CCIE Security v4 Lab Training – Day 2

Videos: ACIT.in Class Video 2 – ASA ACLs – record date 3/6/2015

Notes:

  • Packet tracer is your friend!!!
  • packet-tracer input outside icmp 2.2.2.2 8 0 192.168.56.100
  • REMEMBER – inspection first, then ACLs for reply packets
  • Traceroute – tricky for ACLs – uses UDP for source, then replies are ICMP – time-exceeded and unreachables
  • Careful with outbound ACLs – you start blocking everything and need to punch holes
  • Objects (one entity) versus object-groups (one or more entities)
  • Admin access – by default telnet is disabled – on 8.4/8.6 there is no default password
  • For ASDM – enable the http server and set the enable password

Practice Labs:

  • Task 6 – IP Access-Lists on ASA4 Running 8.2
  • Task 7 – Access Lists Using Objects on ASA1 Running 8.6
  • Task 8 – Object Groups on ASA4 Running 8.2
  • Task 9 – Object Groups Using Objects on ASA1 Running 8.6
  • Task 10 – Administrative Access
  • Task 11 – ICMP Traffic
  • Task 12 – URL Filtering

Cisco-ASA-5510-fb

2 thoughts on “CCIE Security v4 Lab Training – Day 2

    1. I would ask to see samples from the various vendors like INE, IPexpert, Micronics, ACIT – then pick what you believe to be the highest quality. I am loving the Tech Specific ACIT workbooks I have. I have not gotten to their full labs yet.

Leave a Reply

Your email address will not be published.