4levels teams with the top technology providers to enhance your operations   |   Domains & Hosting   |  Get Support   | My 4levels
GET IN TOUCH
+27 (0)11 848 6229

Cisco

4levels-IT-Default-Header

Implementing Cisco Secure Mobility Solutions v1.0


Course Description


Overview

Implementing Cisco Secure Mobility Solutions (SIMOS) v1.0 is a new course that is part of the recommended training for the Cisco Certified Network Professional Security (CCNP© Security) certification. This course will prepare you with the knowledge and skills needed to protect data traversing a public or shared infrastructure such as the Internet by implementing and maintaining Cisco VPN solutions. You will gain hands-on experience with configuring and troubleshooting remote access and site-to-site VPN solutions using Cisco ASA adaptive security appliances and Cisco IOS routers.  

Audience

  • Network Security Engineers
  • Network Engineers
  • Network Designers and Administrators
  • Network Managers
  • System Engineers
 

Prerequisites

Cisco Certified Network Associate (CCNA) Security certification OR Any CCIE certification can act as a prerequisite  

Key topics

Module 1: The Role of VPNs in Network Security
  • VPN Definition
  • Key Threats to WANs and Remote Access
  • Cisco Modular Network Architecture and VPNs
  • VPN Types
  • VPN Components
  • Secure Communication and Cryptographic Services
  • Cryptographic Algorithms
  • Cryptography and Confidentiality
  • Cryptography and Integrity
  • Cryptography and Authentication
  • Cryptography and Nonrepudiation
  • Keys in Cryptography
  • Public Key Infrastructure
  • Next-Generation Encryption
  • Dependencies in Cryptographic Services
  • Cryptographic Controls Guidelines
Module 2: Secure Site-to-Site Connectivity Solutions
  • Site-to-Site VPN Topologies and Technologies
  • IPsec VPN Overview
  • Internet Key Exchange v1 and v2
  • Security Payload Encapsulation
  • IPsec Virtual Tunnel Interface
  • Dynamic Multipoint VPN
  • Cisco IOS FlexVPN
  • Overview of Point-to-Point IPsec VPNs on the Cisco ASA
  • Configuration Tasks for Basic Point-to-Point Tunnels on the Cisco ASA
  • Enable IKE on an Interface
  • Configure IKE Policy
  • Configure PSKs
  • Choose Transform Set and VPN Peer
  • Choose Traffic for VPN
  • Configure Site-to-Site VPN with Connection Profiles Menu
  • Verify and Troubleshoot Basic Point-to-Point Tunnels on the Cisco ASA
  • Overview of Cisco IOS VTIs
  • Configure Static VTI Point-to-Point Tunnels
  • Verify Static VTI Point-to-Point Tunnels
  • Configure Dynamic VTI Point-to-Point Tunnels
  • Verify Dynamic VTI Point-to-Point Tunnels
  • Overview of Cisco IOS DMVPN
  • DMVPN Solution Components
  • GRE
  • NHRP
  • DMVPN
    • Types of Authentication
    • Configure DMVPN on Hub
    • Configure DMVPN on Spoke
    • Configure Routing in DMVPN
    • Verify DMVPN
Module 3: Cisco IOS Site-to-Site FlexVPN Solutions
  • FlexVPN Overview
  • Public Key Infrastructure (PKI)
  • Site-to-Site VPN Topologies
  • FlexVPN Architecture
  • FlexVPN Configuration Overview
  • FlexVPN Capabilities
  • IKEv2 vs. IKEv1 Overview
  • IKEv2 Message Exchange
  • IKEv2 DoS Prevention
  • IKEv1 and IKEv2 Comparison
  • FlexVPN Use Cases
  • Point-to-Point FlexVPN
  • FlexVPN Configuration Blocks
  • IKEv2 Profile
  • Smart Defaults
  • Manipulating Default Values
  • Negotiating IKEv2 Proposals
  • Point-to-Point VPN Scenario with IPv4 Static Routes
  • Configure and Verify Point-to-Point VPN with IPv4 Static Routes
  • Point-to-Point VPN Scenario with OSPFv3
  • Configure and Verify Point-to-Point VPN with OSPFv3
  • Enroll Devices to ECDSA PKI
  • Configure Router for ECDSA
  • Configure ASA for ECDSA
  • Verify EC Key Pairs and Certificates
  • Verify IKEv2 SA
  • Verify IPsec SA
  • Verify Point-to-Point FlexVPN (just flowchart and important show/debug command output)
  • Cisco IOS FlexVPN
  • IKEv2 Configuration Payload
  • Locally Managed Hub-and-Spoke Scenario
  • Configure a Spoke in a Hub-and-Spoke Scenario
  • Configure a Hub in a Hub-and-Spoke Scenario
  • Configuration Exchange
  • Verify and Troubleshoot Hub-and-Spoke FlexVPN
  • Spoke-to-Spoke Shortcut Scenario
  • NHRP in FlexVPN
  • Configure and Verify a Spoke in a Spoke-to-Spoke Shortcut Scenario
  • Configure and Verify a Hub in a Spoke-to-Spoke Shortcut Scenario
  • RADIUS-Managed FlexVPN Scenario
  • Verify Spoke-to-Spoke Shortcut Switching
  • Troubleshoot Spoke-to-Spoke Shortcut Switching (just flowchart and important show/debug command output)
Module 4: SSL VPNs
  • Components
  • SSL/TLS
  • Overview of group policies and connection profiles
  • Basic Cisco Clientless SSL VPN
  • Solution Components
  • Configure ASA gateway
  • Configure basic authentication
  • Configure access control (including URL entry and bookmarks)
  • Verify basic clientless SSL VPN
  • Troubleshoot basic clientless SSL VPN
  • Deploying Application Access options (plug-ins, smart tunnels)
  • Configure and verify plugins
  • Configure and verify smart tunnels
  • Troubleshoot plugins and smart tunnel
  • Advanced Authentication in Cisco Clientless SSL VPN Solution Components
  • Configure and verify Certificate based Authentication
  • Configure and Verify External Authentication
  • roubleshoot Advanced Authentication in Clientless SSL VPN
Module 5: Cisco AnyConnect VPNs
  • IP Address assignment
  • Split Tunneling
  • Basic Cisco AnyConnect SSL VPN
    • Solution Components
    • SSL VPN Server Authentication
    • SSL VPN Clients Authentication
    • SSL VPN Clients IP Address Assignment
    • SSL VPN Split Tunneling
  • Configure ASA for Basic AnyConnect SSL VPN
  • Configure Basic Cisco Authentication
  • Configure Access Control
  • Verify and Troubleshoot Basic Cisco AnyConnect SSL VPN
  • DTLS
    • Overview
    • Parallel DTLS and TLS Tunnels
    • Configure DTLS
    • Verify DTLS
  • Cisco AnyConnect Client Configuration Management
  • Cisco AnyConnect Client Operating System Integration Options
  • Cisco AnyConnect Start Before Logon
  • Cisco AnyConnect Trusted Network Detection
  • Configure, Verify and Troubleshoot Cisco AnyConnect Start Before Logon
  • Cisco AnyConnect Trusted Network Detection
  • AnyConnect Support for IPSec/IKEv2
  • Configure a Cisco AnyConnect IPsec/IKEv2 VPNs on a Cisco ASA Adaptive Security Appliance
  • Verify and Troubleshoot Cisco AnyConnect IPsec/IKEv2 VPNs on Cisco ASA
  • Cisco AnyConnect Advanced Authentication Scenarios
  • External Authentication
  • Certificate-Based Server Authentication
  • Configure and Verify Certificate-Based Client Authentication
  • SCEP Proxy
    • Connection Flow
    • Configuration Procedure
  • Local Authorization
  • External Authentication and Authorization Scenario
  • Configure External Authentication and Authorization
  • Troubleshoot Advanced Authentication and Authorization in Cisco AnyConnect VPNs
  • Accounting
Module 6: Endpoint Security and Dynamic Access Policies
  • Cisco HostScan Overview
  • Cisco HostScan Prelogin Assessment
  • Install Cisco HostScan
  • Configure Prelogin Criteria and Prelogin Policy
  • Configure Host Scan Endpoint Assessment
  • Configure Host Scan Advanced Endpoint Assessment
  • DAP
    • Integrate with Host Scan
    • Configure
    • Verifying and Troubleshooting
Labs
  • Site to Site Secure Connectivity on Cisco ASA
  • Implement a Cisco IOS static VTI point-to-point tunnel
  • Site-to-Site Secure Connectivity Using Cisco IOS FlexVPN
  • Hub-to-Spoke Secure Connectivity Using Cisco IOS Flex VPN
  • Spoke-to-Spoke Secure Connectivity Using Cisco IOS Flex VPN
  • Cisco Clientless SSL VPN on Cisco ASA
  • Application Access clientless SSL
  • Advanced AAA Clientless SSL
  • Implement Basic AnyConnect SSL VPN on Cisco ASA
  • Advanced AnyConnect SSL VPN on Cisco ASA
  • AnyConnect IPsec/IKEv2 VPNs on Cisco ASA
  • Hostscan and DAP for AnyConect SSL VPNs
 

Objectives

After the completion of this course, you will be able to:
  • Describe the various VPN technologies and deployments as well as the cryptographic algorithms and protocols that provide VPN security
  • Implement and maintain Cisco site-to-site VPN solutions
  • Deploy Cisco FlexVPN in point-to-point, hub-and-spoke and spoke-to-spoke IPsec VPNs
  • Implement Cisco clientless SSL VPNs
  • Implement and maintain Cisco AnyConnect SSL and IPsec VPNs
  • Deploy endpoint security and dynamic access policies (DAP)

Course Duration

5 Days
  • Brands we have partnered with to add value to your business


    We are committed to helping our clients reach their business goals

    4levels’ preferred access to the latest technologies, premier technical support and advanced training helps provide you with specialist and customized solutions that help you achieve your business goals.

4levels Solutions sign up form


Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur excepteur sint occaecat cupidatat non

4levels Solutionslogin form