Se ha denunciado esta presentación.
Se está descargando tu SlideShare. ×
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 1
FIREWALL V2.0
642-618 FIREWALL v2.0 Exam...
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 2
Preparing for the FIREWALL v2.0 Exam
• R...
These slides taken from Cisco live 2012/2013 3/26/2014
Eng. Mohannad Alhanahnah 3
Testing Implementation Skills
• Question...
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Próximo SlideShare
Cisco ASA Firewalls
Cisco ASA Firewalls
Cargando en…3
×

Eche un vistazo a continuación

1 de 56 Anuncio

Más Contenido Relacionado

Presentaciones para usted (20)

Similares a CCNP Security-Firewall (20)

Anuncio

Más reciente (20)

CCNP Security-Firewall

  1. 1. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 1 FIREWALL V2.0 642-618 FIREWALL v2.0 Exam • 90-minute exam • Register with Pearson Vue • www.vue.com/.cisco • Exam cost is $200.00 US
  2. 2. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 2 Preparing for the FIREWALL v2.0 Exam • Recommended reading –CCNP Security Firewall 642-618 Quick Reference –CCNP Security FIREWALL 642-618 Official Cert Guide • Cisco learning network • www.cisco.com/go/learnnetspace • Practical experience Test Taking Tips • It’s not possible to cover everything! • We want you to get a feel for the technical level of the exam, not every topic possible • Give you suggestions, resources, some examples • Will focus on key topics
  3. 3. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 3 Testing Implementation Skills • Question formats • Declarative—a declarative exam item tests simple recall of pertinent facts • Procedural—a procedural exam item tests the ability to apply knowledge to solve a given issue • Complex procedural—A complex procedural exam item tests the ability to apply multiple knowledge points to solve a given issue • Types of questions • Drag and drop • Multiple choice • Simulation and simlet Firewall V 2.0 High-Level Topics 1. Cisco Firewall and ASA Technology 2. Cisco ASA Adaptive Security Appliance Basic Configurations 3. ASA Routing Features 4. ASA Inspection Policy 5. ASA Advanced Network Protections 6. ASA High Availability
  4. 4. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 4 What Is a Firewall? • A firewall is a system or group of systems that manages access between two or more networks. Outside Network DMZ Network Inside Network Internet • A firewall is a security device which is configured to permit, deny or proxy data connections set by the organization's security policy. Firewalls can either be hardware or software based • A firewall's basic task is to control traffic between computer networks with different zones of trust • Today’s firewalls combine multilayer stateful packet inspection and multiprotocol application inspection • Modern firewalls have evolved by providing additional services such as VPN, IDS/IPS, and URL filtering • Despite these enhancements, the primary role of the firewall is to enforce security policy
  5. 5. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 5 Cisco Firewall – What is It? • Adaptive Security Appliance (ASA) – firewall appliance, • proprietary OS has one expansion slot for service modules. Ethernet and fiber ports on box. does not run IOS but has a similar look and feel • FireWall Services Module (FWSM) – line card in Catalyst 6500 that provides firewall services. No physical interfaces, uses VLANs as “virtual interfaces” • IOS Device running a firewall feature set in software (IOS- FW). • Cisco’s firewall has been around over 15 years, PIX the legacy platform 1. Cisco Firewall and ASATechnology • Many types of firewalls are in use today and are based various technologies, such as the following: • Static packet filtering • Proxy server • Stateful packet filtering • Stateful packet filtering with application inspection and control • Network intrusion protection system (IPS) • Network behavior analysis
  6. 6. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 6 • The ASA product line offers cost-effective, easy-to-deploy solutions. The product line ranges from compact plug- and-play desktop firewalls such as the ASA 5505 for small offices to carrier-class gigabit firewalls such as the ASA 5580 for the most demanding enterprise and service- provider environments.
  7. 7. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 7 • Cisco ASA features include the following: • State-of-the-art stateful packet inspection firewall • User-based authentication of inbound and outbound connections • Integrated protocol and application inspection engines that examine packet streams at Layers 4 through 7 • Highly flexible and extensible modular security policy framework • Robust virtual private network (VPN) services for secure site-to-site and remote-access connections • Clientless and client-based Secure Sockets Layer (SSL) VPN • Full-featured intrusion prevention system (IPS) services for Day 0 protection against threats, including application and operating system vulnerabilities, directed attacks, worms, and other forms of malware • Denial-of-service (DoS) prevention through mechanisms such as protocol verification to rate limiting connections and traffic flow • Content security services, including URL filtering, antiphishing, antispam, antivirus, antispyware, and content filtering using Trend Micro technologies • Multiple security contexts (virtual firewalls) within a single appliance • Stateful active/active or active/standby failover capabilities that ensure resilient network protection • Transparent deployment of security appliances into existing network environments without requiring re-addressing of the network • Intuitive single-device management and monitoring services with the Cisco Adaptive Security Device Manager (ASDM) and enterprise-class multidevice management services through Cisco Security Manager
  8. 8. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 8 • Service Modules: Three SSMs are available for the ASA: • Advanced Inspection and Prevention Security Services Module (AIP SSM) • Content Security and Control Security Services Module (CSC SSM) • Four-port Gigabit Ethernet SSM 2. Cisco ASAAdaptive SecurityAppliance Basic Configurations • Implementing ASA Licensing: • Base License • Security Plus License • ASA 5505 Adaptive Security Appliance Licensing
  9. 9. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 9 Licensed features for this platform: Maximum Physical Interfaces : 8 VLANs: 3, DMZ Restricted Inside Hosts: Unlimited Failover: Disabled VPN-DES: Enabled VPN-3DES-AES: Disabled VPN Peers: 10 WebVPN Peers: 2 Dual ISPs: Disabled VLAN Trunk Ports: 0 3 possible VLANs and 1 restricted DMZ (Base License) 3 VLANs + Unrestricted DMZ (Security Plus License) Licensed features for this platform: Maximum Physical Interfaces : 8 VLANs: 20, DMZ Unrestricted Inside Hosts: Unlimited Failover: Active/Standby VPN-DES: Enabled VPN-3DES-AES: Enabled VPN Peers: 25 WebVPN Peers: 25 Dual ISPs: Enabled VLAN Trunk Ports: 8
  10. 10. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 10
  11. 11. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 11 Manage the ASA boot process: Implement ASA management features
  12. 12. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 12 SSH Configuration: Steps required to enable SSH follows: Step 1. Configure the hostname. Step 2. Configure the domain name. Step 3. Generate the RSA keys. Step 4. Configure the local authentication. Step 5. Configure SSH on the specific interface. Implement ASA User Roles
  13. 13. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 13 Implement ASA interface settings
  14. 14. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 14 Configure VLANs: • Physical interfaces are separated into sub-interfaces (logical interfaces) • 802.1Q trunking Logical and Physical Interfaces
  15. 15. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 15 Configuring an EtherChannel Interface: Note: The device to which you connect the ASA EtherChannel must also support 802.3ad EtherChannels
  16. 16. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 16 Configure Redundant Interfaces Using ASDM : • A logical redundant interface pairs an active and a standby physical interface. • When the active interface fails, the standby interface becomes active and starts passing traffic. • Used to increase the adaptive security appliance reliability. • You can monitor redundant interfaces for failover using the monitor-interface command
  17. 17. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 17
  18. 18. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 18 Security Appliance ACL Configuration: 1. Security appliance configuration philosophy is interface based * 2. Interface ACL permits or denies the initial packet incoming or outgoing on that interface 3. Return traffic does not need to be specified if inspected 4. ACLs can be simplified by defining object groups for IP addresses and services 5. The implicit access rules applied to the inside interface are as follows: • Permit traffic from anywhere destined to a lower-security interface. • Deny any traffic from anywhere to anywhere. 6. The implicit access rule applied to the outside interface is as follows: • Deny any traffic from anywhere to anywhere. * 8.3 Introduces the concept of the Global ACL (access-group <name> global)
  19. 19. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 19 ASA 8.3 Global Policies: • Until recently, ACLs were applied to firewall interfaces for inbound and outbound traffic • Release 8.3 adds the ability to configure Global Access Policies which are not tied to a specific interface • Interface ACLs take priority over Global Access Policies
  20. 20. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 20
  21. 21. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 21 NAT Overview: • Network Address Translation (NAT) and Port Address Translation (PAT) • Used to translate IP addresses and ports • Not required by default (NAT control is disabled) • Concepts • Static NAT and static policy NAT • Dynamic NAT and dynamic policy NAT • Identity NAT
  22. 22. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 22 NAT Post ASA Version 8.3: NAT is redesigned in 8.3 and above to simplify operations: • A single rule to translate the source and destination IP address. • You can also manually establish the order in which NAT rules are processed. • Introduction of NAT to “any” interface Two Nat modes available in 8.3 and above • Network Object NAT: translation rule that defines a network object. • Well suited for source-only NAT • Sometimes referred to as "Auto-NAT“ • Manual NAT: • Policy based NAT when the source and destination address or port need to be considered • Sometimes referred to as Twice NAT NAT Control One significant change in NAT with software Versions 8.3 and later is that NAT control is no longer a supported option. If a connection finds no translation rules, it passes through the ASA without translation, as long as the connection is allowed by configured access rules and policies (including default behaviors).
  23. 23. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 23 Dynamic NAT Using Network Object NAT : The following example configures dynamic NAT that maps (dynamically hides) the 10.1.1.0 network to the outside interface address:
  24. 24. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 24 Network Object NAT On The ASDM
  25. 25. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 25 Static Object NAT : The following example configures a translation to a Web Server in the DMZ. The external address in DNS is 96.33.100.5 and the internal address is 192.168.1.23: Static PAT (Object NAT): • Used to create translation between a outside interface and local IP address/port. –96.33.100.2/HTTP redirected to 192.168.1.100/HTTP –96.33.100.2/FTP redirected to 192.168.1.101/FTP
  26. 26. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 26 Manual Twice NAT : NAT rule that translates both the source and destination addresses in a packet, NAT can be performed twice, once on the source IP, and once on the destination IP.
  27. 27. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 27 Identity NAT Example (Manual NAT) : A real address is statically translated to itself, essentially bypassing NAT.
  28. 28. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 28 Implement ASA quality of service (QoS) settings: Implement ASA transparent firewall: Differences Between L2 and L3 Operating Modes • The security appliance can run in two mode settings: – Routed—based on IP address (default mode) – Transparent—based on MAC address • One of the main advantages of using an ASA in transparent mode is that you can place the ASA in the network without re-addressing. • The following features are not supported in transparent mode: • NAT • Dynamic routing protocols • IPv6 • DHCP relay • Quality of service • Multicast • VPN termination for through traffic
  29. 29. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 29 Configure Security Appliance for Transparent Mode (L2) : • Layer 3 traffic must be explicitly permitted • Each directly connected network must be on the same subnet • The management IP address must be on the same subnet as the connected network • Do not specify the firewall appliance management IP address as the default gateway for connected devices • Devices need to specify the router on the other side of the firewall appliance as the default gateway • Each interface must be a different VLAN interface
  30. 30. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 30 3. ASARouting Features : ASA Routing Capabilities: • Static routing • Dynamic routing • RIP • OSPF • EIGRP • Multicast Stub or Bi-directional PIM (can’t be configured concurrently) Configuring Static Routes :
  31. 31. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 31 Configuring Dynamic Routing (EIGRP) :
  32. 32. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 32 4. ASAInspection Policy: Advanced Protocol Inspection: Advanced protocol inspection gives you options such as the following for defending against application layer attacks: • Blocking *.exe attachments • Prohibiting use of Kazaa or other peer-to-peer file-sharing programs • Setting limits on URL lengths • Prohibiting file transfer or whiteboard as part of IM sessions • Protecting your web services by ensuring that XML schema is valid • Resetting a TCP session if it contains a string you know is malicious • Dropping sessions with packets that are out of order
  33. 33. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 33 Modular Policy Framework: The Modular Policy Framework (MPF) is an advanced feature of the ASA that provides the security administrator with greater granularity and more flexibility when configuring network policies. The security administrator can do the following: ■ Define flows of traffic. ■ Associate security policies to traffic flows. ■ Enable a set of security policies on an interface or globally. Modular policies consist of the following components: ■ Class maps ■ Policy maps ■ Service policies Configuring Layer 3/4 Inspection: Differentiated Services Code Point (DSCP) is a field in an IP packet that enables different levels of service to be assigned to network traffic. This is achieved by marking each packet on the network with a DSCP code and appropriating to it the corresponding level of service.
  34. 34. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 34 Configuring Layer 7 Inspection: Layer 3/4 Class Maps vs. Layer 7 Class Maps:
  35. 35. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 35 Filtering FTP Commands: Layer 7 Policy Map 20
  36. 36. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 36 Filtering FTP Commands: Layer 7 Policy Map (Cont.) Filtering FTP Commands: Service Policy Rule
  37. 37. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 37 Filtering FTP Commands: Service Policy Rule (Cont.) Regular expression: • The regular expression ".*.([Dd][Oo][Cc]|[Xx][Ll][Ss]|[Pp][Pp][Tt])" will block any website address ending with ".doc," ".xls" or ".ppt" and block the download or opening of these files from a web browser. • The regular expression ".youtube.com" will block any YouTube website address
  38. 38. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 38 5. ASAAdvanced Network Protection: ASA Botnet Traffic Filter: The Cisco ASA 5500 Series Botnet Traffic Filter is a new feature available with the Cisco ASA 8.2 Software Release for botnet traffic detection. The Botnet Traffic Filter monitors network ports across all ports and protocols for rogue activity, and detects infected internal endpoints or bots sending command and control traffic back to a host on the Internet. The command and control hosts receiving the information are accurately identified using the Botnet Traffic Filter database. Botnet Traffic Filter Address Categories Addresses monitored by the Botnet Traffic Filter include: •Known malware addresses—These addresses are on the blacklist identified by the dynamic database and the static blacklist. •Known allowed addresses—These addresses are on the whitelist. The whitelist is useful when an address is blacklisted by the dynamic database and also identified by the static whitelist. •Ambiguous addresses—These addresses are associated with multiple domain names, but not all of these domain names are on the blacklist. These addresses are on the greylist. •Unlisted addresses—These addresses are unknown, and not included on any list. To configure the Botnet Traffic Filter, perform the following steps: 1. Enable use of the dynamic database. 2. (Optional) Add static entries to the database. 3. Enable DNS snooping. 4. Enable traffic classification and actions for the Botnet Traffic Filter. 5. (Optional) Block traffic manually based on syslog message information.
  39. 39. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 39 Configure Threat Detection: • Basic threat detection - Blocks attackers by monitoring rate of dropped packets and security events per second - When event thresholds are exceeded, attackers are blocked - Enabled by default • Scanning threat detection - Blocks attackers performing port scans - Disabled by default
  40. 40. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 40 6. ASAHigh Availability: Configuring Virtual Firewalls : • Enables a physical firewall to be partitioned into multiple standalone firewalls • Each standalone firewall acts and behaves as an independent entity with it’s own –Configuration –Interfaces –Security Policy –Routing Table • Examples scenarios to use Virtual Firewalls –Education network that wants to segregate student networks from teacher networks –Service provider that wants to protect several customers without a physical firewall for each. –Large enterprise with various departments • Context = a virtual firewall • All virtualized firewalls must define a System context and an Admin context at a minimum • There is no policy inheritance between contexts • The system space uses the admin context for network connectivity; system space creates other contexts
  41. 41. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 41 Enabling and Disabling Multiple Context Mode: Selects the context mode as follows: multiple: Sets multiple context mode (mode with security contexts) single: Sets single context mode (mode without security contexts) noconfirm: Sets the mode without prompting you for confirmation mode {single | multiple} [noconfirm] ciscoasa(config)# asa1(config)# mode multiple Before you convert from multiple mode to single mode, copy the backup version of the original running configuration to the current startup configuration. Unsupported Features with Virtualization: • Dynamic routing protocols (EIGRP, OSPF, RIP) are not supported • Multicast routing is not supported (multicast bridging is supported) • MAC addresses for virtual interfaces are automatically set to physical interface MAC • Admin context can be used, but grants root privileges to other contexts, use with caution • VPN services are not supported asa1(config)# context CONTEXT1 Creating context ‘CONTEXT1'... Done. (4) asa1(config-ctx)#
  42. 42. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 42 ciscoasa# changeto {system | context name} asa1# changeto context CONTEXT1 asa1/CONTEXT1# Changes the environment to the system execution space or to the context specified asa1/CONTEXT1# changeto system asa1# Changes the environment to Context 1 Changes the environment to the system execution space Changing Between Contexts: Types of supported failover by ASA: • Hardware failover –Connections are dropped –Client applications must reconnect –Provided by serial or LAN-based failover link –Active/Standby—only one unit can be actively processing traffic while other is hot standby –Active/Active—both units can actively process traffic and serve as backup units • Stateful failover –TCP connections remain active –No client applications need to reconnect –Provides redundancy and stateful connection –Provided by stateful link
  43. 43. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 43 Modes of operation for failover: ■ Active/standby failover ■ Active/active failover Failover Links: ■ LAN-based failover links: the failover messages are transferred over Ethernet connections. LAN-based failover links provide message encryption and authentication using a manual preshared key for added security. LAN-based failover links require an additional Ethernet interface on each ASA to be used exclusively for passing failover communications between two security appliance units. ■ Stateful failover links: passes per-connection stateful information to the standby ASA unit. Stateful failover requires an additional Ethernet interface on each security appliance with a minimum speed of 100 Mbps to be used exclusively for passing state information between the two ASAs. The LAN-based failover interface can also be used as the stateful failover interface. • The primary and secondary security appliances must be identical in the following requirements: – Same model number and hardware configurations – Similar software versions – Same Hardware – Proper licensing (8.3 and above)
  44. 44. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 44 How Failover Works: • Failover link passes Hellos between active and standby units every 15 seconds (tunable from 3-15 seconds) • After three missed hellos, primary unit sends hellos over all interfaces to check health of its peer • Whether a failover occurs depends on the responses received • Interfaces can be prioritized by specifically monitoring them for responses • If the failed interface threshold is reached then a failover occurs What does Stateful Failover Mean? Active/Active Failover Configuration: 1.Cable the interfaces on both ASAs 2.Ensure that both ASAs are in multiple context mode 3.Configure contexts and allocate interfaces to contexts 4.Enable and assign IP addresses to each interface that is allocated to a context 5.Prepare both security appliances for configuration via ASDM 6.Use the ASDM high availability and scalability Wizard to configure the ASA for failover 7.Verify that ASDM configured the secondary ASA with the LAN-based failover command set 8.Save the configuration to the secondary ASA to flash
  45. 45. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 45 Active/Standby Failover Configuration: • One ASA acts as the active or primary and the other acts as a secondary or standby firewall • Primary and secondary communicate over a configured interfaces over the LAN- based interface • The primary is active and passes traffic, in the event of a failure the secondary takes over Steps: 1. Cable the interfaces on both ASAs 2. Prepare both security appliances for configuration via ASDM 3. Use the ASDM high availability and scalability Wizard to configure the primary ASA for failover 4. Verify that ASDM configured the secondary ASA with the LAN-based failover command set 5. Save the configuration to the secondary ASA to flash
  46. 46. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 46 Configure Active/Standby Using ASDM:
  47. 47. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 47
  48. 48. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 48
  49. 49. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 49 Overview: Logging with Syslog • Defined in RFC 3164, syslog is a protocol that allows a host to send event information to a syslog server • Messages are commonly sent via UDP port 514 and are <1024 bytes • By default, syslog provides no concept of authentication or encryption • Events can be sent to a syslog server on any port between 1025 – 65535) via either UDP (default 514) or TCP (default 1470) ASDM Syslog Viewer:
  50. 50. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 50 Packet tracer: Packet Capturing: • Capturing packets is useful when you troubleshoot connectivity problems or monitor suspicious activity. • use the capture command in privileged EXEC mode. • In order to see the details and hexadecimal dump, you need to transfer the buffer in PCAP format and read it with TCPDUMP or Ethereal. • This feature is not supported in ASDM
  51. 51. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 51
  52. 52. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 52 In the new window provide the parameters to capture the INGRESS traffic. Choose the Ingress interface as Inside and provide the source and the destination IP address of the packets to be captured with their subnetmask in the respective space provided. Also, choose the packet type to be captured by ASA. Choose the Egress interface as Outside and provide the source and the destination IP address with their subnetmask
  53. 53. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 53 Provide the Packet size and the Capture buffer size in the respective space provided as these data are required for the capture to take place. Also, remember to check the Use circular buffer check box if you want to use the circular buffer option. This window shows the Access-lists to be configured on the ASA for the the ASA to capture the desired packets and shows the type of packet (IP packets are captured in this example). Click Next.
  54. 54. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 54
  55. 55. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 55
  56. 56. These slides taken from Cisco live 2012/2013 3/26/2014 Eng. Mohannad Alhanahnah 56

×