Duration: 5 Days
Learn to configure, maintain, and operate VPN solutions based on the Cisco ASA 5500 Series Adaptive Security Appliance (ASA) including:
- Site-to-site IPSec VPN
- Remote access IPSec VPN
- Remote access SSL VPN with AnyConnect 3.0
- Load balancing VPN clusters
- AAA for VPNs using Cisco ACS 5.2
We have enhanced the standard Cisco labs to run on our expanded topology to better simulate a typical production network. Using an ASA 5520, our expert instructors will guide you through exercises such as:
- Managing digital certificates for IPSec and SSL VPNs
- Implementing both site-to-site and remote access VPN
- Implementing VPN access policies for corporate employees, contractors, and partners
A Proven Impact Exclusive: Bonus Lab Credits
You'll receive 10 extra e-Lab credits (good for 30 Days ) to review a topic after class, refine your skills, or get in extra practice-whatever lab activities complete your training.
What You Will Learn
- Implement site-to-site IPSec VPN
- Implement remote access IPSec and SSL VPNs
- Work with both the legacy Cisco IPSec VPN client and the AnyConnect 3.0 VPN client
- Deploy clientless SSL VPN access, including portal customization, smart tunnel access, and web-type ACLs
- Implement single sign-on for clientless VPN access to internal resources
- Deploy full tunnel SSL VPN using the Cisco AnyConnect VPN Client
- Determine and enhance the security posture of remote SSL VPN systems using Cisco Secure Desktop
- Use digital certificates and PKI infrastructure for peer identity management in all classes of VPN
- Configure the ASA as a Certificate Authority for SSL VPN access
- Configure the ASA as a SCEP proxy for remote access VPN
- Configure access control policies to implement your security policy across all classes of VPN
- Use Dynamic Access Policies (DAP) to adapt a remote user's VPN policy to the user's current situation
- Implement High Availability and scalability features for Cisco ASA VPN solutions
Audience
- Anyone who implements and maintains VPN features on the Cisco ASA
- Those seeking CCNP Security certification
Prerequistes
Course Outline
1. ASA VPN Architecture and Common Components
- ASA VPN Subsystem Architecture
- ASA Software Architecture
- Implementing Profiles, Group Policies, and User Profiles
- Implementing PKI Services
2. ASA Remote Access SSL VPN Solutions
- Basic Clientless SSL VPN
- Advanced Clientless SSL VPN
- Advanced Authentication and SSO for Clientless SSL VPN
- Customizing the Clientless SSL VPN Interface and Portal
3. AnyConnect Remote Access SSL VPN
- Basic AnyConnect Full Tunnel SSL VPN Solution
- Advanced AnyConnect Full Tunnel SSL VPN Solution
- Advanced AAA in AnyConnect Full Tunnel VPNs
4. ASA Remote Access IPSec VPNs
- Deploying Cisco Remote Access VPN Clients
- Basic Remote Access IPSec VPN Solutions
5. ASA Site-to-Site VPNs
- Basic Site-to-Site IPSec VPNs
- Advanced Site-to-Site IPSec VPNs
6. Endpoint Security and High Availability for ASA VPNs
- Cisco Secure Desktop and DAP for SSL VPNs
- High Availability Features in ASA VPNs
Course Labs
Lab 1: Enhanced - Licensing, ACS, Public CA
Lab 2: Enhanced - Basic Clientless SSL VPN
Lab 3: Enhanced - Clientless SSL VPN: Thin Apps
Lab 4: Enhanced - Customizations and Auto Sign-On
Lab 5: Enhanced - Basic AnyConnect Full Tunnel SSL VPN
Lab 6: Enhanced - AnyConnect: Centralized Management
Lab 7: Enhanced - Local CA and SCEP Proxy
Lab 8: Enhanced - Remote Access IPSec VPN
Lab 9: Enhanced - IPSec Site-to-Site VPN
Lab 10: Enhanced - Cisco Secure Desktop and Dynamic Access Policies
Lab 11: Enhanced - VPN Server Load Balancing
