ASA Information for CCNA Security

Earlier I got a response mentioning that there was not a lot of coverage of the ASA and Pix device with regard to CCNA Security and in part I have to agree. As you go beyond the CCNA Security though there is a much greater emphasis on the ASA. For now though, I want to take a moment and post some additional information about the ASA Appliances that you might find useful if you are pursuing the CCNA Security. Later this week I will follow-up this posting with a PIX specific posting as well. OK, so let’s take a look at the Cisco ASA appliances. The first thing to understand with these is that they are not a device dedicated to a single purpose. They are not solely a firewall or a dedicated IPS sensor, or a dedicated VPN Concentrator. Instead, the ASA (Adaptive Security Appliances) are meant to serve multiple needs. This means that they can simultaneously act like a VPN concentrator, a Firewall, and an IPS Sensor. Of course, as with all Cisco products there are various models but for the CCNA Security exam, I would want you to be familiar with the characteristics of the Cisco ASA 5500 Appliance Models. In fact, where this exam is concerned, it is best to focus in the VPN features of these devices. As I said, they build on this in later CCSP exams. So here’s what you need to know about the Cisco ASA 5500 Series Appliances where this is concerned. These devices support both IPSec and SSL tunnels and provide scalability through clustering. These appliances also support Cisco Easy VPN. The Cisco VPN Client software can also be used for updating user computers and these appliances support the Cisco IOS Web VPN. Finally, these appliances provide QoS support for converged voice, video, and data networks and may be managed using the ASDM (Cisco Adaptive Security Device Manager) GUI. You will also want to be familiar with the license types for the ASA Appliances. There are three of these, Feature licenses, Encryption licenses, and Platform Licenses. The feature licenses allow your appliance to support security contexts if you have the Security Context license as well as General Packet Radio Serve (GPRS) Tunneling Protocol (GTP) with the GTP Inspection license. The Encryption license offers the ability to enhance security by providing support for 3DES and AES encryption. Finally, the Platform license speaks to the scalability of the appliance. These licenses are “platform” specific and allow you to gain the scalability you need from a licensing stand point, for instance regulating the number of concurrent VPN connections. Thanks for your earlier question. I hope this helps you to better prepare for the CCNA Security exam. Next up I will discuss the key points about the PIX that you will want to understand for the CCNA Security Exam.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.