Sign in to follow this  
Followers 0
TheDarkLord

My SNAF & SNAA Diary

16 posts in this topic

First thing is First:

 

DO NOT ASK ME FOR DUMPS, OR THE IMAGES. GOOGLE THEM. IF I SEE A DUMP REQUEST I WILL DELETE THE POST AND YOU WILL GET A WARNING!!!!

So finally after a couple of sleepless nights i have decided to start my CCSP. I have decided to take the SNAF and the SNAA exams first (since they are related) and then go to IPS and SNRS. I don't have to do CCNA security since i already have the SND passed last year.

 

Here is the link to one a thread that i made the tells you everything you need to know about the CCSP exams:

 

http://www.sadikhov.com/forum/index.php?showtopic=165202

 

Here is the list of things that i have and will be using:

 

1) My machine:

 

* Windows Vista Ultimate 64 Bit

* 8 gb 1066 MHZ Ram

* AMD Phenom II X4 920 (Quad Core at 3.0 GHZ, overclocked to 3.8 GHZ)

* 160 GB dedicated HD

 

2) CBT Nuggets for SNAF

 

3) Quick Reference guides for both SNAF and SNAA

 

4) GNS for the labs (more on that)

 

5) Books And Guides

 

* Cisco ASA, PIX, and FWSM Firewall Handbook

* Cisco Official ASDM User guide

* Cisco Press-CCSP Cisco Secure PIX Firewall Advanced

 

Having a good system is very very important. Since i am not using the actual equipment (honestly i can't afford it) so i will be using virtual devices and for that you have to invest in a good machine.

 

Trust me the labs will grow over time. You will have multiple ASA devices and multiple routers and switches.

 

Now remember this i am not a CCSP and i am just starting just like you guys so yes we will have setbacks, we will be stuck. But at least we know we are not dumping anything.

 

Contributions to this thread are more then welcomed. But i don't need to remind that i will delete any posts not related to this thread, or requests for software or dumps.

 

So lets keep it professional and lets keep this clean.

 

 

TheDarkLord

Sadikhov Tech Team

 

0

Share this post


Link to post
Share on other sites
ASA IN GNS3




For Linux Users:


I have tested this on Ubuntu 64. Here is the setup guide that i have posted:

http://www.sadikhov.com/forum/index.php?showtopic=166104


For Windows Users:


The setup cannot be more simpler. I have tested it in both XP and Vista 64.

IN GNS3:

1) Go to Edit > Preferences

2) Then go the Pemu tab/window

3) Choose the Image that you want to use under the PIX image.

4) Input the key and serial number. (default key will still work but the options available will be restricted)
0

Share this post


Link to post
Share on other sites
ASA Initial Configuration


So lets start from the basics. CLI all the way. We will get to ASDM later.

Things we need to achieve:

1) Image and system information

2) Do initial configuration:

a) Set the clock
b.) Change the Hostname
c) Change the Domain Name
d) Create a password

3) Configure an interface. Edited by TheDarkLord
0

Share this post


Link to post
Share on other sites

1) Image and system information

 

 

Follow the steps from the previous post and lets fire up our ASA. I will be using the asa722-k8 image.

 

* sh ver

 

post-174604-1240684489_thumb.jpg

 

So what does it tell you, a lot. Lets take the important ones ine by line:

 

Cisco PIX Security Appliance Software Version 7.2(2)

 

This is your version number, very important to know and understand these/

 

Hardware: PIX-525, 128 MB RAM, CPU Pentium II 1 MHz

 

This is the information about your ASA device.

 

The Running Activation Key is not valid, using default settings:

 

Licensed features for this platform:

Maximum Physical Interfaces : 6

Maximum VLANs : 25

Inside Hosts : Unlimited

Failover : Disabled

VPN-DES : Disabled

VPN-3DES-AES : Disabled

Cut-through Proxy : Enabled

Guards : Enabled

URL Filtering : Enabled

Security Contexts : 0

GTP/GPRS : Disabled

VPN Peers : Unlimited

 

This platform has a Restricted ® license.

 

Since we are using the default key, a lot of the advanced options are disabled. With an active key you will het more options and more vlans you can configure.

 

Look at the line that says " Maximum Physical Interfaces : 6" while the show version showed only 5, thats because the sixth interface is the management only interface, which does not participate in data routing.

 

Serial Number: 305419896

Running Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000

Configuration has not been modified since last system restart.

 

This shows your current key and serial number. Right now we are using the default key and serial number.

 

 

 

 

0

Share this post


Link to post
Share on other sites

2) Do initial configuration:

 

a) Set the clock

b.) Change the Hostname

c) Change the Domain Name

d) Create a password

 

 

pixfirewall# clock set 14:37:00 25 april 2009

pixfirewall# config t
pixfirewall(config)# hostname DarkASA


DarkASA(config)# domain-name Dark.Lord

DarkASA(config)# enable password 123456

0

Share this post


Link to post
Share on other sites

3) Configure an interface.

 

It is very important to understand what the interfaces do on an ASA. I am sure you have done the theory part of it, if not please do read the official guides.

 

The inside interface is what is connected to the inside network which could be server, or a machine, or a LAN segment. Hence it has the highest security level i.e 100 by default. Offcouse these security levels can be changed.

 

The outside interface is the least trusted and that why it is givin a security level of 0.

 

What that means is the outside traffic will not enter the inside traffic untill they are allowed by an access list (ACL), more on this larter as we go on.

 

So lets use an interface and do some basic configurations.

 

Lets issue the interface brief command to see the status of the available interfaces:

 

DarkASA# sh int ip brief
Interface                  IP-Address      OK? Method Status                Prot                 ocol
Ethernet0                  unassigned      YES unset  administratively down down
Ethernet1                  unassigned      YES unset  administratively down down
Ethernet2                  unassigned      YES unset  administratively down down
Ethernet3                  unassigned      YES unset  administratively down down
Ethernet4                  unassigned      YES unset  administratively down down

 

So we see that none of the interfaces are configured. I am gonna choose the E1 interface to be my inside interface and configure it with an ip address.

 

post-174604-1240685517_thumb.jpg

 

DarkASA# sh run int e1
!
interface Ethernet1
 speed 100
 duplex full
 nameif inside
 security-level 100
 ip address 10.1.1.1 255.255.255.0

 

We use the "nameif" command to name the interface. Inside interfaces will get 100 as their default security level. But as you can see we can change the security level to any value between 0-100.

Edited by TheDarkLord
0

Share this post


Link to post
Share on other sites
Installing ASDM on ASA/PIX in GNS3



So i finally managed to install asdm on a pix image. It took a couple of tries but at the end it was worth it.

The only thing is you cannot connect directly to an asa in gns, you would need to use an intermediate device, i choose the Ethernet switch.

The process was pretty straight forward:

Step1: Configure an Ethernet interface so it would communicate with your loopback adapter.

Step2: Copy the asdm image from your rig using a tftp server.

Step3: Configure a username and password and choose a subnet/ip to access the device using asdm.

Step4: Download and install the asdm.

Here is the video tutorial i posted:

http://www.sadikhov.com/forum/index.php?showtopic=167408


A couple of things you have to remember. ASDM will only install on windows, but you can also run it within your browser. I haven't tested it on a Linux machine.

Second, for some reason the image that i was using would give me an error, because i was using Java Runtime 6-13. I had to uninstall and re-install an older JRE 6-7 for the asdm to work. Weird but what can you say. :)


0

Share this post


Link to post
Share on other sites

You might also try getting your hands on Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance by Jazib Farhim and Omar Santos. Price behind the book reads 80 USD/ 88 CAN, but I think it got it for close to or less than 50 USD from Amazon.com. The book is about 800 pages and that is my comprehensive source for the SNAF and SNAA exam, apart from the quick reference for SNAF and the CBT nuggets for SNAF (SNAA not out yet, I think).

 

PS- Please don't PM asking me to share any of the above.

 

 

0

Share this post


Link to post
Share on other sites

I would suggest using an image from the 8 train such as 8.0(3) as opposed to 7 since 8 is the version referenced on the exams.

0

Share this post


Link to post
Share on other sites
I would suggest using an image from the 8 train such as 8.0(3) as opposed to 7 since 8 is the version referenced on the exams.

 

Pls can u tell me where i can find cisco pix image or pix. Because i dont have it on my GNS

Edited by Papa_Baba
0

Share this post


Link to post
Share on other sites

There is a very nice video on the internet about how to install GNS and SDM together and it works perfectly well, I did it for my CCNA Security and for my SNRS! I dont know if I will need it further on, but up to now it has been one of the greatest things I have recently found on the web!!!

 

The link I am not allowed to share it with you (Sadikhov's rules!!) so I will just give you a tip: Google " gns3 sdm install " and it should be the first result by gns3-labs

 

Thanks,

Kostas

0

Share this post


Link to post
Share on other sites

Tnx a lot Darklord and all other, :rolleyes:

 

 

There is a very nice video on the internet about how to install GNS and SDM together and it works perfectly well, I did it for my CCNA Security and for my SNRS! I dont know if I will need it further on, but up to now it has been one of the greatest things I have recently found on the web!!!

 

The link I am not allowed to share it with you (Sadikhov's rules!!) so I will just give you a tip: Google " gns3 sdm install " and it should be the first result by gns3-labs

 

Thanks,

Kostas

0

Share this post


Link to post
Share on other sites

Hi Dark Lord,

 

I could not install ASA image on PIX firewall, due to fact that GNS3 PIX only support PIX image not ASA image. Reading your note, you have mentioned that you will use ASA722-K8 image, did you successfully installed the ASA image on GNS3 PIX firewall?

 

Someone told me that PIX image version 7 and above provide the similar functionalities as ASA image (there are not much of difference) is this correct?

 

By the way your 'My SNAF & SNAA Diary' is providing usefull notes. Keep up the good work.

 

 

"

<u><b>1) Image and system information</b></u>

 

 

Follow the steps from the previous post and lets fire up our ASA. I will be using the asa722-k8 image. "

0

Share this post


Link to post
Share on other sites

<div align='center'><u><b><!--coloro:#0000FF--><span style="color:#0000FF"><!--/coloro--><!--sizeo:4--><span style="font-size:14pt;line-height:100%"><!--/sizeo-->Installing ASDM on ASA/PIX in GNS3<!--sizec--></span><!--/sizec--><!--colorc--></span><!--/colorc--></b></u></div>

 

 

So i finally managed to install asdm on a pix image. It took a couple of tries but at the end it was worth it.

 

The only thing is you cannot connect directly to an asa in gns, you would need to use an intermediate device, i choose the Ethernet switch.

 

The process was pretty straight forward:

 

Step1: Configure an Ethernet interface so it would communicate with your loopback adapter.

 

Step2: Copy the asdm image from your rig using a tftp server.

 

Step3: Configure a username and password and choose a subnet/ip to access the device using asdm.

 

Step4: Download and install the asdm.

 

Here is the video tutorial i posted:

 

<!--coloro:#0000FF--><span style="color:#0000FF"><!--/coloro-->http://www.sadikhov.com/forum/index.php?showtopic=167408<!--colorc--></span><!--/colorc-->

 

 

A couple of things you have to remember. ASDM will only install on windows, but you can also run it within your browser. I haven't tested it on a Linux machine.

 

Second, for some reason the image that i was using would give me an error, because i was using Java Runtime 6-13. I had to uninstall and re-install an older JRE 6-7 for the asdm to work. Weird but what can you say. <img src="http://www.sadikhov.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif" style="vertical-align:middle" emoid=":)" border="0" alt="smile.gif" />

 

Hi mate,

 

What happened with this diary after all; it was started so nice and smooth; did you got your CCSP after all?

0

Share this post


Link to post
Share on other sites

Respected Sir,

 

We have discounted CCNA Vouchers available

for all over the world. Special discount for IT Centers.

Validity of voucher is 3 months.

 

Thanks,

Best regards,

Imran.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0