1

Course Introduction

Overview
This chapter includes the following topics:
s s s

Course agenda Lab topology overview Summary

Course Agenda
This section introduces the course and the course objectives.

Course Objectives
Upon completion of this course, you will be able to perform the following tasks:
Configure the Cisco Secure PIX Firewall. Identify and configure AAA on the Cisco Secure PIX Firewall. Identify and configure access control and content filtering through the Cisco Secure PIX Firewall. Configure the Cisco Secure PIX Firewall for advanced protocol handling and attack guards

2000, Cisco Systems, Inc.

www.cisco.com

CSPFA 1.011-3

Course Objectives (cont.)

Understand and configure failover and stateful-failover on the Cisco Secure PIX Firewall. Configure and verify Context-Based Access Control with the Cisco Internetwork Operating System Firewall. Configure the Authentication Proxy with the Cisco IOS Firewall. Configure a VPN between Cisco Secure PIX Firewalls.

2000, Cisco Systems, Inc.

www.cisco.com

CSPFA 1.011-4

1-2

Cisco Secure PIX Firewall Advanced 1.01

Copyright 2000, Cisco Systems, Inc.

Course Agenda
Day 1 Chapter 1Course Introduction Chapter 2Cisco Secure PIX Firewall Configuration Chapter 3Access Control Configuration and Content Filtering Lunch Chapter 4AAA Configuration on the Cisco Secure PIX Firewall Day 2 Chapter 5Cisco Secure PIX Firewall Advanced Protocol Handling and Attack Guards Chapter 6Cisco Secure PIX Firewall Failover Lunch Chapter 7Cisco Internetwork Operating System Firewall Context-Based Access Control Configuration Chapter 8Cisco IOS Firewall Authentication Proxy Configuration

2000, Cisco Systems, Inc.

www.cisco.com

CSPFA 1.011-5

Course Agenda (cont.)

Day 3 Chapter 8Cisco IOS Firewall Authentication Proxy Configuration (cont.) Chapter 9VPN Configuration with the Cisco Secure PIX Firewall Lunch Chapter 9VPN Configuration with the Cisco Secure PIX Firewall (cont.)

2000, Cisco Systems, Inc.

www.cisco.com

CSPFA 1.011-6

Copyright 2000, Cisco Systems, Inc.

Course Introduction

1-3

Participant Responsibilities
Student Responsibilities Complete prerequisites Participate in lab exercises Ask questions Provide feedback

2000, Cisco Systems, Inc.

www.cisco.com

CSPFA 1.011-7

General Administration
Classrelated
Sign-in sheet Length and times Break and lunch room locations Attire

Facilitiesrelated
Participant materials Site emergency procedures Restrooms Telephones/faxes

2000, Cisco Systems, Inc.

www.cisco.com

CSPFA 1.011-8

1-4

Cisco Secure PIX Firewall Advanced 1.01

Copyright 2000, Cisco Systems, Inc.

Graphic Symbols

PIX Firewall

Router

Ethernet link

Internet

Cisco IOS Firewall

NT server: Web, FTP, TFTP, Syslog server

PC, workstation, or server

2000, Cisco Systems, Inc.

www.cisco.com

CSPFA 1.011-9

Participant Introductions
Your name Your company Prereq. skills Brief history Objective

2000, Cisco Systems, Inc.

www.cisco.com

CSPFA 1.011-10

Copyright 2000, Cisco Systems, Inc.

Course Introduction

1-5

Lab Topology Overview

This section explains the lab topology that is used in this course.

PIX Lab Visual Objective

Pod 1
R1 Perim eter R outer .1 e0/0
192.168.P.0/24 e0 Outside .2 e0/1 172.30.P.2 /24

e0/1

Internet
N T Server: FTP, W eb
172.30.1.50

172.30.P.2 /24

Pod 2
R2 Perim eter Router .1 e0/0
192.168.P.0/24 e0 Outside .2

e0/1

PIX Firewall
e1 Inside .1 10.0.P.0 /24

e2 DM Z .1 172.16.P.0 /24

e2 DMZ .1

.2 W eb Server

172.16.P.0 /24 .2 W eb Server

PIX Firewall
e1 Inside .1 10.0. P .0 /24

NT server W ebSENSE server

10.0.P.3

N T server W ebSEN SE server

10.0.P.3

2000, Cisco Systems, Inc.

www .cisco.com

CSPFA 1.01 1-12

F a ilo v e r V is u a l O b je c tiv e
Internet
172.30.1.50 /24 B a c k b o n e s e rv e r W eb, FTP, and T F T P s e rv e r .1 192.168.P.0 /24 Failover cable Secondary PIX Firewall 172.16.P.0 /24 10.0.P.0 /24

e 0 .2 Primary PIX Firewall e 1 .1 e 2 .1

e 0 .7 e 2 .7 e 1 .7 .2 DMZ

2 0 0 0 , C is c o S y s t e m s , In c .

w w w .c is c o .c o m

C S P F A 1 .0 1 1 -1 3

1-6

Cisco Secure PIX Firewall Advanced 1.01

Copyright 2000, Cisco Systems, Inc.