Logo

Maxtrain.com - [email protected] - 513-322-8888 - 866-595-6863

SL-SIMOS

Implementing Cisco Secure Mobility Solutions

Alert Me

Description

Implementing Cisco Secure Mobility Solutions (SIMOS) v1.0 is a newly created 5 day instructor-led training (vILT) course that is part of the curriculum path leading to the Cisco Certified Network Professional Security (CCNP© Security) certification. This course is designed to prepare network security engineers with the knowledge and skills they need to protect data traversing a public or shared infrastructure such as the Internet by implementing and maintaining Cisco VPN solutions. Students of this course will gain hands-on experience with configuring and troubleshooting remote access and site-to-site VPN solutions, using Cisco ASA adaptive security appliances and Cisco IOS routers.

Upon completing this course, the learner will be able to meet these overall objectives:

  • Describe the various VPN technologies and deployments as well as the cryptographic algorithms and protocols that provide VPN security.
  • Implement and maintain Cisco site-to-site VPN solutions.
  • Implement and maintain Cisco FlexVPN in point-to-point, hub-and-spoke, and spoke-to-spoke IPsec VPNs.
  • Implement and maintain Cisco clientless SSL VPNs.
  • Implement and maintain Cisco AnyConnect SSL and IPsec VPNs.
  • Implement and maintain endpoint security and dynamic access policies (DAP)

Outline

Module 1: Fundamentals of VPN Technologies and Cryptography

Lesson 1: The Role of VPNs in Network Security

  • VPN Definition
  • Key Threats to WANs and Remote Access
  • Cisco Modular Network Architecture and VPNs
  • VPN Types
  • VPN Component

Lesson 2: VPNs and Cryptography

  • Secure Communication and Cryptographic Services
  • Cryptographic Algorithms
  • Cryptography and Confidentiality
  • Cryptography and Integrity
  • Cryptography and Authentication
  • Cryptography and Nonrepudiation
  • Keys in Cryptography
  • Public Key Infrastructure
  • Next-Generation Encryption
  • Dependencies in Cryptographic Services
  • Cryptographic Controls Guidelines

Module 2: Deploying Secure Site-to-Site Connectivity Solutions

Lesson 1: Introducing Cisco Secure Site-to-Site Connectivity Solutions

  • Site-to-Site VPN Topologies
  • Site-to-Site VPN Technologies
  • IPsec VPN Overview
  • Internet Key Exchange v1 and v2
  • Encapsulating Security Payload
  • IPsec Virtual Tunnel Interface
  • Dynamic Multipoint VPN
  • Cisco IOS FlexVPN

Lesson 2: Deploying Point-to-Point IPsec VPNs on the Cisco ASA

  • Overview of Point-to-Point IPsec VPNs on the Cisco ASA
  • Configuration Tasks for Basic Point-to-Point Tunnels on the Cisco ASA
  • Enable IKE on an Interface
  • Configure IKE Policy
  • Configure PSKs
  • Choose Transform Set and VPN Peer
  • Choose Traffic for VPN
  • Configuring Site-to-Site VPN with Connection Profiles Menu
  • Verify and Troubleshoot Basic Point-to-Point Tunnels on the Cisco ASA

Lesson 3: Deploying Cisco IOS VTI-Based Point-to-Point IPsec VPNs

  • Overview of Cisco IOS VTIs
  • Configure Static VTI Point-to-Point Tunnels
  • Verify Static VTI Point-to-Point Tunnels
  • Configure Dynamic VTI Point-to-Point Tunnels
  • Verify Dynamic VTI Point-to-Point Tunnels

Lesson 4: Deploying Cisco IOS DMVPNs

  • Overview of Cisco IOS DMVPN
  • DMVPN Solution Components
  • GRE
  • NHRP
  • DMVPN Operations
  • Types of Authentication
  • Configure DMVPN on Hub
  • Configure DMVPN on Spoke
  • Configure Routing in DMVPN
  • Verify DMVPN

Module 3: Deploying Cisco IOS Site-to-Site FlexVPN Solutions

Lesson 1: Introducing Cisco FlexVPN Solution

  • FlexVPN Overview
  • Public Key Infrastructure (PKI)
  • Site-to-Site VPN Topologies
  • FlexVPN Architecture
  • FlexVPN Configuration Overview
  • FlexVPN Capabilities
  • IKEv2 vs. IKEv1 Overview
  • IKEv2 Message Exchange
  • IKEv2 DoS Prevention
  • IKEv1 and IKEv2 Comparison
  • FlexVPN Use Cases

Lesson 2: Deploying Point-to-Point IPsec VPNs Using Cisco IOS FlexVPN

  • Point-to-Point FlexVPN
  • FlexVPN Configuration Blocks
  • IKEv2 Profile
  • Smart Defaults
  • Manipulating Default Values
  • Negotiating IKEv2 Proposals
  • Point-to-Point VPN Scenario with IPv4 Static Routes
  • Configure and Verify Point-to-Point VPN with IPv4 Static Routes
  • Point-to-Point VPN Scenario with OSPFv3
  • Configure and Verify Point-to-Point VPN with OSPFv3
  • Enroll Devices to ECDSA PKI
  • Configure Router for ECDSA
  • Configure ASA for ECDSA
  • Verify EC Key Pairs and Certificates
  • Verify IKEv2 SA
  • Verify IPsec SA
  • Verify Point-to-Point FlexVPN (just flowchart and important show/debug command output)

Lesson 3: Deploying Hub-and-Spoke IPsec VPNs Using Cisco IOS FlexVPN

  • Cisco IOS FlexVPN
  • IKEv2 Configuration Payload
  • Locally Managed Hub-and-Spoke Scenario
  • Configure a Spoke in a Hub-and-Spoke Scenario
  • Configure a Hub in a Hub-and-Spoke Scenario
  • Configuration Exchange
  • Verify and Troubleshoot Hub-and-Spoke FlexVPN

Lesson 4: Deploying Spoke-to-Spoke IPsec VPNs Using Cisco IOS FlexVPN

  • Spoke-to-Spoke Shortcut Scenario
  • NHRP in FlexVPN
  • Configure and Verify a Spoke in a Spoke-to-Spoke Shortcut Scenario
  • Configure and Verify a Hub in a Spoke-to-Spoke Shortcut Scenario
  • RADIUS-Managed FlexVPN Scenario
  • Verify Spoke-to-Spoke Shortcut Switching
  • Troubleshoot Spoke-to-Spoke Shortcut Switching (just flowchart and important show/debug command output)

Module 4: Deploying Clientless SSL VPN

Lesson 1: Clientless SSL VPN Overview

  • SSL VPN Components
  • SSL/TLS
  • Overview of group policies and connection profiles

Lesson 2: Deploying Basic Cisco Clientless SSL VPN

  • Basic Cisco Clientless SSL VPN
  • Solution Components
  • Configure ASA gateway
  • Configure basic authentication
  • Configure access control (including URL entry and bookmarks)
  • Verify basic clientless SSL VPN
  • Troubleshoot basic clientless SSL VPN

Lesson 3: Deploying Application Access in Clientless SSL VPN

  • Application Access options (plug-ins, smart tunnels)
  • Configure and verify plugins
  • Configure and verify smart tunnels
  • Troubleshoot plugins and smart tunnels

Lesson 4: Deploying Advanced Authentication in Clientless SSL VPN

  • Advanced Authentication in Cisco Clientless SSL VPN Solution Components
  • Configure and verify Certificate based Authentication
  • Configure and Verify External Authentication (mention multiple auth)
  • Troubleshoot Advanced Authentication in Clientless SSL VPN

Module 5: Deploying Cisco AnyConnect VPNs

Lesson 1: Overview of Cisco AnyConnect VPNs

  • IP Address assignment
  • Split Tunneling

Lesson 2: Deploying Basic Cisco AnyConnect SSL VPN on Cisco ASA

  • Basic Cisco AnyConnect SSL VPN
  • Solution Components
  • SSL VPN Server Authentication
  • SSL VPN Clients Authentication
  • SSL VPN Clients IP Address Assignment
  • SSL VPN Split Tunneling
  • Configure ASA for Basic AnyConnect SSL VPN
  • Configure Basic Cisco Authentication
  • Configure Access Control
  • Verify and Troubleshoot Basic Cisco AnyConnect SSL VPN

Lesson 3: Deploying Advanced Cisco AnyConnect SSL VPN on Cisco ASA

  • DTLS Overview
  • Parallel DTLS and TLS Tunnels
  • Configure DTLS
  • Verify DTLS
  • Cisco AnyConnect Client Configuration Management
  • Cisco AnyConnect Client Operating System Integration Options
  • Cisco AnyConnect Start Before Logon
  • Cisco AnyConnect Trusted Network Detection
  • Configure, Verify, and Troubleshoot Cisco AnyConnect Start Before Logon and Cisco AnyConnect Trusted Network Detection

Lesson 4: Deploying Cisco AnyConnect IPsec/IKEv2 VPNs

  • AnyConnect Support for IPSec/IKEv2
  • Configure a Cisco AnyConnect IPsec/IKEv2 VPNs on a Cisco ASA Adaptive Security Appliance
  • Verify and Troubleshoot Cisco AnyConnect IPsec/IKEv2 VPNs on Cisco ASA

Lesson 5: Deploying Advanced Authentication, Authorization, and Accounting in Cisco AnyConnect VPNs

  • Cisco AnyConnect Advanced Authentication Scenarios
  • External Authentication
  • Certificate-Based Server Authentication
  • Configure and Verify Certificate-Based Client Authentication
  • SCEP Proxy Overview
  • SCEP Proxy Connection Flow
  • SCEP Proxy Configuration Procedure
  • Configure SCEP Proxy
  • Verify SCEP Proxy
  • Local Authorization Overview
  • Local Authorization Scenario
  • Local Authorization Configuration Procedure
  • Configure Local Authorization
  • External Authentication and Authorization Scenario
  • Configure External Authentication and Authorization
  • Troubleshoot Advanced Authentication and Authorization in Cisco AnyConnect VPNs
  • Accounting

Module 6: Deploying Endpoint Security and Dynamic Access Policies

Lesson 1: Implementing Host Scan

  • Cisco HostScan Overview
  • Cisco HostScan Prelogin Assessment
  • Install Cisco HostScan
  • Configure Prelogin Criteria and Prelogin Policy
  • Configure Host Scan Endpoint Assessment
  • Configure Host Scan Advanced Endpoint Assessment
  • Verify and Troubleshoot HostScan

Lesson 2: Implementing DAP for SSL VPNs

  • DAP Overview
  • Integrating DAP with Host Scan
  • Configuring DAP
  • Verifying and Troubleshooting DAP

Labs:

  • Lab 2-1: Implement Site-to-Site Secure Connectivity on the Cisco ASA
  • Lab 2-2: Implement Cisco IOS Static VTI Point-to-Point Tunnel
  • Lab 2-3: Implement DMVPN
  • Lab 3-1: Implement Site-to-Site Secure Connectivity Using Cisco IOS FlexVPN
  • Lab 3-2: Implement Hub-to-Spoke Secure Connectivity Using Cisco IOS Flex VPN
  • Lab 3-3: Implement Spoke-to-Spoke Secure Connectivity Using Cisco IOS Flex VPN
  • Lab 4-1: Implement ASA Basic Clientless SSL VPN
  • Lab 4-2: Application Access clientless SSL
  • Lab 4-3: Advanced AAA clientless SSL
  • Lab 5-1: Implement ASA Basic AnyConnect SSL VPN
  • Lab 5-2: Configure Advanced Cisco AnyConnect SSL VPN on Cisco ASA
  • Lab 5-3: Configure Cisco AnyConnect IPsec/IKEv2 VPNs on Cisco ASA
  • Lab 5-4: Configure Advanced Authentication for Cisco AnyConnect SSL VPN on Cisco ASA
  • Lab 6-1: Configure Hostscan and DAP for AnyConect SSL VPNs

PreRequisites

To fully benefit from this course, students should have the following prerequisite skills and knowledge:

  • Cisco Certified Network Associate (CCNA©_) certification
  • Cisco Certified Network Associate (CCNA©_) Security certification
  • Knowledge of Microsoft Windows operating system

Audience

The primary audience for this course is as follows:

  • Network Security Engineers

$3695.00 List Price

5 Days Course

Class Dates

Request a Date or a Private Class below.


Category:
Loading ...