Font size:

Description:

This is a bundled training package. It contains training for each of the bundled items below:

Course Price
Cisco VPN 2.0: Evaluating the Cisco ASA VPN Architecture $74.95
Cisco VPN 2.0: Implementing Core Cisco ASA Policy Configurations and PKI Services $74.95
Cisco VPN 2.0: Deploying Clientless SSL VPNs $74.95
Cisco VPN 2.0: Policy Configurations and PKI Services $74.95
Cisco VPN 2.0: Cisco ASA Adaptive Security Appliance Remote Access IPsec VPNs $74.95
Cisco VPN 2.0: Cisco ASA Site-to-Site IPsec VPN Solutions $74.95
Cisco VPN 2.0: Cisco AnyConnect Remote Access SSL Solutions $74.95
Cisco VPN 2.0: Deploying Advanced AAA in Cisco Full-Tunnel VPNs $74.95
Cisco VPN 2.0: Implementing Cisco Secure Desktop and DAP for SSL VPNs $74.95
Cisco VPN 2.0: Deploying High Availability Features in Cisco ASA VPNs $74.95

Bundle Price: $349.00
Total Savings: $400.50


Cisco VPN 2.0: Evaluating the Cisco ASA VPN Architecture

The Cisco ASA Adaptive Security Appliance provides a rich set of VPN features that cover a wide range of common enterprise use cases to support mobile workers and remote offices. This course introduces the VPN technologies and access methods that the Cisco ASA Security Appliance supports; the integration of these access methods in the Cisco ASA Security Appliance traffic forwarding engine and access control model; and the VPN licensing options of Cisco ASA Security Appliances. The Cisco ASA Adaptive Security Appliance provides a rich set of network integration, access control, and VPN features that work together to provide multiple security functions to an organization. Because this course focuses on the VPN aspects of the Cisco ASA Security Appliance software and hardware, it provides a refresher of baseline access control and network integration features that are required when implementing VPN functionality.
  • recognize the characteristics of VPN topologies
  • describe the phases of SSL/TSL operation
  • identify the considerations for configuring security contexts on the Cisco ASA Security Appliance
  • describe the Cisco ASA Security Appliance IPv6 VPN capabilities
  • match the components of the Cisco AnyConnect Secure Mobility Client 3.0 to their functions
  • describe the available VPN licensing options
  • sequence the steps to configure shared VPN licensing
  • describe the methods of network traffic control used by the Cisco ASA Security Appliance access control model
  • identify the routing methods supported by Cisco ASA Security Appliance
  • describe the features of Cisco ASA Security Appliance VPN-related NAT
  • describe the features of Cisco ASA Security Appliance VPN-related AAA

Cisco VPN 2.0: Implementing Core Cisco ASA Policy Configurations and PKI Services

Configuring policies and network settings for many VPN users requires a scalable and flexible configuration mechanism. This course discusses how to configure connection profiles and group policies, which are the cornerstone for configuring either Secure Sockets Layer (SSL) VPNs or IP Security (IPsec) remote access policies on the Cisco ASA Adaptive Security Appliance. Public key infrastructure (PKI) services provide a scaleable and trusted method of authentication. All types of VPNs can use PKI to perform mutual authentications, server-side authentications, and client authentications. In this course, several methods for deploying PKI services on the Cisco ASA Adaptive Security Appliance are explained.
  • sequence priorities in the Cisco ASA Security Appliance's policy inheritance model
  • describe how connection profiles work
  • describe how to configure connection profiles
  • identify the characteristics of Cisco ASA Security Appliance group policies
  • configure a connection profile and a group policy for a given scenario
  • describe how Cisco ASA VPN AAA, access control, and accounting can be configured
  • identify the features of Cisco Secure Desktop
  • identify the components of dynamic access policies on the Cisco ASA Security Appliance
  • recognize how to use PKI to support a scalable VPN deployment
  • differentiate between methods for determining certificate revocation
  • identify the steps configure the basic Cisco ASA Security Appliance SSL VPN gateway features to use a PKI-provisioned identity certificate of the appliance
  • generate RSA keys and enroll the Cisco ASA into an existing PKI
  • sequence the steps to configure certificate-based client authentication by using the local CA of the Cisco ASA Security Appliance
  • identify the steps to configure a certificate-to-connection profile mapping on the Cisco ASA Security Appliance
  • describe SCEP proxy operations
  • configure the Cisco ASA as a local CA server
  • create a certificate user account on the Cisco ASA
  • enable certificate-based authentication for remote-access SSL VPN clients
  • configure and define connection profile map critera

Cisco VPN 2.0: Deploying Clientless SSL VPNs

Clientless Secure Sockets Layer (SSL) VPN solutions provide browser-based access to resources behind the Cisco ASA adaptive security appliance. With clientless SSL VPNs, users can access resources without any special client software. Web-based applications, Common Internet File System (CIFS) file shares, and FTP servers can also be accessed by users when using clientless SSL VPNs. And with application plug-ins, port forwarding, and Smart tunnels, users can access almost any application that uses static TCP ports. This course describes deployment of the basic clientless SSL VPN including how to configure, verify, and troubleshoot a basic clientless SSL VPN solutions. Many enterprise applications are not web-based and use other standard or proprietary protocols to communicate over IP networks. Therefore, clientless Secure Sockets Layer (SSL) VPN gateways must provide some alternative possibilities for users to access these application resources. This course discusses the application plug-ins and smart-tunnel features of the Cisco ASA adaptive security appliance SSL VPN gateway. These features provide clientless access to a wide range of thin- and thick-client applications. In this course how to configure, verify, and troubleshoot these access features are described.
  • describe the characteristics of the Cisco ASA clientless SSL VPN solution
  • put the general deployment tasks for the creation of a clientless SSL VPN solution in order
  • describe how to configure and verify basic Cisco ASA security appliance gateway features and gateway authentication for clientless SSL VPNs
  • recognize how to configure basic user authentication in clientless SSL VPN
  • enable an outside interface for clientless SSL VPN access using an identity certificate
  • describe the considerations involved in setting basic access control in a clientless SSL VPN
  • recognize basic access control configuration tasks
  • describe how to troubleshoot clientless SSL VPN session establishment
  • describe the consideration involved in the deployment of clientless SSL VPN application-access features
  • match the tasks involved in the configuration of application plug-ins on the Cisco ASA security appliance SSL VPN gateway to their description
  • describe how to configure and verify Smart tunnels in clientless SSL VPNs
  • describe the benefits of Smart tunnels
  • troubleshoot advanced application access in clientless SSL VPNs in a given scenario

Cisco VPN 2.0: Policy Configurations and PKI Services

Most enterprises need scalable authentication schemes, in which the network devices offload the authentication process to back-end user databases such as Lightweight Directory Access Protocol (LDAP), TACACS+, or RADIUS. In clientless Secure Sockets Layer (SSL) VPNs, public key infrastructure (PKI) offers a scalable and secure authentication method. This course discusses the various authentication approaches that you should evaluate when designing a clientless SSL VPN solution, including the option of combining multiple authentications in a single process. This lesson also shows you how to provide a user-friendly authentication strategy by requiring only a single sign-on (SSO) when accessing various resources. Many enterprises want to customize the user interface that is presented to clientless Secure Sockets Layer (SSL) VPN clients. Typical needs include language localization, which ensures that users navigate through pages that are written in their own language. This course discusses basic and advanced customization of portal navigation pages, help pages, and application integration. The course also explains how to implement language localization and describes the integration options that are available with the Cisco AnyConnect Client.
  • describe the considerations involved in clientless SSL VPN authentication design
  • describe how to deploy client-side certificate-based authentication
  • describe the characteristics of Double AAA Authentication
  • describe how to troubleshoot authentication failures in clientless SSL VPN with PKI
  • describe how to configure and verify clientless VPN SSO methods
  • recognize how to troubleshoot clientless VPN SSO
  • describe how to configure and verify the basic customization of the VPN portal navigation panes
  • recognize steps to configure full portal HTML customization
  • describe the characteristics of portal language localization
  • match the language localization configuration task with their descriptions
  • configure portal help customization in a given scenario
  • describe how to configure application-integration customization

Cisco VPN 2.0: Cisco ASA Adaptive Security Appliance Remote Access IPsec VPNs

The Cisco ASA adaptive security appliance supports remote access IP Security (IPsec) VPNs that you can manage using the Cisco Easy VPN solution. Remote access IPsec VPNs protect traffic between mobile workers and a central site. This course describes how to deploy remote access IPsec VPNs, including preshared authentication, certificate-based authentication, and advanced public key infrastructure (PKI) integration. Remote access deployments that use the Cisco VPN Client and the Cisco AnyConnect 3.0 Client for IPsec connections are also described. Cisco VPN Client is software that runs on an endpoint, with support for Windows, Mac OS X, and Linux. When you install Cisco VPN Client on a remote PC and it communicates with a Cisco ASA adaptive security appliance, it creates a secure connection over the Internet. Through this connection, you can access a private network as if you were an on-site user. This course describes the features that Cisco VPN Client and Cisco AnyConnect Secure Mobility Client 3.0 (Cisco AnyConnect 3.0) support, and shows you how to install the client software and configure a profile. This course also covers how to configure advanced Cisco VPN Client profile settings for the Cisco IPsec VPN Client. A basic Cisco remote access IP Security (IPsec) VPN solution provides client-based access to sensitive resources over a remote access IPsec VPN gateway that is implemented on the Cisco ASA adaptive security appliance. A basic Cisco remote access IPsec VPN solution uses basic user authentication using usernames and passwords, client configuration and IP address assignment services, and a single access control policy. This course demonstrates how to configure, verify, and troubleshoot a basic Remote Access IPsec VPN solution.
  • describe the features of IPsec VPN technology
  • determine which Cisco VPN Client product should be used for a given scenario
  • identify the tasks to implement the Legacy Cisco IPsec VPN Client
  • identify the steps to configure basic Cisco ASA security appliance gateway features and gateway authentication for remote access IPsec VPNs
  • identify the steps to configure group authentication in the basic Cisco remote access IPsec VPN solution
  • deploy basic Cisco Easy VPN
  • set up the Cisco ASA 5520 as an Easy VPN server
  • identify the steps to configure Cisco remote access IPsec VPN extended authentication
  • identify the steps to configure Cisco remote access IPsec VPN hybrid authentication
  • identify the steps to configure Cisco remote access VPN local IP address management
  • identify the steps to configure Cisco remote access VPN basic access control
  • identify the steps to configure IKEv2 support for remote access IPsec VPN solutions
  • troubleshoot basic Cisco remote access IPsec VPN operation

Cisco VPN 2.0: Cisco ASA Site-to-Site IPsec VPN Solutions

The Cisco ASA adaptive security appliance supports site-to-site IP Security (IPsec) VPN deployments, which can be used to protect traffic between remote and central sites. Basic deployments of site-to-site IPsec VPNs use pre-shared keys (PSKs) for authentication, which is recommended for smaller deployments. This course demonstrates how to configure, verify, and troubleshoot basic site-to-site IPsec VPNs. The Cisco ASA adaptive security appliance supports certificate-based authentication in site-to-site VPNs, together with rich public key infrastructure (PKI) integration options. You can use certificates to provide secure and scalable authentication among multiple sites in large site-to-site IPsec VPNs. How to enroll the Cisco ASA security appliance into a PKI and how to enable certificate-based authentication for site-to-site IPsec VPNs is also covered in the course.
  • identify the guidelines for configuring a Cisco ASA security appliance site-to-site VPN
  • identify the steps to configure basic peer authentication in a Cisco ASA security appliance site-to-site VPN
  • identify the steps to configure transmission protection in a Cisco ASA security appliance site-to-site VPN
  • configure IKE and IPsec parameters required for site-to-site secure tunnel establishment
  • troubleshoot the operation of a Cisco ASA security appliance site-to-site VPN
  • identify the steps to configure PKI-based peer authentication for a site-to-site VPN

Cisco VPN 2.0: Cisco AnyConnect Remote Access SSL Solutions

A basic Cisco AnyConnect full-tunnel Secure Sockets Layer (SSL) VPN provides users with flexible client-based access to sensitive resources over a remote access VPN gateway, which is implemented on the Cisco ASA adaptive Security Appliance. A basic Cisco AnyConnect full-tunnel SSL VPN solution uses usernames and passwords to provide basic user authentication. In addition, the Cisco ASA Security Appliance provides IP address assignment to the full-tunnel client and uses a basic access control policy. This course discusses how to configure, verify, and troubleshoot a basic Cisco AnyConnect full-tunnel SSL VPN solution. In addition to the configuration tasks for deploying basic Cisco AnyConnect full-tunnel SSL VPNs, a scalable VPN design provides the flexibility to tune options that fit the needs of an organization. How to deploy and manage advanced deployment features of a Cisco AnyConnect full-tunnel SSL VPN solution are also covered.
  • identify the tasks to configure gateway features of the Cisco ASA Security Appliance for a Cisco AnyConnect full-tunnel SSL VPN solution
  • identify the guidelines for implementing the basic SSL VPN gateway features of the Cisco ASA Security Appliance
  • identify the tasks to configure user authentication in the basic Cisco ASA Security Appliance full-tunnel SSL VPN solution
  • identify the tasks to configure basic access control for a full-tunnel SSL VPN
  • identify the tasks to implement Cisco AnyConnect 3.0 using the pre-deployment method
  • troubleshoot basic full-tunnel SSL VPN operation
  • enable SSL VPN and DTLS on the outside interface
  • enable Cisco AnyConnect VPN Client support
  • remove an active algorithm from session encryption settings
  • describe how to deploy DTLS on the Cisco ASA adaptive Security Appliance
  • recognize when to use each method for deploying and upgrading Cisco AnyConnect software
  • identify the characteristics of the Cisco AnyConnect profile
  • describe the Trusted Network Detection, the Cisco AnyConnect scripting, and the Start Before Logon (SBL) features
  • describe how to customize the Cisco AnyConnect user interface

Cisco VPN 2.0: Deploying Advanced AAA in Cisco Full-Tunnel VPNs

When deploying VPNs, it is important to use strong authentication options. This course describes several advanced authentication options that you can use when implementing Cisco AnyConnect full-tunnel Secure Sockets Layer (SSL) VPNs on the Cisco ASA adaptive Security Appliance. These authentication options offer more adequate security and scalability, compared to basic local authentication. Advanced password-based authentication using external authentication, authorization, and accounting (AAA) servers, certificate-based authentication using the local certificate authority (CA) of the Security Appliance, and options that are available to verify user certificates for revocation are also covered.
  • describe how to select a gateway and user authentication method in Cisco AnyConnect full-tunnel SSL VPNs
  • describe the considerations involved in planning the deployment of advanced client authentication
  • distinguish between external AAA authentication configuration tasks
  • describe how to configure the local CA on the Cisco ASA Security Appliance and the Cisco AnyConnect Client, with client certificates provisioned by the Cisco ASA Security Appliance
  • describe the considerations involved in configuring the Cisco ASA and Cisco AnyConnect Client to use an external CA and provision client certificates
  • sequence the steps to configure SCEP proxy for Cisco AnyConnect
  • describe how to implement a certificate revocation solution
  • identify valid combinations for deploying multiple authentication combinations
  • describe how to configure local group policy authorization in a Cisco full-tunnel SSL VPN
  • match the external VPN authorization input parameters to their descriptions
  • describe how to configure remote group policy authorization in a Cisco full-tunnel SSL VPN
  • sequence the steps to enable accounting in a connection profile

Cisco VPN 2.0: Implementing Cisco Secure Desktop and DAP for SSL VPNs

An important requirement of VPNs is to provide host security at the endpoint. This ensures hosts that connect to the trusted network and to provide high availability and high performance are secure. Cisco Secure Desktop enables administrators to provide a higher level of security to untrusted endpoints with dynamically downloadable ActiveX components. Cisco Secure Sockets Layer (SSL) VPN solutions provide organizations with robust and flexible products for protecting their security and the privacy of their information; Cisco SSL VPN solutions can also play an important part in the compliance strategies of an organization. Cisco Secure Desktop technology interoperates with the endpoint operating system and can ensure the removal of all data, especially from an untrusted system with potentially malicious third-party software installed. You can deploy Cisco Secure Desktop to reduce the risks posed by untrusted endpoints that connect to an enterprise network via a clientless SSL VPN or Cisco AnyConnect client session. Cisco Secure Desktop, in combination with other security controls and mechanisms, helps reduce the risks that are associated with using clientless and full-tunnel SSL VPNs. This course describes how to implement Cisco Secure Desktop for both clientless and full-tunnel SSL VPNs.
  • describe Cisco AnyConnect full-tunnel SSL VPN network admission features
  • describe the considerations involved in enabling Cisco Secure Desktop functions
  • describe the considerations involved in Cisco Secure Desktop deployment
  • describe how to configure and verify Cisco Secure Desktop prelogin criteria on a Cisco ASA security appliance SSL VPN gateway
  • match the actions you can apply to prelogin policies to their descriptions
  • describe how to configure and verify Cisco Secure Desktop prelogin policies on a Cisco ASA security appliance SSL VPN gateway
  • describe the purpose of the Cisco Secure Desktop Advanced Endpoint Assessment extension
  • describe how DAP on the Cisco ASA is used in authorization operations
  • describe the tasks used to configure Cisco Secure desktop-enabled DAP policies
  • describe the tasks used to integrate Cisco Secure Desktop with DAP
  • sequence the steps to troubleshoot Cisco Secure Desktop operations on a Cisco ASA security appliance SSL VPN gateway

Cisco VPN 2.0: Deploying High Availability Features in Cisco ASA VPNs

Two of the most challenging requirements of VPNs are high availability and high performance. High availability ensures continuous operation even if one or more VPN servers fail. High performance enhancements are deployed to boost the system performance by alleviating the load that is placed on a single VPN server. This course discusses the methods of deploying high availability: redundant peering, active/standby failover, cluster load balancing, and server load balancing (SLB). This course explains the troubleshooting methods that can be employed to investigate high availability problems.
  • describe the high-availability options in SSL and IPsec VPNs
  • describe how to deploy redundant peering in full-tunnel VPNs
  • identify the considerations for deploying active/standby failover for SSL and IPsec VPNs
  • identify the steps to implement OSPF through an IPsec site-to-site tunnel
  • identify the considerations for deploying Cisco ASA security appliance VPN clusters
  • describe how to provide high availability and high performance using an external SLB appliance
  • describe how to troubleshoot Cisco ASA security appliance VPN failover and load balancing
Register Now
VPN 2.0 : Deploying Cisco ASA VPN Solutions e-learning bundle
  • Course ID:
    271548
  • Duration:
    n/a
  • Price:
    $349