  • High Availablity
  • DMZ Support
  • Dual ISP Support
  • 25 IPSEC VPN Peers
The other licensing does not provide those four features and I wanted to maximize the capability that I could get out of the 5505. I already have enough limitations building on a home lab budget. I will probably ending up buying a rack mounting kit.

Until I get them, I'm stuck living my life one shipping update at a time!






Posted by at No comments:
Subscribe to: Posts (Atom)