Cisco-secure-pix-firewall-advanced-101.pdf

CSPFA

Cisco Secure PIX

Firewall Advanced

Student Guide

Version 1.01

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134-1706 USA

The products and specifications, configurations, and other technical information regarding the products in this

manual are subject to change without notice. All statements, technical information, and recommendations in this

manual are believed to be accurate but are presented without warranty of any kind, express or implied. You must

take full responsibility for their application of any products specified in this manual.

LICENSE

PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THE MANUAL,

DOCUMENTATION, AND/OR SOFTWARE (ÐMATERIALSÑ). BY USING THE MATERIALS YOU AGREE

TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS LICENSE. IF YOU DO NOT AGREE WITH

THE TERMS OF THIS LICENSE, PROMPTLY RETURN THE UNUSED MATERIALS (WITH PROOF OF

PAYMENT) TO THE PLACE OF PURCHASE FOR A FULL REFUND.

Cisco Systems, Inc. (ÐCiscoÑ) and its suppliers grant to you (ÐYouÑ) a nonexclusive and nontransferable license

to use the Cisco Materials solely for Your own personal use. If the Materials include Cisco software (ÐSoftwareÑ),

Cisco grants to You a nonexclusive and nontransferable license to use the Software in object code form solely on

a single central processing unit owned or leased by You or otherwise embedded in equipment provided by Cisco.

You may make one (1) archival copy of the Software provided You affix to such copy all copyright,

confidentiality, and proprietary notices that appear on the original. EXCEPT AS EXPRESSLY AUTHORIZED

ABOVE, YOU SHALL NOT: COPY, IN WHOLE OR IN PART, MATERIALS; MODIFY THE SOFTWARE;

REVERSE COMPILE OR REVERSE ASSEMBLE ALL OR ANY PORTION OF THE SOFTWARE; OR

RENT, LEASE, DISTRIBUTE, SELL, OR CREATE DERIVATIVE WORKS OF THE MATERIALS.

You agree that aspects of the licensed Materials, including the specific design and structure of individual

programs, constitute trade secrets and/or copyrighted material of Cisco. You agree not to disclose, provide, or

otherwise make available such trade secrets or copyrighted material in any form to any third party without the

prior written consent of Cisco. You agree to implement reasonable security measures to protect such trade secrets

and copyrighted Material. Title to the Materials shall remain solely with Cisco.

This License is effective until terminated. You may terminate this License at any time by destroying all copies of

the Materials. This License will terminate immediately without notice from Cisco if You fail to comply with any

provision of this License. Upon termination, You must destroy all copies of the Materials.

Software, including technical data, is subject to U.S. export control laws, including the U.S. Export

Administration Act and its associated regulations, and may be subject to export or import regulations in other

countries. You agree to comply strictly with all such regulations and acknowledge that it has the responsibility to

obtain licenses to export, re-export, or import Software.

This License shall be governed by and construed in accordance with the laws of the State of California, United

States of America, as if performed wholly within the state and without giving effect to the principles of conflict

of law. If any portion hereof is found to be void or unenforceable, the remaining provisions of this License shall

remain in full force and effect. This License constitutes the entire License between the parties with respect to the

use of the Materials

Restricted Rights - CiscoÓs software is provided to non-DOD agencies with RESTRICTED RIGHTS and its

supporting documentation is provided with LIMITED RIGHTS. Use, duplication, or disclosure by the U.S.

Government is subject to the restrictions as set forth in subparagraph ÐCÑ of the Commercial Computer Software

- Restricted Rights clause at FAR 52.227-19. In the event the sale is to a DOD agency, the U.S. GovernmentÓs

rights in software, supporting documentation, and technical data are governed by the restrictions in the Technical

Data Commercial Items clause at DFARS 252.227-7015 and DFARS 227.7202.

DISCLAIMER OF WARRANTY. ALL MATERIALS ARE PROVIDED ÐAS ISÑ WITH ALL FAULTS. CISCO

AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING,

WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE

AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE

PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL,

CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS

OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL,

EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH

DAMAGES. In no event shall CiscoÓs or its suppliersÓ liability to You, whether in contract, tort (including

negligence), or otherwise, exceed the price paid by You. The foregoing limitations shall apply even if the above-

stated warranty fails of its essential purpose.

The following information is for FCC compliance of Class A devices: This equipment has been tested and found

to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are

designed to provide reasonable protection against harmful interference when the equipment is operated in a

commercial environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not

installed and used in accordance with the instruction manual, may cause harmful interference to radio

communications. Operation of this equipment in a residential area is likely to cause harmful interference, in

which case users will be required to correct the interference at their own expense.

The following information is for FCC compliance of Class B devices: The equipment described in this manual generates

and may radiate radio-frequency energy. If it is not installed in accordance with CiscoÓs installation instructions, it may

cause interference with radio and television reception. This equipment has been tested and found to comply with the

liits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications

are designed to provide reasonable protection against such interference in a residential installation. However, there is no

guarantee that interference will not occur in a particular installation.

Modifying the equipment without CiscoÓs written authorization may result in the equipment no longer complying with

FCC requirements for Class A or Class B digital devices. In that event, your right to use the equipment may be limited by

FCC regulations, and you may be required to correct any interference to radio or television communications at your own

expense.

You can determine whether your equipment is causing interference by turning it off. If the interference stops, it was

probably caused by the Cisco equipment or one of its peripheral devices. If the equipment causes interference to radio or

television reception, try to correct the interference by using one or more of the following measures:

¤ Turn the television or radio antenna until the interference stops.

¤ Move the equipment to one side or the other of the television or radio.

¤ Move the equipment farther away from the television or radio.

¤ Plug the equipment into an outlet that is on a different circuit from the television or radio. (That is, make certain the

equipment and the television or radio are on circuits controlled by different circuit breakers or fuses.)

Modifications to this product not authorized by Cisco Systems, Inc. could void the FCC approval and negate your

authority to operate the product.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of

AccessPath, Any to Any, AtmDirector, the CCIE logo, CD-PAC, Centri, the CiscoCapital logo, CiscoLink, the Cisco

NetWorks logo, the Cisco Powered Network logo, the Cisco Press logo, ClickStart, ControlStream, DAGAZ, Fast Step,

FireRunner, IGX, IOS, JumpStart, Kernel Proxy, LoopRunner, MGX, Natural Network Viewer, Cisco Secure IDS,

NetSonar, Packet, PIX, Point and Click Internetworking, Policy Builder, RouteStream, Secure Script, SMARTnet,

SpeedRunner, Stratm, StreamView, TheCell, TrafficDirector, TransPath, VirtualStream, VlanDirector, Workgroup

Director, and Workgroup Stack are trademarks; Changing the Way We Work, Live, Play, and Learn and Empowering the

Internet Generation are service marks; and BPX, Catalyst, Cisco, CiscoIOS, the CiscoIOS logo, CiscoSystems, the

CiscoSystems logo, Enterprise/Solver, EtherChannel, FastHub, ForeSight, FragmentFree, IP/TV, IPX, LightStream,

MICA, Phase/IP, StrataSphere, StrataView Plus, and SwitchProbe are registered trademarks of CiscoSystems,Inc. in the

U.S. and certain other countries. All other trademarks mentioned in this document are the property of their respective

owners.

Cisco Secure PIX Firewall Advanced: Student Guide

Course Introduction

Overview

This chapter includes the following topics:

Course agenda

Lab topology overview

Summary

Course Agenda

This section introduces the course and the course objectives.

Course Objectives

Upon completion of this course, you will be

able to perform the following tasks:

¤ Identify and configure AAA on the Cisco Secure PIX

Firewall.

¤ Identify and configure access control and content

filtering through the Cisco Secure PIX Firewall.

¤ Configure the Cisco Secure PIX Firewall for advanced

protocol handling and attack guards

¨ 2000, Cisco Systems, Inc.

www.cisco.com

CSPFA 1.01Ï1-3

Course Objectives (cont.)

¤ Understand and configure failover and stateful-failover

on the Cisco Secure PIX Firewall.

¤ Configure and verify Context-Based Access Control

with the Cisco Internetwork Operating System Firewall.

¤ Configure the Authentication Proxy with the Cisco IOS

Firewall.

¤ Configure a VPN between Cisco Secure PIX Firewalls.

¨ 2000, Cisco Systems, Inc.

www.cisco.com

CSPFA 1.01Ï1-4

1-2

Cisco Secure PIX Firewall Advanced 1.01

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: