I'm a student
I'm an educator
Request full copy

Cisco ASA: All-in-one Next-Generation Firewall, IPS, and VPN Services, 3rd edition

Published by Cisco Press (April 30, 2014) © 2014

  • Jazib Frahim
  • Omar Santos Best-selling Cisco Press author, expert trainer, and Principal Engineer at Cisco (PSIRT)
  • Andrew Ossipov

eTextbook

$81.99

  • Available for purchase from all major ebook resellers, including InformIT.com.
  • To request a review copy, click on the "Request a Review Copy" button.
$66.39

  • A print text (hardcover or paperback) 
  • Free shipping
  • Also available for purchase as an ebook from all major ebook resellers, including InformIT.com

This is the definitive, up-to-date practitioner's guide to planning, deploying, and troubleshooting comprehensive security plans with Cisco ASA. Written by two experienced Cisco Security and VPN Solutions consultants who work closely with customers to solve security problems every day, the book brings together valuable insights and real-world deployment examples for both large and small network environments. Jazib Frahim and Omar Santos begin by introducing the newest ASA Firewall Solution and its capabilities. Next, they walk through configuring and troubleshooting both site-to-site and remote access VPNs, and implementing Intrusion Prevention System (IPS) features supported by the ASA's Advanced Inspection and Prevention Security Services Module (AIP-SSM). Each chapter is comprised of many sample configurations, accompanied by in-depth analysis of design scenarios, plus a complete set of debugs in every section.

  • The definitive, example-rich guide to using the newest versions of Cisco ASA to identify, mitigate, and respond to network attacks
  • Two Cisco insiders show how to use ASA to address network security challenges ranging from basic policy deployment to advanced VPN and IPS solutions
  • Fully covers planning, installation, configuration, and maintenance, with detailed configuration examples and screenshots
  • Provides proven troubleshooting methodologies, plus complete command line and architectural references

This book is updated to cover the latest release of the ASA product line. Content updates include:

-ASA 5585X and ASA-SM overview
-Major updates to license configurations-EtherChannel setup
-Global ACLs-Configuring WCCP and WAAS
-Configuring NAT post-8.2 behavior-Identity-aware firewalls
-IPv6 inspections-Major updates to IPS and AIP-SSM configuration and troubleshooting
-IKEv1 and IKEv2 support-IPv6 support on site-to-site IPsec VPNs
-AnyConnect Secure Mobility VPN Client

  • Introduction 
  • Chapter 1 Introduction to Security Technologies
  • Chapter 2 Cisco ASA Product and Solution Overview
  • Chapter 3 Licensing
  • Chapter 4 Initial Setup
  • Chapter 5 System Maintenance
  • Chapter 6 Cisco ASA Services Module
  • Chapter 7 Authentication, Authorization, and Accounting (AAA) Services 
  • Chapter 8 Controlling Network Access: The Traditional Way
  • Chapter 9 Implementing Next-Generation Firewall Services with ASA CX
  • Chapter 10 Network Address Translation
  • Chapter 11 IPv6 Support
  • Chapter 12 IP Routing
  • Chapter 13 Application Inspection
  • Chapter 14 Virtualization
  • Chapter 15 Transparent Firewalls
  • Chapter 16 High Availability
  • Chapter 17 Implementing Cisco ASA Intrusion Prevention System (IPS)

Jazib Frahim, CCIE No. 5459, is a Principal Engineer in the Global Security Services Practice at Cisco. He has been with Cisco for over 15 years, with a focus on cyber-security and emerging security technologies. Jazib is also responsible for guiding customers in the design and implementation of security solutions and technologies in their networks with a focus on network security. He leads a team of solutions architects to guide them through the lifecycle of services and solutions development. Jazib has also been engaged in the development of a number of customer-focused services, such as managed threat defense, network-based identity, bring-your-own-device (BYOD), and many others. Jazib holds a bachelor’s degree in computer engineering from Illinois Institute of Technology and a master’s degree in business administration (MBA) from North Carolina State University. In addition to CISSP, Jazib also holds two CCIEs, one in routing and switching and the other in security. He has presented at many industry events, such as Cisco Live, Interop, and ISSA, on multiple occasions.

, CCIE No. 5459, is a Principal Engineer in the Global Security Services Practice at Cisco. He has been with Cisco for over 15 years, with a focus on cyber-security and emerging security technologies. Jazib is also responsible for guiding customers in the design and implementation of security solutions and technologies in their networks with a focus on network security. He leads a team of solutions architects to guide them through the lifecycle of services and solutions development. Jazib has also been engaged in the development of a number of customer-focused services, such as managed threat defense, network-based identity, bring-your-own-device (BYOD), and many others. Jazib holds a bachelor’s degree in computer engineering from Illinois Institute of Technology and a master’s degree in business administration (MBA) from North Carolina State University. In addition to CISSP, Jazib also holds two CCIEs, one in routing and switching and the other in security. He has presented at many industry events, such as Cisco Live, Interop, and ISSA, on multiple occasions.

Omar Santos, CISSP No. 463598 is a Senior Incident Manager of Cisco’s Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities in all Cisco products. Omar has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government. Prior to his current role, he was a technical leader within the World Wide Security Practice and Cisco’s Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations. Omar is an active member of the security community, where he leads several industrywide initiatives and standards bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of the critical infrastructure. Omar has delivered numerous technical presentations at conferences and to Cisco customers and partners, as well as many C-level executive presentations to many organizations.

is a Senior Incident Manager of Cisco’s Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities in all Cisco products. Omar has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government. Prior to his current role, he was a technical leader within the World Wide Security Practice and Cisco’s Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations. Omar is an active member of the secur

Need help? Get in touch

Video
Play
Privacy and cookies
By watching, you agree Pearson can share your viewership data for marketing and analytics for one year, revocable by deleting your cookies.

Video transcript (PDF | 16KB) 

Pearson eTextbook: What’s on the inside just might surprise you

They say you can’t judge a book by its cover. It’s the same with your students. Meet each one right where they are with an engaging, interactive, personalized learning experience that goes beyond the textbook to fit any schedule, any budget, and any lifestyle. 

Digital Learning NOW

Extend your professional development and meet your students where they are with free weekly Digital Learning NOW webinars. Attend live, watch on-demand, or listen at your leisure to expand your teaching strategies. Earn digital professional development badges for attending a live session.

Explore webinars