00:00:01 - Hello, and welcome to the ASA
Firewall Video Series.
00:00:05 - I'm Keith Barker, and on behalf
of the entire CBT
00:00:08 - Nuggets family, we'd like to
thank you for joining us.
00:00:11 - We've put together this intro
to give you an overview of
00:00:13 - what to expect from this
brand new series.
00:00:16 - Let's jump in.
00:00:17 - Our objective in this video
series is really simple.
00:00:20 - And that's to give you the
skills and knowledge you need
00:00:23 - to not only survive, but to
thrive when you've been given
00:00:26 - the responsibility
for setting up or
00:00:28 - managing an ASA firewall.
00:00:29 - And I personally would like to
apply for the job of being
00:00:33 - your tour guide and coach as
we go through this video
00:00:35 - series together.
00:00:37 - So who exactly is
this series for?
00:00:39 - We created this series
for one person, and
00:00:42 - that is you, my friend.
00:00:44 - Every Nugget, every piece, every
concept, we created as
00:00:47 - if I was sitting right next
to you just having a
00:00:50 - conversation.
00:00:51 - Whether we're configuring
the 5505 together, or
00:00:54 - bootstrapping it to get it out
of the box and running, or
00:00:57 - working on a bigger appliance,
like the 5540.
00:01:00 - Each and every step of the way,
I did it as if you were
00:01:03 - sitting exactly right
next to me.
00:01:05 - And I also understand that
everybody comes from different
00:01:08 - walks of life and different
00:01:10 - I've organized the Nuggets
that you and I get to go
00:01:13 - through together in organized,
00:01:15 - just makes sense fashion.
00:01:17 - For example, let's say somebody
comes to us and says,
00:01:19 - hey, here's an ASA.
00:01:20 - Set it up.
00:01:21 - Well, let's say it's the first
time we've seen an ASA.
00:01:23 - What are we going to do?
00:01:24 - Well that's where we start.
00:01:25 - You and I are going to take a
look at getting an appliance
00:01:27 - and saying, wow, this has no
operating system on the flash.
00:01:30 - How do we even get the operating
system on the flash?
00:01:32 - How do we start the process?
00:01:34 - And then from there, we'll just
logically take it one
00:01:36 - step at a time.
00:01:37 - The basics of how to work with
ASDM, and how the ASA thinks.
00:01:41 - We're going to get inside of its
head so that when it has a
00:01:43 - problem on our production
network, we can think to
00:01:45 - ourselves, OK.
00:01:47 - I understand what it's
thinking, why it
00:01:49 - would do what it does.
00:01:50 - And we can become better
troubleshooters as well.
00:01:52 - We'll also take a look at NAT.
00:01:53 - That was huge.
00:01:54 - With 8.2 to 8.3, there was a
significant change with how we
00:01:59 - implemented NAT.
00:02:00 - I'll tell you what, I
was not a big fan.
00:02:02 - I am now.
00:02:03 - After I learned it, I thought,
whoa, check this out.
00:02:06 - Here's how it works.
00:02:07 - And I actually deployed it with
the new 8.3 and 8.4 code.
00:02:11 - It's fantastic.
00:02:12 - So we'll cover both how it used
to work, how it works
00:02:15 - now, and you can love it too.
00:02:16 - And you can be really
good at it as well.
00:02:19 - And we'll continue in that same
orderly, makes sense,
00:02:21 - just in time pace all the way
through every single one of
00:02:25 - our Nuggets together.
00:02:26 - As we go through these together,
when we're done with
00:02:28 - the entire series and we look
back on the series, we're
00:02:31 - going to be amazed with
what we know.
00:02:33 - For example, we'll know how
to do EtherChannel on an
00:02:36 - interface, if we want to, for
fault tolerance and more
00:02:38 - throughput.
00:02:39 - We'll be able to make redundant
00:02:41 - interfaces if we want to.
00:02:42 - We could do whole boxes with
something called failover,
00:02:45 - both active standby failover,
and active active failover,
00:02:49 - where we have full system
00:02:51 - We're going to play with
virtual firewalls, with
00:02:53 - something called multiple
00:02:56 - with multiple context.
00:02:57 - And when we're all done, again,
the goal is simple, is
00:03:00 - to make sure that you have the
skills and knowledge and
00:03:03 - comfort level that you need to
do extremely well when you're
00:03:07 - implementing and/or managing
an ASA firewall.
00:03:10 - In addition to learning all the
details regarding the ASA
00:03:14 - that we've put together in the
series, we're also going to
00:03:16 - have some skills required for
some certification, if we are
00:03:20 - pursuing that.
00:03:21 - So what I want to do for those
interested in certification is
00:03:23 - give you a little road map of
currently where things sit.
00:03:26 - This course, which is the
Firewall version 2.0, is
00:03:30 - relevant for this exam
here in red--
00:03:32 - 642-618, which is
00:03:35 - How could we use that, or
why would we use it?
00:03:37 - First of all, if you have no
interest in certification,
00:03:40 - this course, from soup to
dessert, is perfect for you if
00:03:43 - you really want to
learn the ASA.
00:03:45 - That was my first and
00:03:47 - But I also addressed each and
every single objective, the
00:03:51 - published objectives from Cisco,
for this exam, which is
00:03:54 - 642-618 Firewall v2.0.
00:03:57 - Now, how could we use that?
00:03:59 - Well if you're pursuing a
00:04:02 - how it plays out.
00:04:03 - If you're pursuing an ASA
Specialist, let's focus on
00:04:06 - that one first.
00:04:07 - The ASA Specialist, to get
that, it requires a CCNA
00:04:12 - Route/Switch.
00:04:13 - And when people talk about CCNA
without any other things
00:04:16 - after it, they're referring to
the traditional CCNA for
00:04:19 - routing and switching.
00:04:20 - To get that, you can get that
in one of two ways.
00:04:22 - You can get a one exam
00:04:24 - the two exam approach.
00:04:26 - Either way works great.
00:04:27 - But you do need a CCNA.
00:04:30 - Why?
00:04:31 - Because a CCNA for route and
switch is required, a
00:04:33 - prerequisite from Cisco,
for the CCNA Security.
00:04:37 - Well, Keith, how does that
relate to the firewall
00:04:39 - certification that we're
taking a look at?
00:04:40 - Well, that also happens
to be a prerequisite.
00:04:44 - CCNA Security is a prerequisite
for the ASA
00:04:47 - Specialist.
00:04:49 - So in order to be an ASA
Specialist, you'd have to be a
00:04:51 - CCNA, you'd have to be
a CCNA Security.
00:04:54 - You'd have to take this exam,
which is our focus point for
00:04:57 - this course as far as what
it's relevant to.
00:04:59 - And you'd also have to take one
additional exam, which is
00:05:02 - the 642-648 VPN.
00:05:04 - And so as you look up, the
reason I built in this fashion
00:05:07 - is that everything that's
stacked is required.
00:05:10 - So the prerequisite for the ASA
Specialist is everything
00:05:14 - within this line.
00:05:15 - If you want to be a Firewall
Specialist, everything in this
00:05:19 - line is required.
00:05:20 - So the CCNA Route/Switch, CCNA
Security, this exam, and also
00:05:25 - the Secure exam, version 1.0.
00:05:27 - Now, if somebody is pursuing,
which I hope you are, a CCNP
00:05:31 - Security, it requires everything
below this line.
00:05:35 - That means you have to be a CCNA
Security, it's a prereq.
00:05:39 - And a prereq for CCNA Security
is CCNA Route/Switch.
00:05:42 - It requires the exams--
00:05:43 - the Firewall exam, the Secure
exam, the VPN exam, and the
00:05:47 - IPS exam to be a
00:05:51 - So you can see this guy right
here in the middle, the
00:05:54 - firewall, is the core
00:05:56 - He's required.
00:05:57 - No matter which path or which
option you're choosing.
00:06:00 - The Firewall v2 Certification
exam is there.
00:06:02 - So I wanted to put this in
a nice, logical, visual
00:06:06 - representation so you can
know exactly where
00:06:09 - you are in your track.
00:06:09 - Now, for those of you who are
thinking, wow, I have no
00:06:12 - knowledge of networking
00:06:14 - I have basic Windows
00:06:16 - Some basic Linux skills,
but I really don't know
00:06:18 - networking at all.
00:06:20 - How can I start?
00:06:21 - And the answer to that, my
friend, is quite easy.
00:06:23 - I would recommend--
00:06:24 - it's not a prerequisite for
CCNA, but if you're just brand
00:06:28 - new, I would recommend
00:06:32 - It's a CompTIA certification,
CBT Nugget testing, great
00:06:34 - content on that as well.
00:06:36 - So if you're brand new,
say, you know what.
00:06:37 - I'm not sure about the details
of how networks operate, you
00:06:42 - can start here, and then
work your way into CCNA
00:06:44 - Route/Switch.
00:06:45 - And then if you wanted to pursue
security, go right into
00:06:47 - the Security CCNA, and then
onto Firewall, which we're
00:06:50 - here in this course.
00:06:51 - And then onto your
specializations, and then
00:06:53 - finally CCNP security.
00:06:55 - It's interesting to note that
CCIE for security, which I
00:07:00 - happen to be one of those,
it doesn't have any these
00:07:02 - prerequisites.
00:07:04 - So if you want to go get a CCIE
in security, all you need
00:07:07 - to do is take a written exam
for it, and then take the
00:07:10 - practical lab.
00:07:11 - One of the tips that I've
learned over the years is
00:07:13 - that, let's say that this is our
track, and we're going on
00:07:16 - to CCMP Security, and eventually
maybe even CCIE.
00:07:20 - We want to make sure that while
we're studying a topic,
00:07:22 - for example, the ASA Firewall,
make sure we learn it.
00:07:26 - Don't just gloss over pieces.
00:07:28 - Make sure we really get every
piece of it while we're
00:07:31 - studying it.
00:07:32 - Put your whole heart into it.
00:07:33 - And that way, as you proceed
and you take that knowledge
00:07:36 - into your company, you take
that knowledge into a job
00:07:39 - interview, you take that
knowledge into production,
00:07:42 - you'll be a better technician.
00:07:43 - You'll be able to better
implement the real hardware.
00:07:46 - You'll be able to troubleshoot
00:07:47 - And you'll be an overall happier
person, because it's
00:07:50 - not a mystery how this ASA
right here is operating.
00:07:54 - So we've taken a look
at exactly who
00:07:56 - this series is for.
00:07:57 - And do you remember exactly
who that is?
00:07:59 - It's Y-O-U, my friend, you.
00:08:02 - It is for you, the person who
is brand new to the ASA.
00:08:04 - Doesn't know it yet, but
needs to know it.
00:08:06 - Or the person who has one in
their network, or multiple ASA
00:08:09 - firewalls in your network, and
simply want to become better
00:08:12 - at understanding it,
configuring it, and
00:08:15 - troubleshooting it.
00:08:16 - We also took a look at Cisco's
certification requirements, if
00:08:19 - you're going that direction,
as far as what it takes to
00:08:21 - become an ASA Specialist, or a
Firewall Specialist, or even
00:08:25 - the CCN piece, all of which are
relevant for the content
00:08:29 - in this series.
00:08:30 - And then, I'd like to take a
look, just for a moment with
00:08:32 - you, at some specific things
that you and I can do to be
00:08:36 - successful with this content,
and make it really ours.
00:08:38 - Number one, scheduling time.
00:08:41 - If we don't have time to take
the actual videos and watch
00:08:44 - them, it's not very
likely we're going
00:08:46 - to learn from them.
00:08:47 - So I'd like you to
00:08:48 - What's realistic?
00:08:49 - What's realistic might be two
to three vids a week.
00:08:56 - And that would be based on your
schedule, family, your
00:08:58 - commitments, your job,
00:09:00 - So you want to commit to
certain-- because that's
00:09:02 - measurable.
00:09:03 - I love it because
00:09:04 - So you can then commit to
somebody else and say, OK, to
00:09:07 - a spouse, to a child, you can
go up to a website and
00:09:11 - publicly say, I'm going
to watch two to
00:09:13 - three videos a week.
00:09:15 - Maybe even pick the days.
00:09:17 - Last night, I didn't
want to exercise.
00:09:19 - It was Saturday night.
00:09:20 - I didn't want to exercise
because I was tired.
00:09:23 - So here's the deal.
00:09:24 - I'm committed to three days
a week of exercising.
00:09:27 - So I thought to myself, if I
don't exercise, I've got a lot
00:09:31 - of people on Facebook who are
going to know that I didn't
00:09:33 - get my three for the week.
00:09:34 - That's my goal.
00:09:35 - So at 8:30 last night, I'm
exercising for a half hour.
00:09:40 - So I finished and it felt great,
but I did it because
00:09:43 - one, it's good for me.
00:09:44 - And secondly, I knew I had
other people that I had
00:09:46 - committed to.
00:09:47 - So put a little bit of pressure
on yourself to make
00:09:50 - sure that you're going to, in
measurable terms, watch two or
00:09:52 - three a week.
00:09:53 - Two or three videos.
00:09:54 - Secondly, I'd like you
to take notes.
00:09:56 - As we go through the concepts
together, write out notes.
00:10:00 - You can use your computer if you
want to, type out notes.
00:10:02 - I find for me, personally, if
I write out notes and then
00:10:05 - read through those later, that's
very helpful for me
00:10:08 - remembering the concepts
that I've learned.
00:10:10 - I'd also like you to practice
00:10:14 - Whoa, Keith.
00:10:15 - What do you mean practice
00:10:16 - Let me tell you a little
story about GNS3.
00:10:19 - I'm a huge fan of GNS3.
00:10:21 - It is free.
00:10:22 - GNS3 is a free tool that
we can use to simulate.
00:10:26 - It's great for practicing.
00:10:27 - We can't use it for production,
but we can use it
00:10:29 - for practicing.
00:10:30 - For many years, ever since the
version 7 of the code came out
00:10:34 - for the ASA--
00:10:35 - when it was first brand new,
came out with version seven--
00:10:38 - there was no really great
GNS3 support for it.
00:10:41 - And that continued all
the way to mid-2012.
00:10:46 - They finally came out with a
version of GNS3 and some
00:10:50 - support from the community that
allows version 8.4 to run
00:10:57 - well on GNS3.
00:11:00 - So I had fought it for years.
00:11:01 - I took out like a half day or
a full day a couple times a
00:11:05 - year previously, and tried
to get it working.
00:11:07 - And interfaces wouldn't
00:11:09 - And it was frustrating.
00:11:09 - This feature didn't work, that
feature didn't work.
00:11:11 - But now, 8.4, it works
like a champ.
00:11:15 - And there's tons of
00:11:16 - So I've got a GNS3 Nugget
in this video series.
00:11:20 - If you've already got it
running, you probably don't
00:11:22 - need to go watch it.
00:11:23 - But if you want to find the
components that I use to
00:11:25 - implement a virtualized
environment for practice
00:11:28 - purposes, check out that
video as well.
00:11:30 - And I'll just walk you through
the resources that I used,
00:11:32 - including Virtual Box, which
also is free, and GNS3 to go
00:11:36 - ahead and support practicing
00:11:39 - including ASDM support.
00:11:41 - So practice everything.
00:11:42 - So that means you're watching
a video, you're watching us
00:11:45 - configure, for example, maybe
it's multiple context mode.
00:11:48 - Or together we're configuring
network address translation.
00:11:51 - Or we're doing access
00:11:53 - Or we're doing modular policy
framework, whatever it is.
00:11:56 - I want you to do it as
well along with me.
00:11:59 - Build the environment in GNS3,
and then practice it.
00:12:02 - Practice, practice, practice
00:12:05 - That's the secret to getting
really good with the ASA is to
00:12:08 - practice it and make that
00:12:11 - Then teach it to
00:12:12 - Maybe you don't have to teach
the graphical user interface
00:12:14 - to somebody else, like ASDM, but
you do you definitely want
00:12:17 - to make sure you share
information with others.
00:12:19 - Take a spouse, a loved one,
a child, what have you, a
00:12:22 - co-worker, and say, hey, let
me teach you all about
00:12:24 - application layer inspection
and what it does.
00:12:27 - Let me tell you why FTP doesn't
work traditionally if
00:12:30 - we don't have inspection
00:12:32 - Let me tell you about ICMP, and
whether it's inspected or
00:12:35 - not by default.
00:12:36 - Let me tell you how to set
up the stateful failover.
00:12:40 - Or whatever the topic is, find
somebody and explain it to
00:12:44 - them, because that'll help
embed in your mind even
00:12:46 - better, giving you that deep,
deep level of knowledge that
00:12:49 - you need in today's competitive
environment to be
00:12:52 - very competent with an ASA.
00:12:54 - And last but not least,
00:12:56 - Every single step of the
way, have a blast.
00:12:59 - I have fun creating every single
Nugget that I create.
00:13:02 - And that's because I'm doing it
thinking, hey, I'm going to
00:13:04 - be teaching this to you.
00:13:06 - You and I are going through
this content together.
00:13:08 - It's important.
00:13:09 - Let's keep it fun and
let's keep it real.
00:13:11 - So not only did I cover all
the objectives that are
00:13:13 - published from Cisco for their
certification for this
00:13:16 - Firewall version 2.0, I've also
included a lot of real
00:13:19 - world, good to know features and
functions that you'd also
00:13:23 - come across on a daily
basis as you work in
00:13:26 - a production network.
00:13:27 - So I'm going to keep this intro
fairly brief so we can
00:13:30 - get right into our very first
Nugget, and that's taking a
00:13:33 - brand new ASA, pulling it out
of the box, and getting the
00:13:36 - operating system on it so
we can start to use it.
00:13:39 - I am so looking forward to
spending time with you in this
00:13:42 - video series.
00:13:43 - I hope this has been informative
00:13:45 - And I'd like to thank
you for viewing.