Cisco ASA All-in-one Next-Generation Firewall, IPS, and VPN Services

by ; ;
  • ISBN13:


  • ISBN10:


  • Edition: 3rd
  • Format: Paperback
  • Copyright: 4/30/2014
  • Publisher: Cisco Press
  • Purchase Benefits
  • Free Shipping On Orders Over $59!
    Your order must be $59 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • Get Rewarded for Ordering Your Textbooks! Enroll Now
List Price: $82.99 Save up to $12.45
  • Buy New
    Add to Cart Free Shipping


Supplemental Materials

What is included with this book?

  • The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
  • The eBook copy of this book is not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.


This is the definitive, up-to-date practitioner's guide to planning, deploying, and troubleshooting comprehensive security plans with Cisco ASA. Authored by two experienced Cisco Security and VPN Solutions consultants who work closely with customers to solve security problems every day, the book brings together valuable insights and real-world deployment examples for both large and small network environments. Jazib Frahim and Omar Santos begin by introducing the newest ASA Firewall Solution and its capabilities> Next, they walk through configuring and troubleshooting both site-to-site and remote access VPNs, and implementing Intrusion Prevention System (IPS) features supported by the ASA's Advanced Inspection and Prevention Security Services Module (AIP-SSM). Each chapter is comprised of many sample configurations, accompanied by in-depth analysis of design scenarios, plus a complete set of debugs in every section. Fully updated for the newest ASA product releases, Cisco ASA, Third Editionadds new coverage of: * ASA 5585X and ASA-SM * Major updates to license configurations * EtherChannel setup * Global ACLs * Configuring WCCP, WAAS, and NAT post-8.2 behavior * Identity-aware firewalls * IPv6 inspections * Major changes to IPS and AIP-SSM configuration and troubleshooting * IKEv1 and IKEv2 support * IPv6 support on site-to-site IPsec VPNs * AnyConnect Secure Mobility VPN clients, and more

Author Biography

Jazib Frahim, CCIE No. 5459, is a Principal Engineer in the Global Security Services Practice at Cisco. He has been with Cisco for over 15 years, with a focus on cyber-security and emerging security technologies. Jazib is also responsible for guiding customers in

the design and implementation of security solutions and technologies in their networks with a focus on network security. He leads a team of solutions architects to guide them through the lifecycle of services and solutions development. Jazib has also been engaged

in the development of a number of customer-focused services, such as managed threat defense, network-based identity, bring-your-own-device (BYOD), and many others. Jazib holds a bachelor’s degree in computer engineering from Illinois Institute of

Technology and a master’s degree in business administration (MBA) from North Carolina State University. In addition to CISSP, Jazib also holds two CCIEs, one in routing and switching and the other in security. He has presented at many industry events, such as Cisco Live, Interop, and ISSA, on multiple occasions. He has also authored and coauthored numerous technical documents, whitepapers, and books, including the following Cisco Press titles:


Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance

Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance, Second Edition

Cisco Network Admission Control, Volume II: NAC Deployment and Troubleshooting

SSL Remote Access VPNs


Omar Santos, CISSP No. 463598 is a Senior Incident Manager of Cisco’s Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities in all Cisco products. Omar has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government. Prior to his current role, he was a technical leader within the World Wide Security Practice and Cisco’s Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations. Omar is an active member of the security community, where he leads several industrywide initiatives and standards bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of the critical infrastructure. Omar has delivered numerous technical presentations at conferences and to Cisco customers and partners, as well as many C-level executive presentations to many organizations. He has authored numerous whitepapers, articles, and security configuration guidelines and best practices, and has also authored or coauthored the following Cisco Press books:


Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance

Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security

Cisco Network Admission Control, Volume II: NAC Deployment and Troubleshooting

End-to-End Network Security: Defense-in-Depth


Andrew Ossipov, CCIE No. 18483 and CISSP No. 344324, is currently a Technical Marketing Engineer at Cisco with primary concentration on firewall, intrusion prevention, and other Cisco Data Center Security solutions. With over 15 years of networking

experience, Andrew previously worked with LAN switching, routing protocol, and network data storage technologies and performed academic research in the area of VoIP. At Cisco, Andrew is involved in a broad range of activities that include solving customers’ technical problems of the highest complexity, architecting features and products, and defining the future direction of the product portfolio. He is an inventor and co-inventor of multiple pending cross-technology patents. Andrew received his bachelor of science in computer engineering and master of science in electrical engineering degrees from Wichita State University.

Table of Contents

Part I Product Overview
1. Introduction to Security Technologies
2. Cisco ASA Product and Solution Overview
3. Licensing
4. Initial Setup
5. System Maintenance
6. IPv6 Support

Part II Firewall Technology
7. Controlling Network Access
8. Network Address Translation
9. ASA IP Routing
10. Multicast Routing
11. Authentication, Authorization, and Accounting (AAA) Services
12. ASA Application Inspection (Fixup protocols)
13. Virtualization
14. Transparent Firewalls
15. Failover and Redundancy
16. Quality of Service (QoS)

Part III Intrusion Prevention System (IPS) Solution
17. Configuring and Troubleshooting Intrusion Prevention System (IPS) Technologies
18. Tuning and Monitoring (IPS)

Part V Virtual Private Network (VPN) Solutions
19. Site-to-site IPSec VPNs
20. IPSec Remote Access VPNs
21. Configuring and Troubleshooting Public Key Infrastructure (PKI)
22. Clientless Remote Access SSL VPN (104 pages)
23. Client-based Remote Access SSL VPN


Rewards Program

Write a Review