Cisco SIMOS Training | Implementing Cisco Secure Mobility Solutions Training

Print Friendly, PDF & Email
Introduction

Cisco SIMOS Training | Implementing Cisco Secure Mobility Solutions Training – Hands-on

Learn to protect data traversing a public or shared infrastructure, such as the Internet, by implementing and maintaining Cisco VPN solutions with this Cisco SIMOS Training | Implementing Cisco Secure Mobility Solutions Training.

Cisco SIMOS Training | Implementing Cisco Secure Mobility Solutions Training is a new course that is part of the recommended training for the Cisco Certified Network Professional Security (CCNP© Security) certification. This Cisco SIMOS Training | Implementing Cisco Secure Mobility Solutions Training course will prepare you with the knowledge and skills needed to protect data traversing a public or shared infrastructure such as the Internet by implementing and maintaining Cisco VPN solutions. You will gain hands-on experience with configuring and troubleshooting remote access and site-to-site VPN solutions using Cisco ASA adaptive security appliances and Cisco IOS routers.

 Cisco SIMOS Training | Implementing Cisco Secure Mobility Solutions Training Related Courses

Duration: 5 days

Customize It!

• We can adapt this Cisco SIMOS Training | Implementing Cisco Secure Mobility Solutions Training course to your group’s background and work requirements at little to no added cost.
• If you are familiar with some aspects of this Cisco SIMOS Training | Implementing Cisco Secure Mobility Solutions Training course, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the Cisco SIMOS Training | Implementing Cisco Secure Mobility Solutions Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Cisco SIMOS Training | Implementing Cisco Secure Mobility Solutions Training course in manner understandable to lay audiences.

Audience / Target Group:

The target audience for this Cisco SIMOS Training | Implementing Cisco Secure Mobility Solutions Training course:

• Network Security Engineers
• Network Engineers
• Network Designers and Administrators
• Network Managers
• System Engineers

Cisco SIMOS Training | Implementing Cisco Secure Mobility Solutions Training - Class Prerequisites:

The knowledge and skills that a learner must have before attending this Cisco SIMOS Training | Implementing Cisco Secure Mobility Solutions Training course are as follows:

• IINS – Implementing Cisco IOS Network Security 3.0
• Cisco CCNA Security Boot Camp

Cisco SIMOS Training | Implementing Cisco Secure Mobility Solutions Training - Objectives:

After completing this Implementing Cisco Secure Mobility Solutions Training (SIMOS) course, attendees will be able to:

• Describe the various VPN technologies and deployments as well as the cryptographic algorithms and protocols that provide VPN security
• Implement and maintain Cisco site-to-site VPN solutions
• Deploy Cisco FlexVPN in point-to-point, hub-and-spoke and spoke-to-spoke IPsec VPNs
• Implement Cisco clientless SSL VPNs
• Implement and maintain Cisco AnyConnect SSL and IPsec VPNs
• Deploy endpoint security and dynamic access policies (DAP)

Cisco SIMOS Training | Implementing Cisco Secure Mobility Solutions Training - Course Content:

Module 1: The Role of VPNs in Network Security

• VPN Definition
• Key Threats to WANs and Remote Access
• Cisco Modular Network Architecture and VPNs
• VPN Types
• VPN Components
• Secure Communication and Cryptographic Services
• Cryptographic Algorithms
• Cryptography and Confidentiality
• Cryptography and Integrity
• Cryptography and Authentication
• Cryptography and Nonrepudiation
• Keys in Cryptography
• Public Key Infrastructure
• Next-Generation Encryption
• Dependencies in Cryptographic Services
• Cryptographic Controls Guidelines

Module 2: Secure Site-to-Site Connectivity Solutions

• Site-to-Site VPN Topologies and Technologies
• IPsec VPN Overview
• Internet Key Exchange v1 and v2
• Security Payload Encapsulation
• IPsec Virtual Tunnel Interface
• Dynamic Multipoint VPN
• Cisco IOS FlexVPN
• Overview of Point-to-Point IPsec VPNs on the Cisco ASA
• Configuration Tasks for Basic Point-to-Point Tunnels on the Cisco ASA
• Enable IKE on an Interface
• Configure IKE Policy
• Configure PSKs
• Choose Transform Set and VPN Peer
• Choose Traffic for VPN
• Configure Site-to-Site VPN with Connection Profiles Menu
• Verify and Troubleshoot Basic Point-to-Point Tunnels on the Cisco ASA
• Overview of Cisco IOS VTIs
• Configure Static VTI Point-to-Point Tunnels
• Verify Static VTI Point-to-Point Tunnels
• Configure Dynamic VTI Point-to-Point Tunnels
• Verify Dynamic VTI Point-to-Point Tunnels
• Overview of Cisco IOS DMVPN
• DMVPN Solution Components
• GRE
• NHRP
• DMVPN ◦ Types of Authentication
◦ Configure DMVPN on Hub
◦ Configure DMVPN on Spoke
◦ Configure Routing in DMVPN
◦ Verify DMVPN

Module 3: Cisco IOS Site-to-Site FlexVPN Solutions

• FlexVPN Overview
• Public Key Infrastructure (PKI)
• Site-to-Site VPN Topologies
• FlexVPN Architecture
• FlexVPN Configuration Overview
• FlexVPN Capabilities
• IKEv2 vs. IKEv1 Overview
• IKEv2 Message Exchange
• IKEv2 DoS Prevention
• IKEv1 and IKEv2 Comparison
• FlexVPN Use Cases
• Point-to-Point FlexVPN
• FlexVPN Configuration Blocks
• IKEv2 Profile
• Smart Defaults
• Manipulating Default Values
• Negotiating IKEv2 Proposals
• Point-to-Point VPN Scenario with IPv4 Static Routes
• Configure and Verify Point-to-Point VPN with IPv4 Static Routes
• Point-to-Point VPN Scenario with OSPFv3
• Configure and Verify Point-to-Point VPN with OSPFv3
• Enroll Devices to ECDSA PKI
• Configure Router for ECDSA
• Configure ASA for ECDSA
• Verify EC Key Pairs and Certificates
• Verify IKEv2 SA
• Verify IPsec SA
• Verify Point-to-Point FlexVPN (just flowchart and important show/debug command output)
• Cisco IOS FlexVPN
• IKEv2 Configuration Payload
• Locally Managed Hub-and-Spoke Scenario
• Configure a Spoke in a Hub-and-Spoke Scenario
• Configure a Hub in a Hub-and-Spoke Scenario
• Configuration Exchange
• Verify and Troubleshoot Hub-and-Spoke FlexVPN
• Spoke-to-Spoke Shortcut Scenario
• NHRP in FlexVPN
• Configure and Verify a Spoke in a Spoke-to-Spoke Shortcut Scenario
• Configure and Verify a Hub in a Spoke-to-Spoke Shortcut Scenario
• RADIUS-Managed FlexVPN Scenario
• Verify Spoke-to-Spoke Shortcut Switching
• Troubleshoot Spoke-to-Spoke Shortcut Switching (just flowchart and important show/debug command output)

Module 4: SSL VPNs

• Components
• SSL/TLS
• Overview of group policies and connection profiles
• Basic Cisco Clientless SSL VPN
• Solution Components
• Configure ASA gateway
• Configure basic authentication
• Configure access control (including URL entry and bookmarks)
• Verify basic clientless SSL VPN
• Troubleshoot basic clientless SSL VPN
• Deploying Application Access options (plug-ins, smart tunnels)
• Configure and verify plugins
• Configure and verify smart tunnels
• Troubleshoot plugins and smart tunnel
• Advanced Authentication in Cisco Clientless SSL VPN Solution Components
• Configure and verify Certificate based Authentication
• Configure and Verify External Authentication
• Troubleshoot Advanced Authentication in Clientless SSL VPN

Module 5: Cisco AnyConnect VPNs

• IP Address assignment
• Split Tunneling
• Basic Cisco AnyConnect SSL VPN ◦ Solution Components
◦ SSL VPN Server Authentication
◦ SSL VPN Clients Authentication
◦ SSL VPN Clients IP Address Assignment
◦ SSL VPN Split Tunneling
• Configure ASA for Basic AnyConnect SSL VPN
• Configure Basic Cisco Authentication
• Configure Access Control
• Verify and Troubleshoot Basic Cisco AnyConnect SSL VPN
• DTLS ◦ Overview
◦ Parallel DTLS and TLS Tunnels
◦ Configure DTLS
◦ Verify DTLS
• Cisco AnyConnect Client Configuration Management
• Cisco AnyConnect Client Operating System Integration Options
• Cisco AnyConnect Start Before Logon
• Cisco AnyConnect Trusted Network Detection
• Configure, Verify and Troubleshoot Cisco AnyConnect Start Before Logon
• Cisco AnyConnect Trusted Network Detection
• AnyConnect Support for IPSec/IKEv2
• Configure a Cisco AnyConnect IPsec/IKEv2 VPNs on a Cisco ASA Adaptive Security Appliance
• Verify and Troubleshoot Cisco AnyConnect IPsec/IKEv2 VPNs on Cisco ASA
• Cisco AnyConnect Advanced Authentication Scenarios
• External Authentication
• Certificate-Based Server Authentication
• Configure and Verify Certificate-Based Client Authentication
• SCEP Proxy ◦ Connection Flow
◦ Configuration Procedure
• Local Authorization
• External Authentication and Authorization Scenario
• Configure External Authentication and Authorization
• Troubleshoot Advanced Authentication and Authorization in Cisco AnyConnect VPNs
• Accounting

Module 6: Endpoint Security and Dynamic Access Policies

• Cisco HostScan Overview
• Cisco HostScan Prelogin Assessment
• Install Cisco HostScan
• Configure Prelogin Criteria and Prelogin Policy
• Configure Host Scan Endpoint Assessment
• Configure Host Scan Advanced Endpoint Assessment
• DAP ◦ Integrate with Host Scan
◦ Configure
◦ Verifying and Troubleshooting

Labs

• Site to Site Secure Connectivity on Cisco ASA
• Implement a Cisco IOS static VTI point-to-point tunnel
• Site-to-Site Secure Connectivity Using Cisco IOS FlexVPN
• Hub-to-Spoke Secure Connectivity Using Cisco IOS Flex VPN
• Spoke-to-Spoke Secure Connectivity Using Cisco IOS Flex VPN
• Cisco Clientless SSL VPN on Cisco ASA
• Application Access clientless SSL
• Advanced AAA Clientless SSL
• Implement Basic AnyConnect SSL VPN on Cisco ASA
• Advanced AnyConnect SSL VPN on Cisco ASA
• AnyConnect IPsec/IKEv2 VPNs on Cisco ASA
• Hostscan and DAP for AnyConect SSL VPNs

Request More Information

Time Frame: 0-3 Months4-12 Months

No Comments Yet.

Leave a comment

0