[.ca] Cisco ASA and PIX Firewall Handbook

Very little on ASA:
This book is very helpful for PIX firewalls, but is mislabeled for ASA. There is very little on the ASA product. Usually just a mention of command differences between ASA and PIX. If you are looking for a book on ASA do not buy this book.

More detail, please:
While the book was rather detailed in several areas, I was hoping it would be more detailed on the subject of VPN. While most of it is straight forward, configuring VPN on the 5520 was a pain. Someone reading this book should be from a large enterprise, using failover, etc. Someone from a small company that is not using these features might find it to be overkill, and start looking for other books to meet their specific needs.

Complement to other sources available:
I think author did a wonderful job filling in where other popular litrature about PIX left off. I read the CCSP book, and leared alot. This book filled in stuff that CCSP book just does not talk about. Not to knock the CCSP book; each auther can only fill in so much. It is a difficult decision on what to keep and what to leave off. I find the PIX and ASA book is very practical. If you want a good understanding of this platform, then you want this book as the pliers in your tool box of knowledge. Do not expect it to be swiss army tool though. I think author was especially considerate to the reader's needs to publish items that other litrature just does not cover. There is alot of good information. Nice pictures which addressed questions I had and even posted to some CCIE sites and there was no answer. Definately worth buying.

Wow was I mad no VPN's:
I bought this book thinking that this was the ASA/PIX Bible. Don't get me wrong the book is excellent but as can be expected from Cisco Press they over kill you with information and still manage to leave out crucial information. One of the most important functions of an ASA is creating VPN tunnels. This book mentions it in literally 3-7 words the entire book. I called and complained to Cisco but they told me that I was wrong because I had the wrong expectation of the book. They said if I want VPN stuff I needed to buy the ASA or PIX version of the Firewalls & VPN book. I guess Cisco thinks that I won't mind buying another over priced book. Outside of that from a security, general set up, advanced topics like ACL's, and advanced concepts like VLANs it is a decent book.

A excellent, detailed book on PIX Firewall configurations:
The Cisco ASA and PIX Firewall Handbook by Dave Hucaby is an excellent book on PIX firewalls and covers versions 6.x and 7.x, including FWSM configurations. There is negligible coverage of ASA and readers looking for a detailed ASA book best look elsewhere. The cream of this book is really Chapter 6 - Controlling Access Through the Firewall. A detailed chapter of running the Pix in Transparent mode, Address Translation, ACL's, Content filtering, Modular Policy Framework, along with Application Inspection. The section on the Modular Policy Framework is very good and detailed. I plan to refer to this book often when troubleshooting PIX's. There were hardly any errors or issues with this book. For example, in Chapter 7: Increasing Firewall Availability with Failover, the author writes that Stateful firewall failover packets are sent using IP Protocol 8 (EGP). I presume they meant IP protocol 105. The authors list configuration commands for FWSM , 6.x and 7.x versions of the PIX. Personally, I'm not too fond of this approach and would rather read commands pertaining to a single version. Commands of other versions are available at the Cisco Documentation site.