9781587054570

Summary

The complete guide to the most popular Cisco ASA, PIX, and FWSM firewall security features.

Author Biography

David Hucaby, CCIE No. 4594, is a lead network engineer for the University of Kentucky, where he works with health-care networks based on the Cisco Catalyst, ASA, FWSM, and VPN product lines. He was one of the beta reviewers of the ASA 8.0 operating system software. He has a B.S. and M.S. in electrical engineering from the University of Kentucky. He is the author of three other books from Cisco Press: CCNP BCMSN Official Exam Certification Guide, Cisco Field Manual: Router Configuration, and Cisco Field Manual: Catalyst Switch Configuration.

He lives in Kentucky with his wife, Marci, and two daughters.

Foreword	p. xxii
Introduction xxiii
Firewall Overview 31	p. 1
Overview of Firewall Operation	p. 4
Initial Checking	p. 5
Xlate Lookup	p. 6
Conn Lookup	p. 7
ACL Lookup	p. 8
Uauth Lookup	p. 8
Inspection Engine	p. 9
Inspection Engines for ICMP, UDP, and TCP 9ICMP Inspection	p. 10
A Case Study in ICMP Inspection	p. 12
UDP Inspection 13TCP Inspection	p. 15
Additional TCP Connection Controls	p. 17
TCP Normalization	p. 18
Other Firewall Operations	p. 19
Hardware and Performance	p. 19
Basic Security Policy Guidelines	p. 21
Further Reading	p. 24
Configuration Fundamentals	p. 27
User Interface	p. 27
User Interface Modes	p. 28
User Interface Features	p. 29
Entering Commands	p. 29
Command Help	p. 31
Command History	p. 32
Searching and Filtering Command Output	p. 32
Terminal Screen Format	p. 34
Firewall Features and Licenses	p. 34
Upgrading a License Activation Key	p. 40
Initial Firewall Configuration	p. 41
Building Connectivity	p. 45
Configuring Interfaces	p. 45
Surveying Firewall Interfaces	p. 46
Configuring Interface Redundancy	p. 48
Basic Interface Configuration	p. 50
Interface Configuration Examples	p. 58
Configuring IPv6 on an Interface	p. 60
Testing IPv6 Connectivity	p. 67
Configuring the ARP Cache	p. 68
Configuring Interface MTU and Fragmentation	p. 70
Configuring an Interface Priority Queue	p. 73
Displaying Information About the Priority Queue	p. 77
Firewall Topology Considerations	p. 77
Securing Trunk Links Connected to Firewalls	p. 79
Bypass Links	p. 81
Configuring Routing	p. 83
Using Routing Information to Prevent IP Address Spoofing	p. 84
Configuring Static Routes	p. 86
Static Route Example	p. 89
Favoring Static Routes Based on Reachability	p. 89
Reachable Static Route Example	p. 92
Configuring RIP to Exchange Routing Information	p. 95
RIP Example	p. 97
Configuring EIGRP to Exchange Routing Information	p. 97
An EIGRP Configuration Example	p. 101
Configuring OSPF to Exchange Routing Information	p. 101
OSPF Routing Scenarios with a Firewall	p. 102
OSPF Used Only on the Inside	p. 102
OSPF Used Only on the Outside	p. 102
OSPF Used on Both Sides of the Firewall (Same Autonomous System)	p. 103
OSPF Used on Both Sides of the Firewall (Different Autonomous Systems)	p. 104
Configuring OSPF	p. 105
Redistributing Routes from Another Source into OSPF	p. 112
OSPF Example	p. 115
DHCP Server Functions	p. 116
Using the Firewall as a DHCP Server	p. 117
DHCP Server Example	p. 120
Updating Dynamic DNS from a DHCP Server	p. 120
Verifying DDNS Operation	p. 123
Relaying DHCP Requests to a DHCP Server	p. 124
DHCP Relay Example	p. 125
Multicast Support	p. 126
Multicast Overview	p. 126
Multicast Addressing	p. 127
Forwarding Multicast Traffic	p. 128
Multicast Trees	p. 128
Reverse Path Forwarding	p. 128
IGMP: Finding Multicast Group Recipients	p. 129
IGMPv1	p. 129
IGMPv2	p. 130
PIM: Building a Multicast Distribution Tree	p. 130
PIM Sparse Mode	p. 131
PIM RP Designation	p. 136
Configuring PIM	p. 137
Using a Multicast Boundary to Segregate Domains	p. 142
Filtering PIM Neighbors	p. 143
Filtering Bidirectional PIM Neighbors	p. 144
Configuring Stub Multicast Routing (SMR)	p. 145
Configuring IGMP Operation	p. 147
Stub Multicast Routing Example	p. 150
PIM Multicast Routing Example	p. 151
Verifying IGMP Multicast Operation	p. 151
Verifying PIM Multicast Routing Operation	p. 152
Firewall Management	p. 157
Using Security Contexts to Make Virtual Firewalls	p. 157
Security Context Organization	p. 158
Sharing Context Interfaces	p. 158
Issues
Table of Contents provided by Publisher. All Rights Reserved.

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Excerpts

= 0) {slash = '\\';} else {slash = '/';}openLoc = figLoc.substring(0, figLoc.lastIndexOf(slash) + 1);while (pPage.substring(0,3) == '../') {openLoc = openLoc.substring(0, openLoc.lastIndexOf(slash, openLoc.length - 2)+ 1);pPage = pPage.substring(3, pPage.length + 1);}popUpWin =window.open('','popWin','resizable=1,scrollbars=1,location=0,toolbar=0,width=525,height=394');figDoc = popUpWin.document;zhtm= ' ' + pPage + ' ';zhtm += ' ';zhtm += ' ';zhtm += ' ';zhtm += '' + pPage.substring(pPage.lastIndexOf('/') + 1, pPage.length) + '';zhtm += ' ';figDoc.write(zhtm);figDoc.close();}// modified 3.1.99 RWE v4.1 --> Cisco ASA, PIX, and FWSM Firewall Handbook Cisco ASA, PIX, and FWSM Firewall Handbook IntroductionThis book focuses on the complete product line of Cisco firewall hardware: the PIX and ASA Security Appliance families and the Catalyst Firewall Services Module (FWSM). Of the many sources of information and documentation about Cisco firewalls, very few provide a quick and portable solution for networking professionals.This book is designed to provide a quick and easy reference guide for all the features that can be configured on any Cisco firewall. In essence, an entire bookshelf of firewall documentation, along with other networking reference material, has been "squashed" into one handy volume.This book covers only the features that can be used for stateful traffic inspection and overall network security. Although Cisco firewalls can also support VPN functions, those subjects are not covered here.This book is based on the most current Cisco firewall software releases available at press time--ASA release 8.0(1) and FWSM release 3.2(1).In the book, you will find ASA, PIX, and FWSM commands presented side-by-side for any specific task. The command syntax is shown with a label indicating the type of software that is running, according to the following convention:ASA--Refers to any platform that can run ASA release 7.0(1) or later. This can include the ASA 5500 family, as well as the PIX 500 family. For example, even though a PIX 535 can run a specific build of the ASA 8.0(1) code, the commands are still labeled "ASA" to follow the operating system being used.PIX--Refers to a PIX release 6.3.FWSM--Refers to FWSM release 3.1(1) or later.If you are using an earlier version of software, you might find that the configuration commands differ slightly.With the advent of the ASA platform, Cisco began using different terminology: firewalls became known assecurity appliancesbecause of the rich security features within the software and because of the mo

Amazon no longer offers textbook rentals. We do!

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

Cisco Asa, Pix, and Fwsm Firewall Handbook

1587054574

Supplemental Materials

Summary

Author Biography

Table of Contents

Supplemental Materials

Excerpts

Rewards Program