Cisco ASA

[ChrisD.]

I need a quick crash course in ASA's, I have extensive knowledge of routers and switches beyond CCNA level but I've never had a play with an ASA. Anyone able to recommend a site/training video to get the basics in place? Cheers.

 

[DRZ]

Do you have an ASA to play with? That's probably the best place to start.

Knowledge of IOS will both help you and hinder you. If you have a strong knowledge of ACLs, wildcard masks and normal masks and switching between the two, you'll be "fine".

For a Cisco GUI, ASDM is pretty reasonable - and if you're doing SSL VPN stuff, essential!

 

[ChrisD.]

Yes we have a couple downstairs but I'm not responsible for them. I'm going down this afternoon to have a poke around.

Switching between wildcards and subnet masks as in the same way I do for OSPF statements?

 

[DRZ]

Exactly the same, yes

There are a couple of things to watch out for that might not be immediately obvious, security levels being one of them. If you have two interfaces with different security levels, traffic will flow from the more secure to the less secure but not the other way around without an ACL. That's fairly straightforward - but if you have two interfaces with the same security level, traffic won't flow by default unless you tell it to with the command "same-security-traffic permit intra-interface".

Use the packet-tracer and things will all make sense to you, I'm sure.

 

[ChrisD.]

Cheers.

Reason for this is that I have an interview next week (or later this week). I've been told that I will be tested on kit, specifically 6000 series core switches, core routers, ASA's and 2008 R2 AD which I also work with. The only area I'm lacking is ASA's.

Can an ASA be emulated on GNS3 if I get hold of an image?

 

[DRZ]

No idea I'm afraid.

There is no way you're going to be interview-ready on ASA in just a couple of days, especially if they are going to through curveballs at you. Is ASA an absolute dealbreaker for the job? If not, I'd just get reading through some example configurations so you are loosely familiar with the syntax and terms and slant it that you've only had light touch with ASA and you need to brush up on it if your role is going to be heavily reliant on that area. Hopefully your strength in IOS will convince them that you know your onions and can apply that higher level knowledge to ASA in future!

 

[DRZ]

I have an ASA5505 somewhere...If I can find it you are welcome to borrow it if you think it will help you?

 

[Trifid]

Can an ASA be emulated on GNS3 if I get hold of an image?

Yes it can. I also agree with IOS knowledge being a hindrance and a help.

Also be aware 8.2 and 8.3 differ substantially on NAT configuration.

ASDM is a very nice GUI for Cisco kit, defiantly get used to it, I use it about 50% of the time.

 

[ChrisD.]

Is ASA an absolute dealbreaker for the job?

No, during the phone interview I specifically stated that I'd never touched one, so I don't think they're going to be too bothered. All I know is that I'm going to be running through some technical questions and maybe some exercises so I'd like to have a basic grasp.

I have an ASA5505 somewhere...If I can find it you are welcome to borrow it if you think it will help you?

Where are you? It would be a great help rather than playing with a live box.

Yes it can. I also agree with IOS knowledge being a hindrance and a help.

Also be aware 8.2 and 8.3 differ substantially on NAT configuration.

ASDM is a very nice GUI for Cisco kit, defiantly get used to it, I use it about 50% of the time.

Thanks, I'll try and get hold of an image.

 

[Deleted User 298457]

You can get an ASA from eBay quite cheaply - or GNS3 emulates it if you Youtube it

 

[Lorddalron]

May be of no use but there are 6 videos on you tube totaling an hour or so of Asa labs.

Starting with: http://www.youtube.com/watch?v=0SXwbu08OgQ

 

[ChrisD.]

May be of no use but there are 6 videos on you tube totaling an hour or so of Asa labs.

Starting with: http://www.youtube.com/watch?v=0SXwbu08OgQ

Great stuff, will watch them over the next few days. I had a poke around one in work, seems easy enough.

 

[Nunzio]

gns3 is your friend, and a pix/asa image which can be supplied.

 

[DRZ]

No joy finding that ASA. Must be in storage!

Best of luck with the interview

 

[Moley]

Cheers.

Reason for this is that I have an interview next week (or later this week). I've been told that I will be tested on kit, specifically 6000 series core switches, core routers, ASA's and 2008 R2 AD which I also work with. The only area I'm lacking is ASA's.

Can an ASA be emulated on GNS3 if I get hold of an image?

Be aware that older 6500 core switches ran CatOS not IOS - are you familiar with that too?

 

[DRZ]

I'd expect the vast majority of CatOS has been ripped out by now. He could be unlucky though!

 

[ChrisD.]

It's all new infastructure, sub 12 months old so I should be safe!

 

[ChrisD.]

You know, it may not have been 6000 series, the telephone interview was quite quick and over before I knew what was happening. Next thing I know I get asked if I can come in for an interview.

 

[DRZ]

Good work!