Cisco ASA: All-in-one Next-Generation Firewall, IPS, and VPN Services (3rd Edition)

Cisco ASA: All-in-one Next-Generation Firewall, IPS, and VPN Services (3rd Edition)

Jazib Frahim, Omar Santos, Andrew Ossipov

Cisco® ASA

All-in-One Next-Generation Firewall, IPS, and VPN prone, 3rd Edition


Identify, mitigate, and reply to today’s highly-sophisticated community attacks.


Today, community attackers are way more refined, relentless, and hazardous. In reaction, Cisco ASA: All-in-One Next-Generation Firewall, IPS, and VPN companies has been absolutely up-to-date to hide the latest suggestions and Cisco applied sciences for maximizing end-to-end protection on your setting. 3 top Cisco safeguard specialists advisor you thru each step of making a whole protection plan with Cisco ASA, after which deploying, configuring, working, and troubleshooting your solution.


Fully up to date for today’s latest ASA releases, this version provides new assurance of ASA 5500-X, ASA 5585-X, ASA prone Module, ASA next-generation firewall prone, EtherChannel, worldwide ACLs, clustering, IPv6 advancements, IKEv2, AnyConnect safe Mobility VPN consumers, and extra. The authors clarify major contemporary licensing adjustments; introduce improvements to ASA IPS; and stroll you thru configuring IPsec, SSL VPN, and NAT/PAT.


You’ll the way to practice Cisco ASA adaptive id and mitigation providers to systematically increase protection in community environments of all sizes and kinds. The authors current up to date pattern configurations, confirmed layout eventualities, and genuine debugs–
all designed that will help you utilize Cisco ASA on your quickly evolving network.


Jazib Frahim, CCIE® No. 5459 (Routing and Switching; Security), Principal Engineer within the worldwide defense recommendations staff, courses top-tier Cisco clients in security-focused community layout and implementation. He architects, develops, and launches new safeguard prone ideas. His books comprise Cisco SSL VPN recommendations and Cisco community Admission keep watch over, quantity II: NAC Deployment and Troubleshooting.


Omar Santos, CISSP No. 463598, Cisco Product defense Incident reaction staff (PSIRT) technical chief, leads and mentors engineers and incident managers in investigating and resolving vulnerabilities in Cisco items and conserving Cisco buyers. via 18 years in IT and cybersecurity, he has designed, applied, and supported a number of safe networks for Fortune® 500 businesses and the U.S. executive. he's additionally the writer of a number of different books and diverse whitepapers and articles.


Andrew Ossipov, CCIE® No. 18483 and CISSP No. 344324, is a Cisco Technical advertising Engineer all in favour of firewalls, intrusion prevention, and knowledge heart protection. Drawing on greater than sixteen years in networking, he works to unravel complicated patron technical difficulties, architect new good points and items, and outline destiny instructions for Cisco’s product portfolio. He holds a number of pending patents.


Understand, set up, configure, license, keep, and troubleshoot the most recent ASA devices

Efficiently enforce Authentication, Authorization, and Accounting (AAA) services

Control and provision community entry with packet filtering, context-aware Cisco ASA next-generation firewall prone, and new NAT/PAT concepts

Configure IP routing, program inspection, and QoS

Create firewall contexts with specific configurations, interfaces, rules, routing tables, and administration

Enable built-in security opposed to many varieties of malware and complex continual threats (APTs) through Cisco Cloud net protection and Cisco protection Intelligence Operations (SIO)

Implement excessive availability with failover and elastic scalability with clustering

Deploy, troubleshoot, computer screen, song, and deal with Intrusion Prevention procedure (IPS) features

Implement site-to-site IPsec VPNs and all varieties of remote-access VPNs (IPsec, clientless SSL, and client-based SSL)

Configure and troubleshoot Public Key Infrastructure (PKI)

Use IKEv2 to extra successfully withstand assaults opposed to VPNs

Leverage IPv6 help for IPS, packet inspection, obvious firewalls, and site-to-site IPsec VPNs



Show sample text content

Download sample