Good ASA book... not for cert
blargoe
Member Posts: 4,174 ■■■■■■■■■□
Good evening all:
I'm struggling with this ASA 5505 that I'm setting up for someone and would like a recommendation on a good reference book. I'm not interested in any Cisco certs, just a good guide... maybe a 200-300 level assuming the reader has networking knowledge and some basic firewall and security understanding.
Thanks in advance
I'm struggling with this ASA 5505 that I'm setting up for someone and would like a recommendation on a good reference book. I'm not interested in any Cisco certs, just a good guide... maybe a 200-300 level assuming the reader has networking knowledge and some basic firewall and security understanding.
Thanks in advance
IT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
Comments
-
shednik
Member Posts: 2,005
Hey blargo,
What version of the OS are you running on there? 8.x i'm assuming....here are a few but they are based off of 7.x
Amazon.com: Securing Your Business with Cisco ASA and PIX Firewalls (Networking Technology): Greg Abelar: Books
This ones 800+ pages but good
Amazon.com: Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance (Networking Technology): Omar Santos, Jazib Frahim: Books
And with all honesty the config guides on Shortcut Redirect - Cisco Systems are really well put together, I learned the most before my course in those docs.
What are you having trouble with specifically? -
blargoe
Member Posts: 4,174 ■■■■■■■■■□
Hey blargo,
What version of the OS are you running on there? 8.x i'm assuming....here are a few but they are based off of 7.x
Amazon.com: Securing Your Business with Cisco ASA and PIX Firewalls (Networking Technology): Greg Abelar: Books
This ones 800+ pages but good
Amazon.com: Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance (Networking Technology): Omar Santos, Jazib Frahim: Books
And with all honesty the config guides on Shortcut Redirect - Cisco Systems are really well put together, I learned the most before my course in those docs.
What are you having trouble with specifically?
I'm using 8.x. I've had this thing in my home network for a while but haven't had time to mess with it much. I set up VPN a while back and have just been using it as my home firewall/router until I had time to do more. Fast forward to this week, now there is someone I know who is in need of a new firewall for their small business and I was just trying to work with my device at home to get familiar with the settings that he'll need at his office... Basic stuff like allowing smtp and https into his Exchange server.
I think I'm on the right track now. Rookie mistake that I should have caught. I was having issues with the access list, I didaccess-list inside_access_in extended permit ip any any access-group outside_access_in in interface outside
and thought that would allow all traffic from the outside while I learned how to do NAT on this thing, but it kept blocking everything I was trying to send inside the network. I later put intcp any any
which allowed me to access all of my services from outside, and was able to figure out NAT and finally lock back down the access list to something more appropriate.
I'm still going to check out those resources though. I'm going to be doing more with these devices in the future.
ThanksIT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands... -
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
You're not using ADSM? Wow, you're pretty bad-ass for a Windows guy!
Let me know what you figure out. I need to get on this as well. -
blargoe
Member Posts: 4,174 ■■■■■■■■■□
I started my career in Linux... I have no fear of CLI
...
I started out trying to configure this in ADSM, but when I started looking online for help, everything I found referred to commands instead. Which was OK, I just found myself trying to remember command line syntax from like 8 years ago, which was more or less the last time I worked with Cisco stuff. I found that I retained almost nothing.
ADSM "help" is crap.IT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands... -
shednik
Member Posts: 2,005
I actually use ASDM a good bit now...I like that you can configure whatever you'd like and it gives you the commands it generated before sending it to the ASA. This page right here was my bible for the first few weeks have guides for the CLI and ASDM.
Cisco ASA 5500 Series Adaptive Security Appliances Configuration Guides - Cisco Systems
As far as the access lists go they are similar to IOS except when using specific networks you use the general subnet mask rather then a wildcard.