My study of the ASAs is drawing to a close. My plan was to do a lot of posts regarding these studies, but as you might guess, it is too difficult to study and do a lot of blogging on the process when you are dealing with a fixed amount of time for actual study. Here is a recap of prep required on the ASAs.

The Hardware:

• Cisco ASA 5500 and 5500-X Series Adaptive Security Appliances
  • Cisco ASA 5500 Series Adaptive Security Appliances OS Software Versions 8.2x, 8.4x, 8.6x
  • We can expect 4 of these devices

The Study Checklist:

• Initializing the Basic Cisco ASA Firewall (IP Address, Mask, Default Route, etc.)
• Understanding Security Levels (Same Security Interface)
• Understanding Single vs. Multimode
• Understanding Firewall vs. Transparent Mode
• Understanding Multiple Security Contexts
• Understanding Shared Resources for Multiple Contexts
• Understanding Packet Classification in Multiple-Contexts Mode
• VLAN Subinterfaces Using 802.1Q Trunking
• Multiple-Mode Firewall with Outside Access
• Single-Mode Firewall Using the Same Security Level
• Multiple-Mode, Transparent Firewall
• Single-Mode, Transparent Firewall with NAT
• ACLs in Transparent Firewall (for Pass-Through Traffic)
• Understanding How Routing Behaves on the Adaptive Security Appliance (Egress and Next-Hop Selection Process)
• Understanding Static vs. Dynamic Routing
• Static Routes
• RIP with Authentication
• OSPF with Authentication
• EIGRP with Authentication
• Managing Multiple Routing Instances
• Redistribution Between Protocols
• Route Summarization
• Route Filtering
• Static Route Tracking Using an SLA
• Dual ISP Support Using Static Route Tracking
• Redundant Interface Pair
• LAN-Based Active/Standby Failover (Routed Mode)
• LAN-Based Active/Active Failover (Routed Mode)
• LAN-Based Active/Standby Failover (Transparent Mode)
• LAN-Based Active/Active Failover (Transparent Mode)
• Stateful Failover Link
• Device Access Management
• Enabling Telnet
• Enabling SSH
• The nat-control Command vs. no nat-control Command
• Enabling Address Translation (NAT, Global, and Static) Pre & Post 8.4
• NAT Objects
• Context-Aware firewall
• Identity Firewall
• Using ASDM and Cisco Prime
• Policy NAT
• Destination NAT
• Bypassing NAT When NAT Control Is Enabled Using Identity NAT
• Bypassing NAT When NAT Control Is Enabled Using NAT Exemption
• Port Redirection Using NAT
• Tuning Default Connection Limits and Timeouts
• Basic Interface Access Lists and Access Group (Inbound and Outbound)
• Time-Based Access Lists
• ICMP Commands
• Enabling Syslog and Parameters
• NTP with Authentication
• Object Groups (Network, Protocol, ICMP, and Services)
• Nested Object Groups
• URL Filtering
• Java Filtering
• ActiveX Filtering
• ARP Inspection
• Modular Policy Framework (MPF)
• Application-Aware Inspection
• Identifying Injected Errors in Troubleshooting Scenarios
• Understanding and Interpreting Adaptive Security Appliance show and debug Outputs
• Understanding and Interpreting the packet-tracer and capture Commands
• Cisco IOS Firewalls
• Zone-Based Policy Firewall Using Multiple-Zone Scenarios
• User-Based Firewall
• Secure-Group Firewall
• Transparent Cisco IOS Firewall (Layer 2)
• Context-Based Access Control (CBAC)
• Proxy Authentication (Auth Proxy)
• Port-to-Application Mapping (PAM) Usage with ACLs
• Use of PAM to Change System Default Ports
• PAM Custom Ports for Specific Applications
• Mapping Nonstandard Ports to Standard Applications
• Performance Tuning
• Tuning Half-Open Connections
• Understanding and Interpreting the show ip port-map Commands
• Understanding and Interpreting the show ip inspect Commands
• Understanding and Interpreting the debug ip inspect Commands
• Understanding and Interpreting the show zone|zone-pair Commands
• Understanding and Interpreting the debug zone Commands
• Cisco IOS Services
• Marking Packets Using DSCP and IP Precedence and Other Values
• Unicast RPF (uRPF) With or Without an ACL (Strict and Loose Mode)
• RTBH Filtering (Remote Triggered Black Hole)
• Basic Traffic Filtering Using Access Lists: SYN Flags, Established, etc. (Named vs. Numbered ACLs)
• Managing Time-Based Access Lists
• Enabling NAT and PAT on a Router
• Conditional NAT on a Router
• Multihome NAT on a Router
• CAR Rate Limiting with Traffic Classification Using ACLs
• PBR (Policy-Based Routing) and Use of Route Maps
• Traffic Policing on a Router
• Traffic Characterization
• Packet Classification
• Packet-Marking Techniques

This list might seem overwhelming, but just remember to track your skills on each topic with a rating system. I had studied so much of this gearing up for my previous attempt that I noticed I did not have to restudy much of it at all!