CCNP Security FIREWALL 642-618 Official Cert Guide

• Copyright 2012
• Edition: 1st

• Book
• ISBN-10: 1-58714-271-6
• ISBN-13: 978-1-58714-271-0

Trust the best selling Official Cert Guide series from Cisco Press to help you learn, prepare, and practice for exam success. They are built with the objective of providing assessment, review, and practice to help ensure you are fully prepared for your certification exam.

CCNP Security FIREWALL 642-618 Official Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

·         Master Cisco CCNP Security FIREWALL exam topics

·         Assess your knowledge with chapter-opening quizzes

·         Review key concepts with exam preparation tasks

·         Practice with realistic exam questions on the CD-ROM

CCNP Security FIREWALL 642-618 Official Cert Guide, focuses specifically on the objectives for the CCNP Security FIREWALL exam. Expert networking consultants Dave Hucaby, Dave Garneau, and Anthony Sequeira share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

The companion CD-ROM contains a powerful Pearson IT Certification Practice Test engine that enables you to focus on individual topic areas or take a complete, timed exam. The assessment engine also tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.

Well-regarded for its level of detail, assessment features, comprehensive design scenarios, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

The official study guide helps you master all the topics on the CCNP Security FIREWALL exam, including:

• ASA interfaces
• IP connectivity
• ASA management
• Recording ASA activity
• Address translation
• Access control
• Proxy services
• Traffic inspection and handling
• Transparent firewall mode
• Virtual firewalls
• High availability
• ASA service modules

CCNP Security FIREWALL 642-618 Official Cert Guide is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

The print edition of the CCNP Security FIREWALL 642-618 Official Cert Guide contains a free, complete practice exam.

Also available from Cisco Press for Cisco CCNP Security study is the CCNP Security FIREWALL 642-618 Official Cert Guide Premium Edition eBook and Practice Test. This digital-only certification preparation product combines an eBook with enhanced Pearson IT Certification Practice Test.

This integrated learning package:

·         Allows you to focus on individual topic areas or take complete, timed exams

·         Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions

·         Provides unique sets of exam-realistic practice questions

·         Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

Author's Site

Author suggested sites: dhucaby.wordpress.com and stormwindlive.com

The exciting new CCNP Security FIREWALL 642-618 Official Cert Guide, Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson IT Certification Practice Test.  The Premium Edition eBook and Practice Test contains the following items:

• The CCNP Security FIREWALL Premium Edition Practice Test, including three full practice exams and enhanced practice test features
• PDF and EPUB formats of the CCNP Security FIREWALL 642-618 Official Cert Guide from Cisco Press, which are accessible via your PC, tablet, and Smartphone

About the Premium Edition Practice Test

This Premium Edition contains an enhanced version of the Pearson IT Certification Practice Test (PCPT) software with three full practice exams. In addition, it contains all the chapter-opening assessment questions from the book. This integrated learning package:

• Allows you to focus on individual topic areas or take complete, timed exams
• Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions
• Provides unique sets of exam-realistic practice questions
• Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

Pearson IT Certification Practice Test minimum system requirements:

Windows XP (SP3), Windows Vista (SP2), or Windows 7;

Microsoft .NET Framework 4.0 Client;

Pentium class 1GHz processor (or equivalent);

512 MB RAM;

650 MB disc space plus 50 MB for each downloaded practice exam

About the Premium Edition eBook

CCNP Security FIREWALL 642-618 Official Cert Guide focuses specifically on the objectives for the CCNP Security FIREWALL exam. Senior security consultants and instructors David Hucaby, David Garneau, and Anthony Sequeira share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

CCNP Security FIREWALL 642-618 Official Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. “Do I Know This Already” quizzes open each chapter and allow you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

This official study guide helps you master all the topics on the CCNP Security FIREWALL exam, including

• ASA interfaces
• IP connectivity
• ASA management
• Recording ASA activity
• Address translation
• Access control
• Proxy services
• Traffic inspection and handling
• Transparent firewall mode
• Virtual firewalls
• High availability
• ASA service modules

Online Sample Chapter

CCNP Security Firewall Cert Guide: Configuring ASA Interfaces

Sample Pages

Download the sample pages (includes Chapter 3 and Index)

Table of Contents

    Introduction xxv

Chapter 1 Cisco ASA Adaptive Security Appliance Overview 3

    “Do I Know This Already?” Quiz 3

    Foundation Topics 7

    Firewall Overview 7

    Firewall Techniques 11

        Stateless Packet Filtering 11

        Stateful Packet Filtering 12

        Stateful Packet Filtering with Application Inspection and Control 12

        Network Intrusion Prevention System 13

        Network Behavior Analysis 14

        Application Layer Gateway (Proxy) 14

    Cisco ASA Features 15

    Selecting a Cisco ASA Model 18

        ASA 5505 18

        ASA 5510, 5520, and 5540 19

        ASA 5550 20

        ASA 5580 21

        Security Services Modules 22

        Advanced Inspection and Prevention (AIP) SSM 22

        Content Security and Control (CSC) SSM 23

        4-port Gigabit Ethernet (4GE) SSM 24

        ASA 5585-X 24

        ASA Performance Breakdown 25

    Selecting ASA Licenses 29

    ASA Memory Requirements 31

    Exam Preparation Tasks 33

    Review All Key Topics 33

    Define Key Terms 33

Chapter 2 Working with a Cisco ASA 35

    “Do I Know This Already?” Quiz 35

    Foundation Topics 40

    Using the CLI 40

        Entering Commands 41

        Command Help 43

        Searching and Filtering Command Output 45

        Command History 45

        Terminal Screen Format 47

    Using Cisco ASDM 47

    Understanding the Factory Default Configuration 52

    Working with Configuration Files 54

        Clearing an ASA Configuration 57

    Working with the ASA File System 58

        Navigating an ASA Flash File System 59

        Working with Files in an ASA File System 60

    Reloading an ASA 63

        Upgrading the ASA Software at the Next Reload 65

        Performing a Reload 66

        Manually Upgrading the ASA Software During a Reload 67

    Exam Preparation Tasks 71

    Review All Key Topics 71

    Define Key Terms 71

    Command Reference to Check Your Memory 71

Chapter 3 Configuring ASA Interfaces 75

    “Do I Know This Already?” Quiz 75

    Foundation Topics 80

    Configuring Physical Interfaces 80

        Default Interface Configuration 82

        Configuring Physical Interface Parameters 83

        Mapping ASA 5505 Interfaces to VLANs 84

        Configuring Interface Redundancy 84

        Configuring an EtherChannel 87

    Configuring VLAN Interfaces 95

        VLAN Interfaces and Trunks on ASA 5510 and Higher Platforms 95

        VLAN Interfaces and Trunks on an ASA 5505 97

    Configuring Interface Security Parameters 98

        Naming the Interface 98

        Assigning an IP Address 99

        Setting the Security Level 100

        Interface Security Parameters Example 103

    Configuring the Interface MTU 104

    Verifying Interface Operation 107

    Exam Preparation Tasks 109

    Review All Key Topics 109

    Define Key Terms 109

    Command Reference to Check Your Memory 109

Chapter 4 Configuring IP Connectivity 113

    “Do I Know This Already?” Quiz 113

    Foundation Topics 117

    Deploying DHCP Services 117

        Configuring a DHCP Relay 117

        Configuring a DHCP Server 119

    Using Routing Information 122

    Configuring Static Routing 124

        Tracking a Static Route 126

    Routing with RIPv2 132

    Routing with EIGRP 135

    Routing with OSPF 142

        An Example OSPF Scenario 142

    Verifying the ASA Routing Table 151

    Exam Preparation Tasks 154

    Review All Key Topics 154

    Define Key Terms 154

    Command Reference to Check Your Memory 154

Chapter 5 Managing a Cisco ASA 161

    “Do I Know This Already?” Quiz 161

    Foundation Topics 165

    Basic Device Settings 165

        Configuring Device Identity 165

        Configuring Basic Authentication 166

    Configuring DNS Resolution 168

        Configuring DNS Server Groups 168

        Verifying Basic Device Settings 168

        Verifying DNS Resolution 170

    File System Management 171

        File System Management Using ASDM 171

        File System Management Using the CLI 172

        dir 172

        more 173

        copy 173

        delete 173

        rename 173

        mkdir 174

        cd 174

        rmdir 174

        fsck 175

        pwd 175

        format or erase 176

    Managing Software and Feature Activation 176

        Managing Cisco ASA Software and ASDM Images 177

        Upgrading Files from a Local PC or Directly from Cisco.com 179

        Considerations When Upgrading from OS Version 8.2 to 8.3 or Higher 181

        License Management 182

        Upgrading the Image and Activation Key at the Same Time 183

        Cisco ASA Software and License Verification 183

    Configuring Management Access 186

        Overview of Basic Procedures 186

        Configuring Remote Management Access 188

        Configuring an Out-of-Band Management Interface 189

        Configuring Remote Access Using Telnet 190

        Configuring Remote Access Using SSH 192

        Configuring Remote Access Using HTTPS 194

        Creating a Permanent Self-Signed Certificate 194

        Obtaining an Identity Certificate by PKI Enrollment 196

        Deploying an Identity Certificate 197

        Configuring Management Access Banners 199

    Controlling Management Access with AAA 201

        Creating Users in the Local Database 203

        Using Simple Password-Only Authentication 205

        Configuring AAA Access Using the Local Database 205

        Configuring AAA Access Using Remote AAA Server(s) 208

        Step 1: Create a AAA Server Group and Configure How Servers in the Group Are Accessed 208

        Step 2: Populate the Server Group with Member Servers 209

        Step 3: Enable User Authentication for Each Remote Management Access Channel 210

        Configuring Cisco Secure ACS for Remote Authentication 211

        Configuring AAA Command Authorization 214

        Configuring Local AAA Command Authorization 215

        Configuring Remote AAA Command Authorization 219

        Configuring Remote AAA Accounting 222

        Verifying AAA for Management Access 223

    Configuring Monitoring Using SNMP 225

    Troubleshooting Remote Management Access 230

        Unlocking Locked and Disabled User Accounts 231

    Cisco ASA Password Recovery 232

        Performing Password Recovery 232

        Enabling or Disabling Password Recovery 233

    Exam Preparation Tasks 235

    Review All Key Topics 235

    Command Reference to Check Your Memory 235

Chapter 6 Recording ASA Activity 243

    “Do I Know This Already?” Quiz 243

    Foundation Topics 247

    System Time 247

        NTP 249

        Verifying System Time Settings 251

    Managing Event and Session Logging 252

        NetFlow Support 254

        Logging Message Format 254

        Message Severity 255

    Configuring Event and Session Logging 255

        Configuring Global Logging Properties 256

        Altering Settings of Specific Messages 258

        Configuring Event Filters 261

        Configuring Individual Event Destinations 262

        Internal Buffer 262

        ASDM 264

        Syslog Server(s) 265

        Email 267

        NetFlow 269

        Telnet or SSH Sessions 271

    Verifying Event and Session Logging 271

        Implementation Guidelines 272

    Troubleshooting Event and Session Logging 273

        Troubleshooting Commands 273

    Exam Preparation Tasks 275

    Review All Key Topics 275

    Command Reference to Check Your Memory 275

Chapter 7 Using Address Translation 279

    “Do I Know This Already?” Quiz 281

    Foundation Topics 288

    Understanding How NAT Works 288

    Implementing NAT in ASA Software Versions 8.2 and Earlier 290

        Enforcing NAT 290

        Address Translation Deployment Options 291

        NAT Versus PAT 292

        Input Parameters 293

        Deployment Choices 295

        NAT Exemption 296

        Configuring NAT Control 296

        Configuring Dynamic Inside NAT 298

        Configuring Dynamic Inside PAT 304

        Configuring Dynamic Inside Policy NAT 308

        Verifying Dynamic Inside NAT and PAT 311

        Configuring Static Inside NAT 312

        Configuring Network Static Inside NAT 315

        Configuring Static Inside PAT 317

        Configuring Static Inside Policy NAT 320

        Verifying Static Inside NAT and PAT 323

        Configuring No-Translation Rules 324

        Configuring Dynamic Identity NAT 325

        Configuring Static Identity NAT 326

        Configuring NAT Bypass (NAT Exemption) 328

        NAT Rule Priority 330

        Configuring Outside NAT 330

        Other NAT Considerations 333

        DNS Rewrite (Also Known as DNS Doctoring) 333

        Integrating NAT with ASA Access Control 335

        Integrating NAT with MPF 336

        Integrating NAT with AAA (Cut-Through Proxy) 337

        Troubleshooting Address Translation 337

        Improper Translation 337

        Protocols Incompatible with NAT or PAT 337

        Proxy ARP 338

        NAT-Related Syslog Messages 338

    Implementing NAT in ASA Software Versions 8.3 and Later 339

        Major Differences in NAT Beginning in Software Version 8.3 339

        Network Objects 339

        NAT Control 340

        Integrating NAT with Other ASA Functions 340

        NAT “Direction” 340

        NAT Rule Priority 340

        New NAT Options in OS Versions 8.3 and Later 340

        NAT Table 341

        Configuring Auto (Object) NAT 343

        Configuring Static Translations Using Auto NAT 344

        Configuring Static Port Translations Using Auto NAT 349

        Comparing Static NAT Configurations from OS Versions 8.2 and 8.3 351

        Configuring Dynamic Translations Using Auto NAT 352

        Using Object Groups in NAT Rules 357

        Comparing Dynamic NAT Configurations from OS Versions 8.2 and 8.3 360

        Verifying Auto (Object) NAT 361

        Configuring Manual NAT 363

        Examining the Syntax of the Manual NAT Command 368

        Configuring a NAT Exemption Using Manual NAT 369

        Configuring Twice NAT 370

        Configuring Translations Using Manual NAT After Auto NAT 373

        Configuring a Unidirectional Manual Static NAT Rule 376

        Inserting a Manual NAT Rule in a Specific Location 377

        Comparing Manual NAT Configurations from OS versions 8.2 and 8.3 378

        When Not to Use NAT 380

        Tuning NAT 380

        Troubleshooting NAT 382

        Improper Translation 382

        Proxy ARP and Syslog Messages 384

        Egress Interface Selection 384

    Exam Preparation Tasks 385

    Review All Key Topics 385

    Define Key Terms 386

    Command Reference to Check Your Memory 386

Chapter 8 Controlling Access Through the ASA 391

    “Do I Know This Already?” Quiz 392

    Foundation Topics 397

    Understanding How Access Control Works 397

    State Tables 397

        Connection Table 398

        TCP Connection Flags 401

        Inside and Outside, Inbound and Outbound 403

        Local Host Table 403

        State Table Logging 405

    Understanding Interface Access Rules 405

        Stateful Filtering 406

        Interface Access Rules and Interface Security Levels 408

        Interface Access Rules Direction 408

    Default Access Rules 410

    The Global ACL 411

    Configuring Interface Access Rules 412

        Access Rule Logging 417

        Configuring the Global ACL 421

        Cisco ASDM Public Server Wizard 424

        Configuring Access Control Lists from the CLI 425

        Implementation Guidelines 426

    Time-Based Access Rules 427

        Configuring Time Ranges from the CLI 432

    Verifying Interface Access Rules 432

        Managing Rules in Cisco ASDM 434

        Managing Access Rules from the CLI 437

    Organizing Access Rules Using Object Groups 438

    Verifying Object Groups 450

    Configuring and Verifying Other Basic Access Controls 454

        Shunning 455

    Troubleshooting Basic Access Control 457

        Examining Syslog Messages 457

        Packet Capture 459

        Packet Tracer 460

        Suggested Approach to Access Control Troubleshooting 462

    Exam Preparation Tasks 464

    Review All Key Topics 464

    Command Reference to Check Your Memory 465

Chapter 9 Inspecting Traffic 473

    “Do I Know This Already?” Quiz 473

    Foundation Topics 479

    Understanding the Modular Policy Framework 479

    Configuring the MPF 482

    Configuring a Policy for Inspecting OSI Layers 3 and 4 484

        Step 1: Define a Layers 3–4 Class Map 484

        Step 2: Define a Layers 3–4 Policy Map 486

        Step 3: Apply the Policy Map to the Appropriate Interfaces 490

        Creating a Security Policy in ASDM 490

        Tuning Basic Layers 3–4 Connection Limits 495

        Inspecting TCP Parameters with the TCP Normalizer 499

        Configuring ICMP Inspection 505

    Configuring Dynamic Protocol Inspection 507

        Configuring Custom Protocol Inspection 514

    Configuring a Policy for Inspecting OSI Layers 5–7 517

        Configuring HTTP Inspection 518

        Configuring HTTP Inspection Policy Maps Using the CLI 519

        Configuring HTTP Inspection Policy Maps

        Using ASDM 527

        Configuring FTP Inspection 539

        Configuring FTP Inspection Using the CLI 540

        Configuring FTP Inspection Using ASDM 542

        Configuring DNS Inspection 546

        Creating and Applying a DNS Inspection Policy Map Using the CLI 546

        Creating and Applying a DNS Inspection Policy Map

        Using ASDM 549

        Configuring ESMTP Inspection 552

        Configuring an ESMTP Inspection with the CLI 553

        Configuring an ESMTP Inspection with ASDM 556

        Configuring a Policy for ASA Management Traffic 559

    Detecting and Filtering Botnet Traffic 561

        Configuring Botnet Traffic Filtering with ASDM 564

        Step 1: Configure the Dynamic Database 565

        Step 2: Configure the Static Database 565

        Step 3: Enable DNS Snooping 566

        Step 4: Enable the Botnet Traffic Filter 566

        Configuring Botnet Traffic Filtering with the CLI 568

        Step 1: Configure the Dynamic Database 568

        Step 2: Configure the Static Database 568

        Step 3: Enable DNS Snooping 568

        Step 4: Enable the Botnet Traffic Filter 569

    Using Threat Detection 570

        Configuring Threat Detection in ASDM 571

        Step 1: Configure Basic Threat Detection 571

        Step 2: Configure Advanced Threat Detection 571

        Step 3: Configure Scanning Threat Detection 572

        Configuring Threat Detection with the CLI 572

        Step 1: Configure Basic Threat Detection 573

        Step 2: Configure Advanced Threat Detection 576

        Step 3: Configure Scanning Threat Detection 577

    Exam Preparation Tasks 579

    Review All Key Topics 579

    Define Key Terms 580

    Command Reference to Check Your Memory 580

Chapter 10 Using Proxy Services to Control Access 583

    “Do I Know This Already?” Quiz 583

    Foundation Topics 586

    User-Based (Cut-Through) Proxy Overview 586

        User Authentication 586

        User Authentication and Access Control 587

        Implementation Examples 587

    AAA on the ASA 587

        AAA Deployment Options 587

    User-Based Proxy Preconfiguration Steps and Deployment Guidelines 588

        User-Based Proxy Preconfiguration Steps 588

        User-Based Proxy Deployment Guidelines 589

    Direct HTTP Authentication with the Cisco ASA 589

        HTTP Redirection 590

        Virtual HTTP 590

    Direct Telnet Authentication 590

    Configuration Steps of User-Based Proxy 591

    Configuring User Authentication 591

        Configuring an AAA Group 591

        Configuring an AAA Server 592

        Configuring the Authentication Rules 593

        Verifying User Authentication 595

        Configuring HTTP Redirection 595

        Configuring the Virtual HTTP Server 596

        Configuring Direct Telnet 596

    Configuring Authentication Prompts and Timeouts 596

        Configuring Authentication Prompts 597

        Configuring Authentication Timeouts 598

    Configuring User Authorization 598

        Per-User Override 599

        Configuring Downloadable ACLs 600

        Configuring Per-User Override 600

        Verification 600

    Configuring User Session Accounting 601

        Configuring User Session Accounting 601

        Verification 602

    Troubleshooting Cut-Through Proxy Operations 602

        A Structured Approach 602

        System Messages 602

    Using Proxy for IP Telephony and Unified TelePresence 603

    Exam Preparation Tasks 604

    Review All Key Topics 604

    Define Key Terms 604

    Command Reference to Check Your Memory 604

Chapter 11 Handling Traffic 607

    “Do I Know This Already?” Quiz 607

    Foundation Topics 610

    Handling Fragmented Traffic 610

    Prioritizing Traffic 612

    Controlling Traffic Bandwidth 616

        Configuring a Traffic Policer 618

        Configuring Traffic Shaping 621

    Exam Preparation Tasks 625

    Review All Key Topics 625

    Define Key Terms 625

    Command Reference to Check Your Memory 625

Chapter 12 Using Transparent Firewall Mode 629

    “Do I Know This Already?” Quiz 629

    Foundation Topics 632

    Firewall Mode Overview 632

    Configuring Transparent Firewall Mode 635

    Controlling Traffic in Transparent Firewall Mode 639

    Using ARP Inspection 642

    Disabling MAC Address Learning 645

    Exam Preparation Tasks 648

    Review All Key Topics 648

    Define Key Terms 648

    Command Reference to Check Your Memory 648

Chapter 13 Creating Virtual Firewalls on the ASA 651

    “Do I Know This Already?” Quiz 651

    Foundation Topics 654

    Cisco ASA Virtualization Overview 654

        A High-Level Examination of a Virtual Firewall’s Configuration 654

        The System Configuration, System Context, and Other Security Contexts 655

        Packet Classification 655

    Virtual Firewall Deployment Guidelines 656

        Deployment Choices 657

        Deployment Guidelines 657

        Limitations 658

    Configuration Tasks Overview 658

    Configuring Security Contexts 658

        The Admin Context 659

        Configuring Multiple Mode 659

        Creating a Security Context 659

    Verifying Security Contexts 661

    Managing Security Contexts 661

        Packet Classification Configuration 662

        Changing the Admin Context 662

        Editing and Removing Contexts 663

    Configuring Resource Management 663

        The Default Class 663

        Creating a New Resource Class 663

    Verifying Resource Management 665

    Troubleshooting Security Contexts 665

    Exam Preparation Tasks 667

    Review All Key Topics 667

    Define Key Terms 667

    Command Reference to Check Your Memory 667

Chapter 14 Deploying High Availability Features 671

    “Do I Know This Already?” Quiz 671

    Foundation Topics 675

    ASA Failover Overview 675

        Failover Roles 675

        Detecting an ASA Failure 681

    Configuring Active-Standby Failover Mode 683

        Configuring Active-Standby Failover with the ASDM Wizard 683

        Configuring Active-Standby Failover Manually in ASDM 687

        Configuring Active-Standby Failover with the CLI 689

        Step 1: Configure the Primary Failover Unit 689

        Step 2: Configure Failover on the Secondary Device 690

    Configuring Active-Active Failover Mode 692

        Configuring Active-Active Failover in ASDM 692

        Configuring Active-Active Failover with the CLI 696

        Step 1: Configure the Primary ASA Unit 696

        Step 2: Configure the Secondary ASA Unit 697

    Tuning Failover Operation 701

        Configuring Failover Timers 701

        Configuring Failover Health Monitoring 702

        Detecting Asymmetric Routing 703

        Administering Failover 705

    Verifying Failover Operation 706

    Leveraging Failover for a Zero Downtime Upgrade 708

    Exam Preparation Tasks 710

    Review All Key Topics 710

    Define Key Terms 710

    Command Reference to Check Your Memory 710

Chapter 15 Integrating ASA Service Modules 715

    “Do I Know This Already?” Quiz 715

    Foundation Topics 718

    Cisco ASA Security Services Modules Overview 718

        Module Components 718

        General Deployment Guidelines 719

        Overview of the Cisco ASA Content Security and Control SSM 719

        Cisco Content Security and Control SSM Licensing 720

        Overview of the Cisco ASA Advanced Inspection and Prevention SSM and SSC 720

        Inline Operation 720

        Promiscuous Operation 721

        Supported Cisco IPS Software Features 721

    Installing the ASA AIP-SSM and AIP-SSC 721

        The Cisco AIP-SSM and AIP-SSC Ethernet Connections 722

        Failure Management Modes 722

        Managing Basic Features 722

        Initializing the AIP-SSM and AIP-SSC 723

        Configuring the AIP-SSM and AIP-SSC 723

    Integrating the ASA CSC-SSM 724

        Installing the CSC-SSM 724

        Ethernet Connections 724

        Managing the Basic Features 724

        Initializing the Cisco CSC-SSM 725

        Configuring the CSC-SSM 725

    Exam Preparation Tasks 726

    Review All Key Topics 726

    Define Key Terms 726

    Command Reference to Check Your Memory 726

Chapter 16 Traffic Analysis Tools 729

    “Do I Know This Already?” Quiz 729

    Foundation Topics 733

    Testing Network Connectivity 733

    Using Packet Tracer 737

    Using Packet Capture 742

        Using the Packet Capture Wizard in ASDM 742

        Capturing Packets from the CLI 746

        Controlling a Capture Session 751

    Copying Capture Buffer Contents 751

        Capturing Dropped Packets 752

        Combining Packet Tracer and Packet Capture 760

    Summary 761

    Exam Preparation Tasks 762

    Review All Key Topics 762

    Command Reference to Check Your Memory 762

Chapter 17 Final Preparation 765

    Tools for Final Preparation 765

        Pearson Cert Practice Test Engine and Questions on the CD 765

        Install the Software from the CD 766

        Activate and Download the Practice Exam 766

        Activating Other Exams 767

        Premium Edition 767

        Cisco Learning Network 767

        Chapter-Ending Review Tools 767

    Suggested Plan for Final Review/Study 768

        Using the Exam Engine 768

    Summary 769

Appendix A Answers to the “Do I Know This Already?” Quizzes 771

Appendix B CCNP Security 642-618 FIREWALL Exam Updates: Version 1.0 777

Glossary of Key Terms 779

9781587142710, TOC, 4/25/2012

Errata

Download the errata

Submit Errata