Are you sure you want to cancel your subscription?

If you cancel, your subscription will remain active through the paid term. You will be able to reactivate the subscription until that date.

Sorry to see you go

Your subscription will remain active until . If you change your mind, you may rectivate your subscription anytime before that date.

Are you sure you want to reactivate?
Welcome Back!

Your subscription has been reactivated and you will continue to be charged on .

Reactivate Subscription

Thank you for choosing to reactivate your subscription. In order to lock in your previous subscription rate, you owe: .

Your Subscription term is from - .

Questions? Call Sales.

Payment Due:

Auto-Renew Subscription

To auto-renew your subscription you need to select or enter your payment method in "Your Account" under Manage Payments.

Click continue to set up your payments.

CBT Nuggets License Agreement

Unless otherwise stated all references to “training videos” or to “videos” includes both individual videos within a series, entire series, series packages, and streaming subscription access to CBT Nuggets content. All references to CBT or CBT Nuggets shall mean CBT Nuggets LLC, a Delaware limited liability company located at 44 Country Club Road, Ste. 150, Eugene, Oregon.

A CBT Nuggets license is defined as a single user license. Accounts may purchase multiple users, and each user is assigned a single license.

  • GRANT OF LICENSE. CBT Nuggets grants you a non-transferable, non-exclusive license to use the training videos contained in this package or streaming subscription access to CBT content (the “Products”), solely for internal use by your business or for your own personal use. You may not copy, reproduce, reverse engineer, translate, port, modify or make derivative works of the Products without the express consent of CBT. You may not rent, disclose, publish, sell, assign, lease, sublicense, market, or transfer the Products or use them in any manner not expressly authorized by this Agreement without the express consent of CBT. You shall not derive or attempt to derive the source code, source files or structure of all or any portion of the Products by reverse engineering, disassembly, decompilation or any other means. You do not receive any, and CBT Nuggets retains all, ownership rights in the Products. The Products are copyrighted and may not be copied, distributed or reproduced in any form, in whole or in part even if modified or merged with other Products. You shall not alter or remove any copyright notice or proprietary legend contained in or on the Products.
  • TERMINATION OF LICENSE. Once any applicable subscription period has concluded, the license granted by this Agreement shall immediately terminate and you shall have no further right to access, review or use in any manner any CBT Nuggets content. CBT reserves the right to terminate your subscription if, at its sole discretion, CBT believes you are in violation of this Agreement. CBT reserves the right to terminate your subscription if, at its sole discretion, CBT believes you have exceeded reasonable usage. In these events no refund will be made of any amounts previously paid to CBT.
  • DISCLAIMER OF WARRANTY AND LIABILITY. The products are provided to you on an “as is” and “with all faults” basis. You assume the entire risk of loss in using the products. The products are complex and may contain some nonconformities, defects or errors. CBT Nuggets does not warrant that the products will meet your needs, “expectations or intended use,” that operations of the products will be error-free or uninterrupted, or that all nonconformities can or will be corrected. CBT Nuggets makes and user receives no warranty, whether express or implied, and all warranties of merchantability, title, and fitness for any particular purpose are expressly excluded. In no event shall CBT Nuggets be liable to you or any third party for any damages, claim or loss incurred (including, without limitation, compensatory, incidental, indirect, special, consequential or exemplary damages, lost profits, lost sales or business, expenditures, investments, or commitments in connection with any business, loss of any goodwill, or damages resulting from lost data or inability to use data) irrespective of whether CBT Nuggets has been informed of, knew of, or should have known of the likelihood of such damages. This limitation applies to all causes of action in the aggregate including without limitation breach of contract, breach of warranty, negligence, strict liability, misrepresentation, and other torts. In no event shall CBT Nuggets’ liability to you or any third party exceed $100.00.
  • REMEDIES. In the event of any breach of the terms of the Agreement CBT reserves the right to seek and recover damages for such breach, including but not limited to damages for copyright infringement and for unauthorized use of CBT content. CBT also reserves the right to seek and obtain injunctive relief in addition to all other remedies at law or in equity.
  • MISCELLANEOUS. This is the exclusive Agreement between CBT Nuggets and you regarding its subject matter. You may not assign any part of this Agreement without CBT Nuggets’ prior written consent. This Agreement shall be governed by the laws of the State of Oregon and venue of any legal proceeding shall be in Lane County, Oregon. In any proceeding to enforce or interpret this Agreement, the prevailing party shall be entitled to recover from the losing party reasonable attorney fees, costs and expenses incurred by the prevailing party before and at any trial, arbitration, bankruptcy or other proceeding and in any appeal or review. You shall pay any sales tax, use tax, excise, duty or any other form of tax relating to the Products or transactions. If any provision of this Agreement is declared invalid or unenforceable, the remaining provisions of this Agreement shall remain in effect. Any notice to CBT under this Agreement shall be delivered by U.S. certified mail, return receipt requested, or by overnight courier to CBT Nuggets at the following address: 44 Club Rd Suite 150, Eugene, OR 97401 or such other address as CBT may designate.

CBT Nuggets reserves the right, in its sole discretion, to change, modify, add, or remove all or part of the License Agreement at any time, with or without notice.

Billing Agreement

  • By entering into a Billing Agreement with CBT Nuggets, you authorize CBT Nuggets to use automatic billing and to charge your credit card on a recurring basis.
  • You agree to pay subscription charges on a monthly basis, under the following terms and conditions:
    • CBT Nuggets will periodically charge your credit card each monthly billing cycle as your subscription charges become due;
    • All payments are non-refundable and charges made to the credit card under this agreement will constitute in effect a "sales receipt" and confirmation that services were rendered and received;
    • To terminate the recurring billing process and/or arrange for an alternative method of payment, you must notify CBT Nuggets at least 24 hours prior to the end of the monthly billing cycle;
    • You will not dispute CBT Nugget’s recurring billing charges with your credit card issuer so long as the amount in question was for periods prior to the receipt and acknowledgement of a written request to cancel your account or cancel individual licenses on your account.
  • You guarantee and warrant that you are the legal cardholder for the credit card associated with the account, and that you are legally authorized to enter into this recurring billing agreement.
  • You agree to indemnify, defend and hold CBT Nuggets harmless, against any liability pursuant to this authorization.
  • You agree that CBT Nuggets is not obligated to verify or confirm the amount for the purpose of processing these types of payments. You acknowledge and agree that Recurring Payments may be variable and scheduled to occur at certain times.
  • If your payment requires a currency conversion by us, the amount of the currency conversion fee will be determined at the time of your payment. You acknowledge that the exchange rate determined at the time of each payment transaction will differ and you agree to the future execution of payments being based on fluctuating exchange rates.

CBT Nuggets reserves the right, in its sole discretion, to change, modify, add, or remove all or part of the Billing Agreement at any time, with or without notice.

Cisco CCNP Security Firewall 642-618

Deploying Cisco ASA Firewall Solutions v2.0

Course Duration: 13:22:49
Firewall v2.0 Introduction
The Adaptive Security Appliance (ASA) is a vital cornerstone in Cisco's security portfolio, and when properly implemented and managed can reduce the overall risk to a company. This introduction video identifies who the series was created for, what to expect from it and how to get the most out of it.
Out of the Box
Before we can implement the advanced features of the Adaptive Security Appliance (ASA), which include stateful packet filtering, application layer inspection, user-based access control, AAA, BotNet filtering, IPsec and SSL VPNs, redundant interfaces, etherchannel, multicast and routing protocols, NAT, transparent firewall, multiple context firewall (virtual firewalls), or High Availability (HA) with failover, we need to first have management access to the ASA. In this video, Keith walks you through how to do an image recovery of an ASA that doesn't have a valid OS image on flash, and then proceeds to take you step by step in bootstrapping the ASA with enough configuration to allow access by the ASA Security Device Manager (ASDM).

Maps to CCNP Firewall 642-618 objectives: Manage the ASA boot process; Implement ASA interface settings.
ASA & ASDM Essentials
What else needs to be done, to get an ASA up and functioning in the network? This Nugget answers that, as Keith walks you through configuring a second interface and configuring Network Address Translation (NAT) to provide firewall services for clients. As you and Keith configure, he explains the details of why security levels (assigned to each interface) are important, and how they work in conjunction with stateful firewall services.

Maps to CCNP Firewall 642-618 objectives: Implement ASA licensing; Implement ASA interface settings; Implement ASA management features; Implement ASA access control features; Implement Network Address Translation (NAT) on the ASA.
NAT on the ASA, 8.2, 8.3 and beyond
What's up with NAT!?! That is a topic that comes up all the time with the current version of the ASA (8.3 and higher). The methods and configuration dramatically changed after the update from 8.2 to 8.3. In this video, Keith walks you through how NAT on the 8.2 and older versions of the ASA was configured, and then takes you through the logic and configuration of the new NAT. Concepts are reinforced by real world scenarios along with demonstration and verification of the NAT, step by step.

Maps to CCNP Firewall 642-618 objectives: Implement ASA interface settings; Implement Network Address Translation (NAT) on the ASA.
ACLs on the ASA
What do Public Servers, Real IP addresses, and global Access Control Lists (ACLs) all have in common? They are all new features in version 8.3, 8.4 and higher of the ASA, and critical to know. Have no fear, in this video, Keith introduces the ACL options including when and where to use them. Demonstration and verification are done to reinforce both the concepts and the configuration steps.

Maps to CCNP Firewall 642-618 objectives: Implement ASA access control features; Implement NAT on the ASA; Implement ASDM public server feature.
Routing on the ASA
When the ASA considers forwarding a packet, it uses its routing table to determine the exit interface and the next hop router (if the destination is not directly connected). Based on the interfaces involved, the appropriate rules are considered, such as the security levels or ACLs involved. Training the ASA to learn about remote networks can be done in a few ways, and in this Nugget, Keith walks you through each of the methods including static routing, RIP, EIGRP and OSPF. Multicast routing capabilities of the ASA are also discussed in this video.

Maps to CCNP Firewall 642-618 objectives: Implement ASA static routing; Implement ASA dynamic routing.
MPF 101
Modular Policy Framework (MPF) is used to implement additional Layer 3 and Layer 4 actions on the packets that flow through the ASA. MPF actions include implementing Quality of Service (QoS), policing, application inspection (such as looking for additional ports that may need to be allowed through the ASA for an application to work), changing TCP connection thresholds (such as limiting the number of half-formed sessions allowed through the firewall), and much more. Keith demonstrates real-world scenarios where MPF is required and discusses both the CLI and ASDM implementation of policies using the class maps, policy maps and a service policy (which are the "framework" in Modular Policy Framework (MPF).

Maps to CCNP Firewall 642-618 objectives: Implement ASA inspections features.
TCP Advanced Options
Not all traffic is simple, and some traffic is intentionally malicious. In this video you and Keith discuss some of the advanced TCP challenges facing the ASA including asymmetrical routing conditions, TCP options that the ASA would normally remove (but are required for BGP authentication to work), and how to prevent a SYN-flood attack from taking down your critical servers. Concepts are reinforced by live demonstrations.

Maps to CCNP Firewall 642-618 objectives: Implement ASA inspections features
Layer 5-7 Advanced Inspection
What is being hidden behind TCP port 80? We assume it is valid HTTP, but how do we know for sure? Users could be tunneling non-http traffic over port 80 and malicious code on web servers could return data to clients that the browser had not asked for. To address these problems, the ASA allows for Layer 5-7 (TCP/IP application layer) advanced protocol inspection to keep an eye on those protocols and to enforce RFC compliance and/or filter what commands may be issued by the application layer protocol. In this video, Keith walks you through CLI and ASDM commands to implement and verify this feature.

Maps to CCNP Firewall 642-618 objectives: Implement ASA inspections features
Interfaces: Sub, Ether-channel and Redundant
Sometimes, using a single physical interface to support a single IP subnet just isn't enough. For example, if we need interfaces to support 25 subnets, but only have 8 physical interfaces, or when we need 4 times the bandwidth of our fastest interface, or when we need redundancy for a single interface. In this video, Keith describes each of these requirements and demonstrates how to implement the solution on the ASA firewall by using sub-interfaces, L3 Ether-channel and a redundant interfaces.

Maps to CCNP Firewall 642-618 objectives: Implement ASA Interface redundancy and load sharing features
Transparent Firewall
The ASA has a nice trick up its sleeve, in that it can be inserted into an existing network and leave the existing routers and IP addressing in place. It does this by converting to a layer 2 device from an IP perspective, but still maintains its ability to do stateful inspection at the higher layers. In this video Keith walks you through the options of using this feature by explaining and demonstrating the transparent firewall on both the ASA 5505, and the larger 5520.

Maps to CCNP Firewall 642-618 objectives: Implement ASA transparent firewall
AAA on the ASA
"Who, do you think you are? What do you think you are doing? That is getting reported." Those are the types of activities that go on all day long in a network where Authentication, Authorization and Accounting (AAA) are in use. In this Nugget, Keith walks you through the two major categories of users that need to be tracked using AAA, and then demonstrates how to implement the AAA features of management and cut-through proxy on the ASA.

Maps to CCNP Firewall 642-618 objectives: Implement ASA management features; Implement ASA access control features
Active/Standby Failover
Got HA? High Availability (HA) can be implemented on the ASA when there are 2 ASA firewalls, with appropriate licensing. One fault tolerant method is to use "Active/Standby Failover," and in this video, Keith describes how this works and demonstrates how to implement it from both the ASDM interface and the CLI.

Maps to CCNP Firewall 642-618 objectives: Implement ASA stateful failover
Virtual Firewalls (contexts)
Even with only one physical firewall, the option exists to create multiple logical firewalls using only a single ASA. In this video Keith discusses with you some reasons why we might want to place a firewall into "multiple mode", and then uses the CLI and ASDM to create and verify new contexts (virtual firewalls).

Maps to CCNP Firewall 642-618 objectives: Implement ASA virtualization feature
Active/Active Failover
High Availability (HA) using failover can be implemented using Active/Active when ASAs are configured in multiple mode. One of the benefits is that both firewalls can be configured to actively forward traffic and have the option of implementing some load sharing along with the fault tolerance. In this video, Keith walks you through the reasons, the logic and the configuration needed to implement Active/Active failover as well as verifying it.

Maps to CCNP Firewall 642-618 objectives: Implement ASA stateful failover
Botnet Filtering
Malware installed on a computer can allow an attacker to centrally control that device as part of an army of compromised hosts to form a botnet. The ASA has the option to work with a Cisco centralized database of IP addresses and domains that have been identified as being part of a botnet, so that the ASA can prevent traffic to and from those addresses. In this video, Keith discusses the steps to configure and enable botnet filtering.

Maps to CCNP Firewall 642-618 objectives: Implement ASA Botnet traffic filter
Management, Logging, Anti-spoofing and More...
What protocols are being allowed to the ASA for management, and where are logging messages being sent? In this video, Keith walks you through implementing security regarding management of the ASA, as well as the options of setting up logging to one of several destinations including email, syslog and ASDM. Unicast Reverse Path Filtering (uRPF) and the "established" command, including their purpose, are in this video.

Maps to CCNP Firewall 642-618 objectives: Implement ASA management features; Implement ASA access control features
GNS3 and the ASA
GNS3 is a free emulation environment that can be used to practice various vendors products, including Cisco and their routers. Until mid-2012, Firewall/ASA emulation was not easy to implement as it didn't always work correctly, when it worked at all in a virtual environment such as GNS3. With the current release of GNS3, the ASA ver 8.4 of software and associated ASDM can work very well in GNS3. In this video, Keith walks you through the list of tools and software that can be used to create a hands-on practice lab using GNS3.

No Bookmarks

Firewalls have come a long way over the years, and the Cisco Adaptive Security Appliance (ASA) firewall has as well. In this "soup-to-dessert" video series, trainer Keith Barker walks you through the entire process of implementing the ASA on the network, beginning with bootstrapping the ASA so that it will allow basic management, all the way to configuring advanced features such as the new Network Address Translation (NAT, which changed between versions 8.2 and 8.3), redundant interfaces, etherchannel, transparent L2 firewall services, multiple-contexts (virtual firewalls), application layer inspection, failover for high availability (HA), and more. By the time you finish this series, you'll be able to return to your network with confidence in the care and feeding of the ASA.

This series addresses all the objectives for exam 642-618 (Firewall v2), which is part of the Cisco Firewall Specialist, ASA Specialist and CCNP Security certifications. Plus, a GNS3 Nugget covers how to create a complete ASA virtual lab environment, for hands-on practice.

Viewers who have taken the CCNA Security (or has the equivalent knowledge) will get the most out of this series. Exam 642-618 is one of the requirements for ASA Specialist, Firewall Specialist and CCNP Security certifications; pre-requisites for these 3 certifications include CCNA (RS) and CCNA Security. This series is also valuable if you're applying for network/security positions where the employer has ASAs in place and are looking for skilled ASA network technicians and engineers.

Firewall v2.0 Introduction

00:00:01 - Hello, and welcome to the ASA Firewall Video Series.
00:00:05 - I'm Keith Barker, and on behalf of the entire CBT
00:00:08 - Nuggets family, we'd like to thank you for joining us.
00:00:11 - We've put together this intro to give you an overview of
00:00:13 - what to expect from this brand new series.
00:00:16 - Let's jump in.
00:00:17 - Our objective in this video series is really simple.
00:00:20 - And that's to give you the skills and knowledge you need
00:00:23 - to not only survive, but to thrive when you've been given
00:00:26 - the responsibility for setting up or
00:00:28 - managing an ASA firewall.
00:00:29 - And I personally would like to apply for the job of being
00:00:33 - your tour guide and coach as we go through this video
00:00:35 - series together.
00:00:37 - So who exactly is this series for?
00:00:39 - We created this series for one person, and
00:00:42 - that is you, my friend.
00:00:44 - Every Nugget, every piece, every concept, we created as
00:00:47 - if I was sitting right next to you just having a
00:00:50 - conversation.
00:00:51 - Whether we're configuring the 5505 together, or
00:00:54 - bootstrapping it to get it out of the box and running, or
00:00:57 - working on a bigger appliance, like the 5540.
00:01:00 - Each and every step of the way, I did it as if you were
00:01:03 - sitting exactly right next to me.
00:01:05 - And I also understand that everybody comes from different
00:01:08 - walks of life and different experience levels.
00:01:10 - I've organized the Nuggets that you and I get to go
00:01:13 - through together in organized, logical,
00:01:15 - just makes sense fashion.
00:01:17 - For example, let's say somebody comes to us and says,
00:01:19 - hey, here's an ASA.
00:01:20 - Set it up.
00:01:21 - Well, let's say it's the first time we've seen an ASA.
00:01:23 - What are we going to do?
00:01:24 - Well that's where we start.
00:01:25 - You and I are going to take a look at getting an appliance
00:01:27 - and saying, wow, this has no operating system on the flash.
00:01:30 - How do we even get the operating system on the flash?
00:01:32 - How do we start the process?
00:01:34 - And then from there, we'll just logically take it one
00:01:36 - step at a time.
00:01:37 - The basics of how to work with ASDM, and how the ASA thinks.
00:01:41 - We're going to get inside of its head so that when it has a
00:01:43 - problem on our production network, we can think to
00:01:45 - ourselves, OK.
00:01:47 - I understand what it's thinking, why it
00:01:49 - would do what it does.
00:01:50 - And we can become better troubleshooters as well.
00:01:52 - We'll also take a look at NAT.
00:01:53 - That was huge.
00:01:54 - With 8.2 to 8.3, there was a significant change with how we
00:01:59 - implemented NAT.
00:02:00 - I'll tell you what, I was not a big fan.
00:02:02 - I am now.
00:02:03 - After I learned it, I thought, whoa, check this out.
00:02:06 - Here's how it works.
00:02:07 - And I actually deployed it with the new 8.3 and 8.4 code.
00:02:11 - It's fantastic.
00:02:12 - So we'll cover both how it used to work, how it works
00:02:15 - now, and you can love it too.
00:02:16 - And you can be really good at it as well.
00:02:19 - And we'll continue in that same orderly, makes sense,
00:02:21 - just in time pace all the way through every single one of
00:02:25 - our Nuggets together.
00:02:26 - As we go through these together, when we're done with
00:02:28 - the entire series and we look back on the series, we're
00:02:31 - going to be amazed with what we know.
00:02:33 - For example, we'll know how to do EtherChannel on an
00:02:36 - interface, if we want to, for fault tolerance and more
00:02:38 - throughput.
00:02:39 - We'll be able to make redundant
00:02:41 - interfaces if we want to.
00:02:42 - We could do whole boxes with something called failover,
00:02:45 - both active standby failover, and active active failover,
00:02:49 - where we have full system redundancy.
00:02:51 - We're going to play with virtual firewalls, with
00:02:53 - something called multiple mode, and
00:02:56 - with multiple context.
00:02:57 - And when we're all done, again, the goal is simple, is
00:03:00 - to make sure that you have the skills and knowledge and
00:03:03 - comfort level that you need to do extremely well when you're
00:03:07 - implementing and/or managing an ASA firewall.
00:03:10 - In addition to learning all the details regarding the ASA
00:03:14 - that we've put together in the series, we're also going to
00:03:16 - have some skills required for some certification, if we are
00:03:20 - pursuing that.
00:03:21 - So what I want to do for those interested in certification is
00:03:23 - give you a little road map of currently where things sit.
00:03:26 - This course, which is the Firewall version 2.0, is
00:03:30 - relevant for this exam here in red--
00:03:32 - 642-618, which is Firewall v2.0.
00:03:35 - How could we use that, or why would we use it?
00:03:37 - First of all, if you have no interest in certification,
00:03:40 - this course, from soup to dessert, is perfect for you if
00:03:43 - you really want to learn the ASA.
00:03:45 - That was my first and foremost priority.
00:03:47 - But I also addressed each and every single objective, the
00:03:51 - published objectives from Cisco, for this exam, which is
00:03:54 - 642-618 Firewall v2.0.
00:03:57 - Now, how could we use that?
00:03:59 - Well if you're pursuing a certification, here's
00:04:02 - how it plays out.
00:04:03 - If you're pursuing an ASA Specialist, let's focus on
00:04:06 - that one first.
00:04:07 - The ASA Specialist, to get that, it requires a CCNA
00:04:12 - Route/Switch.
00:04:13 - And when people talk about CCNA without any other things
00:04:16 - after it, they're referring to the traditional CCNA for
00:04:19 - routing and switching.
00:04:20 - To get that, you can get that in one of two ways.
00:04:22 - You can get a one exam approach, or
00:04:24 - the two exam approach.
00:04:26 - Either way works great.
00:04:27 - But you do need a CCNA.
00:04:30 - Why?
00:04:31 - Because a CCNA for route and switch is required, a
00:04:33 - prerequisite from Cisco, for the CCNA Security.
00:04:37 - Well, Keith, how does that relate to the firewall
00:04:39 - certification that we're taking a look at?
00:04:40 - Well, that also happens to be a prerequisite.
00:04:44 - CCNA Security is a prerequisite for the ASA
00:04:47 - Specialist.
00:04:49 - So in order to be an ASA Specialist, you'd have to be a
00:04:51 - CCNA, you'd have to be a CCNA Security.
00:04:54 - You'd have to take this exam, which is our focus point for
00:04:57 - this course as far as what it's relevant to.
00:04:59 - And you'd also have to take one additional exam, which is
00:05:02 - the 642-648 VPN.
00:05:04 - And so as you look up, the reason I built in this fashion
00:05:07 - is that everything that's stacked is required.
00:05:10 - So the prerequisite for the ASA Specialist is everything
00:05:14 - within this line.
00:05:15 - If you want to be a Firewall Specialist, everything in this
00:05:19 - line is required.
00:05:20 - So the CCNA Route/Switch, CCNA Security, this exam, and also
00:05:25 - the Secure exam, version 1.0.
00:05:27 - Now, if somebody is pursuing, which I hope you are, a CCNP
00:05:31 - Security, it requires everything below this line.
00:05:35 - That means you have to be a CCNA Security, it's a prereq.
00:05:39 - And a prereq for CCNA Security is CCNA Route/Switch.
00:05:42 - It requires the exams--
00:05:43 - the Firewall exam, the Secure exam, the VPN exam, and the
00:05:47 - IPS exam to be a CCNP Security.
00:05:51 - So you can see this guy right here in the middle, the
00:05:54 - firewall, is the core of everything.
00:05:56 - He's required.
00:05:57 - No matter which path or which option you're choosing.
00:06:00 - The Firewall v2 Certification exam is there.
00:06:02 - So I wanted to put this in a nice, logical, visual
00:06:06 - representation so you can know exactly where
00:06:09 - you are in your track.
00:06:09 - Now, for those of you who are thinking, wow, I have no
00:06:12 - knowledge of networking at all.
00:06:14 - I have basic Windows skills, Maybe.
00:06:16 - Some basic Linux skills, but I really don't know
00:06:18 - networking at all.
00:06:20 - How can I start?
00:06:21 - And the answer to that, my friend, is quite easy.
00:06:23 - I would recommend--
00:06:24 - it's not a prerequisite for CCNA, but if you're just brand
00:06:28 - new, I would recommend Network +.
00:06:32 - It's a CompTIA certification, CBT Nugget testing, great
00:06:34 - content on that as well.
00:06:36 - So if you're brand new, say, you know what.
00:06:37 - I'm not sure about the details of how networks operate, you
00:06:42 - can start here, and then work your way into CCNA
00:06:44 - Route/Switch.
00:06:45 - And then if you wanted to pursue security, go right into
00:06:47 - the Security CCNA, and then onto Firewall, which we're
00:06:50 - here in this course.
00:06:51 - And then onto your specializations, and then
00:06:53 - finally CCNP security.
00:06:55 - It's interesting to note that CCIE for security, which I
00:07:00 - happen to be one of those, it doesn't have any these
00:07:02 - prerequisites.
00:07:04 - So if you want to go get a CCIE in security, all you need
00:07:07 - to do is take a written exam for it, and then take the
00:07:10 - practical lab.
00:07:11 - One of the tips that I've learned over the years is
00:07:13 - that, let's say that this is our track, and we're going on
00:07:16 - to CCMP Security, and eventually maybe even CCIE.
00:07:20 - We want to make sure that while we're studying a topic,
00:07:22 - for example, the ASA Firewall, make sure we learn it.
00:07:26 - Don't just gloss over pieces.
00:07:28 - Make sure we really get every piece of it while we're
00:07:31 - studying it.
00:07:32 - Put your whole heart into it.
00:07:33 - And that way, as you proceed and you take that knowledge
00:07:36 - into your company, you take that knowledge into a job
00:07:39 - interview, you take that knowledge into production,
00:07:42 - you'll be a better technician.
00:07:43 - You'll be able to better implement the real hardware.
00:07:46 - You'll be able to troubleshoot it better.
00:07:47 - And you'll be an overall happier person, because it's
00:07:50 - not a mystery how this ASA right here is operating.
00:07:54 - So we've taken a look at exactly who
00:07:56 - this series is for.
00:07:57 - And do you remember exactly who that is?
00:07:59 - It's Y-O-U, my friend, you.
00:08:02 - It is for you, the person who is brand new to the ASA.
00:08:04 - Doesn't know it yet, but needs to know it.
00:08:06 - Or the person who has one in their network, or multiple ASA
00:08:09 - firewalls in your network, and simply want to become better
00:08:12 - at understanding it, configuring it, and
00:08:15 - troubleshooting it.
00:08:16 - We also took a look at Cisco's certification requirements, if
00:08:19 - you're going that direction, as far as what it takes to
00:08:21 - become an ASA Specialist, or a Firewall Specialist, or even
00:08:25 - the CCN piece, all of which are relevant for the content
00:08:29 - in this series.
00:08:30 - And then, I'd like to take a look, just for a moment with
00:08:32 - you, at some specific things that you and I can do to be
00:08:36 - successful with this content, and make it really ours.
00:08:38 - Number one, scheduling time.
00:08:41 - If we don't have time to take the actual videos and watch
00:08:44 - them, it's not very likely we're going
00:08:46 - to learn from them.
00:08:47 - So I'd like you to schedule time.
00:08:48 - What's realistic?
00:08:49 - What's realistic might be two to three vids a week.
00:08:56 - And that would be based on your schedule, family, your
00:08:58 - commitments, your job, everything else.
00:09:00 - So you want to commit to certain-- because that's
00:09:02 - measurable.
00:09:03 - I love it because it's measurable.
00:09:04 - So you can then commit to somebody else and say, OK, to
00:09:07 - a spouse, to a child, you can go up to a website and
00:09:11 - publicly say, I'm going to watch two to
00:09:13 - three videos a week.
00:09:15 - Maybe even pick the days.
00:09:17 - Last night, I didn't want to exercise.
00:09:19 - It was Saturday night.
00:09:20 - I didn't want to exercise because I was tired.
00:09:23 - So here's the deal.
00:09:24 - I'm committed to three days a week of exercising.
00:09:27 - So I thought to myself, if I don't exercise, I've got a lot
00:09:31 - of people on Facebook who are going to know that I didn't
00:09:33 - get my three for the week.
00:09:34 - That's my goal.
00:09:35 - So at 8:30 last night, I'm exercising for a half hour.
00:09:40 - So I finished and it felt great, but I did it because
00:09:43 - one, it's good for me.
00:09:44 - And secondly, I knew I had other people that I had
00:09:46 - committed to.
00:09:47 - So put a little bit of pressure on yourself to make
00:09:50 - sure that you're going to, in measurable terms, watch two or
00:09:52 - three a week.
00:09:53 - Two or three videos.
00:09:54 - Secondly, I'd like you to take notes.
00:09:56 - As we go through the concepts together, write out notes.
00:10:00 - You can use your computer if you want to, type out notes.
00:10:02 - I find for me, personally, if I write out notes and then
00:10:05 - read through those later, that's very helpful for me
00:10:08 - remembering the concepts that I've learned.
00:10:10 - I'd also like you to practice everything.
00:10:14 - Whoa, Keith.
00:10:15 - What do you mean practice everything?
00:10:16 - Let me tell you a little story about GNS3.
00:10:19 - I'm a huge fan of GNS3.
00:10:21 - It is free.
00:10:22 - GNS3 is a free tool that we can use to simulate.
00:10:26 - It's great for practicing.
00:10:27 - We can't use it for production, but we can use it
00:10:29 - for practicing.
00:10:30 - For many years, ever since the version 7 of the code came out
00:10:34 - for the ASA--
00:10:35 - when it was first brand new, came out with version seven--
00:10:38 - there was no really great GNS3 support for it.
00:10:41 - And that continued all the way to mid-2012.
00:10:46 - They finally came out with a version of GNS3 and some
00:10:50 - support from the community that allows version 8.4 to run
00:10:57 - well on GNS3.
00:11:00 - So I had fought it for years.
00:11:01 - I took out like a half day or a full day a couple times a
00:11:05 - year previously, and tried to get it working.
00:11:07 - And interfaces wouldn't come up.
00:11:09 - And it was frustrating.
00:11:09 - This feature didn't work, that feature didn't work.
00:11:11 - But now, 8.4, it works like a champ.
00:11:15 - And there's tons of documentation.
00:11:16 - So I've got a GNS3 Nugget in this video series.
00:11:20 - If you've already got it running, you probably don't
00:11:22 - need to go watch it.
00:11:23 - But if you want to find the components that I use to
00:11:25 - implement a virtualized environment for practice
00:11:28 - purposes, check out that video as well.
00:11:30 - And I'll just walk you through the resources that I used,
00:11:32 - including Virtual Box, which also is free, and GNS3 to go
00:11:36 - ahead and support practicing with 8.4
00:11:39 - including ASDM support.
00:11:41 - So practice everything.
00:11:42 - So that means you're watching a video, you're watching us
00:11:45 - configure, for example, maybe it's multiple context mode.
00:11:48 - Or together we're configuring network address translation.
00:11:51 - Or we're doing access control list.
00:11:53 - Or we're doing modular policy framework, whatever it is.
00:11:56 - I want you to do it as well along with me.
00:11:59 - Build the environment in GNS3, and then practice it.
00:12:02 - Practice, practice, practice everything.
00:12:05 - That's the secret to getting really good with the ASA is to
00:12:08 - practice it and make that knowledge yours.
00:12:11 - Then teach it to somebody else.
00:12:12 - Maybe you don't have to teach the graphical user interface
00:12:14 - to somebody else, like ASDM, but you do you definitely want
00:12:17 - to make sure you share information with others.
00:12:19 - Take a spouse, a loved one, a child, what have you, a
00:12:22 - co-worker, and say, hey, let me teach you all about
00:12:24 - application layer inspection and what it does.
00:12:27 - Let me tell you why FTP doesn't work traditionally if
00:12:30 - we don't have inspection on it.
00:12:32 - Let me tell you about ICMP, and whether it's inspected or
00:12:35 - not by default.
00:12:36 - Let me tell you how to set up the stateful failover.
00:12:40 - Or whatever the topic is, find somebody and explain it to
00:12:44 - them, because that'll help embed in your mind even
00:12:46 - better, giving you that deep, deep level of knowledge that
00:12:49 - you need in today's competitive environment to be
00:12:52 - very competent with an ASA.
00:12:54 - And last but not least, have fun.
00:12:56 - Every single step of the way, have a blast.
00:12:59 - I have fun creating every single Nugget that I create.
00:13:02 - And that's because I'm doing it thinking, hey, I'm going to
00:13:04 - be teaching this to you.
00:13:06 - You and I are going through this content together.
00:13:08 - It's important.
00:13:09 - Let's keep it fun and let's keep it real.
00:13:11 - So not only did I cover all the objectives that are
00:13:13 - published from Cisco for their certification for this
00:13:16 - Firewall version 2.0, I've also included a lot of real
00:13:19 - world, good to know features and functions that you'd also
00:13:23 - come across on a daily basis as you work in
00:13:26 - a production network.
00:13:27 - So I'm going to keep this intro fairly brief so we can
00:13:30 - get right into our very first Nugget, and that's taking a
00:13:33 - brand new ASA, pulling it out of the box, and getting the
00:13:36 - operating system on it so we can start to use it.
00:13:39 - I am so looking forward to spending time with you in this
00:13:42 - video series.
00:13:43 - I hope this has been informative for you.
00:13:45 - And I'd like to thank you for viewing.

Out of the Box

ASA & ASDM Essentials

NAT on the ASA, 8.2, 8.3 and beyond

ACLs on the ASA

Routing on the ASA

MPF 101

TCP Advanced Options

Layer 5-7 Advanced Inspection

Interfaces: Sub, Ether-channel and Redundant

Transparent Firewall

AAA on the ASA

Active/Standby Failover

Virtual Firewalls (contexts)

Active/Active Failover

Botnet Filtering

Management, Logging, Anti-spoofing and More...

GNS3 and the ASA

This forum is for community use – trainers will not participate in conversations. Share your thoughts on training content and engage with other members of the CBT Nuggets community. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
Community Standards

We encourage you to share your wisdom, opinions, and questions with the CBT Nuggets community. To keep things civil, we have established the following policy.

We reserve the right not to post comments that:
contain obscene, indecent, or profane language; contain threats or defamatory statements; contain personal attacks; contain hate speech directed at race, color, sex, sexual orientation, national origin, ethnicity, age, religion, or disability; contributes to a hostile atmosphere; or promotes or endorses services or products. Non-commercial links, if relevant to the topic, are acceptable. Comments are not moderated, however, all comments will automatically be filtered for content that might violate our comment policies. If your comment is flagged by our filter, it will not be published.

We will be continually monitoring published comments and any content that violates our policies will be removed. Users who repeatedly violate our comments policy may be prohibited from commenting.
Keith Barker

Keith Barker

CBT Nuggets Trainer

Cisco CCDP, CCIE Security, CCIE Routing & Switching; Juniper JNCIS-ENT, JNCIS-SP; Brocade BCNP ; HP-MASE; (ISC)2 CISSP; CompTIA Network+, Security+

Area of Expertise:
Cisco, security, networking, bitcoin. Author or coauthor of: CCNA Security 640-554 Official Cert Guide; CCNP Security IPS 642-627 Official Cert Guide; CCNA Security 640-554 Official Cert Guide, and many more.

Course Features

Speed Control

Play videos at a faster or slower pace.


Pick up where you left off watching a video.


Jot down information to refer back to at a later time.

Closed Captions

Follow what the trainers are saying with ease.

MP3 Downloads

Listen to videos anytime, anywhere
Your browser cannot access Virtual Labs
Add training to a playlist
or create a new list
Add to current playlist
or add to an existing list
Add to new playlist