Deploying Cisco ASA VPN Solutions (VPN)

Posted on by

Deploying Cisco ASA VPN Solutions is a 5 day instructor-led training class  that is presented by Cisco training partners to their end customers. Channel Partners nationwide hire proven AMS Subject Matter Expert Cisco Certified Systems Instructors (CCSI’s) to teach on-site or on-line classes.

This course is intended for:

  • Network Security Engineers (NSEs) involved in VPN design, implementation and maintenance
  • Cisco customers who implement and maintain Cisco ASA (adaptive
    security appliance) based VPN solutions

Others who would find this course useful include:

  • Cisco channel partners who sell, implement, and maintain Cisco
    ASA security appliances
  • Cisco engineers who support the sale of Cisco ASA security
    appliances

The course is used in these certifications, specializations,
curricula, and learning maps: Certifications:

  • Cisco Certified Network Professional Security (CCNP Security)

Curricula, specializations, and learning maps:

  • CCNP Security (and optionally some related specializations
    within the CCNP Security program)

Certifications

This course is part of the following Certifications:

  • Cisco Certified Network Professional Security (CCNP Security)
  • CCIE Security

Prerequisites

The knowledge and skills you must have before attending this
course are:

  • Cisco Certified Network Associate (CCNA) certification
  • Cisco Certified Network Associate Security (CCNA Security)
    certification
  • Deploying Cisco ASA Firewall Solutions (FIREWALL)
  • Working knowledge of the Microsoft Windows operating system

Course Objectives

Upon completing this course, you will be able to:

  • Describe the general properties of the Cisco ASA VPN subsystem
  • Implement and maintain Cisco clientless remote access SSL VPNs on the Cisco ASA adaptive security appliance VPN
    gateway
  • Implement and maintain Cisco AnyConnect client-based remote
    access SSL VPNs on the Cisco ASA security appliance
    VPN gateway according to policies and environmental requirements
  • Implement and maintain Cisco remote access IPsec VPNs on the Cisco ASA VPN gateway according to policies
    and environmental requirements
  • Implement and maintain site-to-site VPN solutions on the Cisco ASA security appliance VPN
    gateway according to policies and environmental requirements
  • Deploy endpoint security with Cisco Secure Desktop and DAP, and
    deploy and manage high-availability and high-performance features of the Cisco
    ASA security appliance

Course Content

The Deploying Cisco ASA VPN
Solutions (VPN) 2.0 course is part of the curriculum path leading to the Cisco
Certified Network Professional Security (CCNP Security) certification. It is a
five-day instructor-led course aimed at providing you with the knowledge and
skills needed to implement and maintain Cisco ASA-based perimeter solutions.
Upon completion, you will be able to reduce risk to the IT infrastructure and
applications using Cisco ASA features, and provide detailed operations support
for the Cisco ASA.

Detailed Course Outline

Module 1: The Cisco ASA Adaptive Security Appliance VPN Architecture and
Common Components

Describe the general properties of the Cisco ASA adaptive security appliance
VPN subsystem

Lesson 1: Evaluating the Cisco ASA Adaptive Security Appliance VPN
Subsystem Architecture

  • Identify the various VPN topologies and identify the correct topology to use
    for a given scenario
  • Identify the Cisco ASA security appliance IPv6 VPN capabilities
  • Identify the components of the Cisco AnyConnect Secure Mobility Client 3.0
  • Identify the available VPN licensing options and choose the appropriate
    licensing option for your network

Lesson 2: Evaluating the Cisco ASA Adaptive Security Appliance
Software Architecture

  • Describe the principles of the Cisco ASA security appliance access control
    model
  • Evaluate Cisco ASA security appliance VPN-related routing features
  • Evaluate Cisco ASA security appliance VPN-related NAT features
  • Evaluate Cisco ASA security appliance VPN-related AAA features
  • Case Study 1-1: Implementing a Security High-Level Design

Lesson 3: Implementing Profiles, Group Policies, and User
Policies

  • Describe the components of Cisco ASA security appliance VPN policy
    configuration
  • Configure Cisco ASA security appliance connection profiles
  • Configure Cisco ASA security appliance group policies
  • Configure Cisco ASA security appliance user attributes
  • Describe AAA functions that are available in remote-access VPNs
  • Identify access control methods for VPN Users
  • Implement VPN accounting to external RADIUS and TACACS+ servers
  • Identify Cisco Secure Desktop and DAP features

Lesson 4: Implementing PKI Services

  • Evaluate PKI services for IPsec and SSL VPN configurations
  • Evaluate different methods of deploying server-side certificates on the
    Cisco ASA security appliance
  • Configure and verify the local CA on the Cisco ASA security appliance and
    the Cisco AnyConnect client with client certificates that are provisioned by a
    Cisco ASA security appliance
  • Choose the appropriate CA server for your design
  • Describe methods to deploy a client certificate to use with Cisco VPN
    deployments
  • Configure and verify certificate-to-connection-profile mapping on the Cisco
    ASA security appliance
  • Describe SCEP proxy operations

Module 2: Cisco ASA Adaptive Security Appliance Clientless Remote Access SSL
VPN Solutions

Implement and maintain Cisco clientless remote access SSL VPNs on the Cisco
ASA adaptive security appliance VPN gateway

Lesson 1: Deploying Basic Clientless VPN Solutions

  • Describe the building blocks of, and use cases for, the Cisco ASA clientless
    SSL VPN solution
  • Plan the configuration of a clientless SSL VPN solution
  • Configure and verify basic Cisco ASA security appliance gateway features and
    gateway authentication for a clientless SSL VPN
  • Configure and verify password-based local user authentication in a
    clientless SSL VPN
  • Configure and verify basic access control in a clientless SSL VPN
  • Tune and verify the gateway content rewriting features
  • Troubleshoot VPN session establishment between a browser client and a Cisco
    ASA security appliance gateway
  • Lab 2-1: Configuring Basic Clientless VPN Access on the
    Cisco ASA Adaptive Security Appliance

Lesson 2: Deploying Advanced Application Access for Clientless SSL
VPNs

  • Plan the deployment of clientless SSL VPN application access features
  • Configure and verify application plug-ins
  • Configure and verify smart tunnels in clientless SSL VPNs
  • Troubleshoot advanced application access in clientless SSL VPNs
  • Lab 2-2: Configuring Advanced Application Access for
    Clientless SSL VPNs

Lesson 3: Deploying Advanced Authentication and SSO for Clientless
SSL VPNs

  • Design clientless SSL VPN authentication
  • Deploy client-side certificate-based authentication
  • Configure and verify multiple client authentications
  • Troubleshoot the integration of a clientless SSL VPN with PKI
  • Configure and verify clientless VPN SSO methods
  • Troubleshoot clientless VPN SSO methods

Lesson 4: Customizing the Clientless S SL VPN User Interface and
Portal

  • Configure and verify basic customization of the VPN portal navigation pages
  • Configure and verify full portal HTML customization
  • Configure and verify portal localization
  • Configure and verify portal help customization
  • Configure and verify application integration customization
  • Lab 2-3: Customizing the SSL VPN Portal on the Cisco ASA
    Adaptive Security Appliance

Module 3: Cisco AnyConnect Remote Access SSL Solutions

Implement and maintain Cisco AnyConnect client-based remote access SSL VPNs
on the Cisco ASA security appliance VPN gateway according to policies and
environmental requirements

Lesson 1: Deploying a Basic Cisco AnyConnect Full-Tunnel SSL VPN
Solution

  • Describe the operation of full-tunnel SSL VPN technology
  • Plan, configure, and verify the gateway features of the Cisco ASA security
    appliance for a Cisco AnyConnect full-tunnel SSL VPN solution
  • Configure and verify password-based local user authentication and client IP
    address assignment for a full-tunnel SSL VPN
  • Configure basic access control and split tunneling for a full-tunnel SSL VPN
  • Install, configure, and verify Cisco AnyConnect 3.0 using the predeployment
    method
  • Troubleshoot VPN session establishment between a Cisco AnyConnect client and
    a Cisco ASA security appliance gateway
  • Lab 3-1: Configuring Basic Cisco AnyConnect Client
    Full-Tunnel SSL VPNs Using Local Password Authentication

Lesson 2: Deploying an Advanced Cisco AnyConnect Full-Tunnel SSL VPN
Solution

  • Describe the tasks you use to configure centrally controlled client
    functions in for Cisco AnyConnect clients
  • Deploy DTLS on the Cisco ASA security appliance
  • Deploy and upgrade Cisco AnyConnect from a Cisco ASA gateway
  • Configure and verify Cisco AnyConnect XML profiles
  • Configure and verify the Cisco AnyConnect Trusted Network Detection,
    scripting, and SBL feature
  • Customize and verify the Cisco AnyConnect user interface
  • Lab 3-2: Deploying the Cisco AnyConnect Client with
    Centralized Management

Lesson 3: Deploying Advanced AAA in Cisco Full-Tunnel VPNs

  • Choose a gateway and user authentication method in Cisco AnyConnect
    full-tunnel SSL VPNs
  • Plan the deployment of advanced client authentication
  • Configure and verify the local CA on the Cisco ASA security appliance and
    the Cisco AnyConnect client with client certificates that are provisioned by the
    Cisco ASA security appliance
  • Configure and verify the Cisco ASA security appliance and Cisco AnyConnect
    client to use an external CA and provision client certificates
  • Configure SCEP proxy for Cisco AnyConnect
  • Configure and verify integration with supporting PKI entities
  • Configure multiple client authentication
  • Troubleshoot advanced client authentication in full-tunnel SSL VPNs
  • Configure and verify local and remote group policy authorization in a Cisco
    full-tunnel SSL VPN
  • Configure and verify local and remote group policy accounting in a Cisco
    full-tunnel SSL
  • VPN
  • Lab 3-3: Configuring Basic Cisco AnyConnect Full-Tunnel SSL
    VPNs Using Local CA and SCEP Proxy

Module 4: Cisco ASA Adaptive Security Appliance Remote Access IPsec
VPNs

Implement and maintain Cisco remote access IPsec VPNs on the Cisco ASA VPN
gateway according to policies and environmental requirements

Lesson 1: Deploying Cisco Remote Access VPN Clients

  • Describe the operation of IPsec VPN technology
  • Choose the appropriate Cisco VPN client product
  • Install, configure, and verify the installation of the legacy Cisco IPsec
    VPN client
  • Configure and verify the legacy Cisco IPsec VPN client profiles
  • Configure and verify advanced the legacy Cisco IPsec VPN client profile
    settings
  • Install, configure, and verify the installation of Cisco AnyConnect 3.0
  • Configure and verify the auto-initiation feature of Cisco AnyConnect 3.0
  • Troubleshoot Cisco remote access VPN session establishment
  • Lab 4-1: Deploying Basic Cisco Easy VPN

Lesson 2: Deploying Basic Cisco Remote Access IPsec VPN
Solutions

  • Plan the configuration of a Cisco remote access IPsec VPN gateway
  • Configure and verify basic Cisco ASA gateway features and gateway
    authentication in a Cisco for remote access IPsec VPNs
  • Configure and verify Cisco remote access VPN PSK-based peer authentication
  • Configure and verify Cisco remote access VPN extended authentication
  • Configure and verify Cisco remote access VPN hybrid authentication
  • Configure and verify Cisco remote access VPN local IP address management
  • Configure and verify Cisco remote access VPN basic access control and split
    tunneling
  • Configure IKEv2 support for remote access IPsec VPN solutions
  • Troubleshoot Cisco remote access VPN session establishment between a Cisco
    VPN client and a Cisco ASA gateway

Module 5: Cisco ASA Adaptive Security Appliance Site-to-Site IPsec VPN
Solutions

Implement and maintain site-to-site VPN solutions on the Cisco ASA security
appliance VPN gateway according to policies and environmental
requirements

Lesson 1: Deploying Basic Site-to-Site IPsec VPNs

  • Plan a Cisco ASA security appliance site-to-site VPN
  • Configure and verify basic peer authentication in a Cisco ASA security
    appliance site-to-site VPN
  • Configure and verify transmission protection in a Cisco ASA security
    appliance site-to-site VPN
  • Troubleshoot the operation of a Cisco ASA security appliance site-to-site
    VPN
  • Lab 5-1: Deploying a Basic Cisco ASA IPsec Site-to-Site VPN

Lesson 2: Deploying Advanced Site-to-Site IPsec VPNs

  • Plan a Cisco ASA security appliance site-to-site VPN using PKI- based
    authentication
  • Configure and verify PKI-based peer authentication in a Cisco ASA security
    appliance site-to- site VPN
  • Troubleshoot the operation of a PKI-based Cisco ASA security appliance
    site-to-site VPN

Module 6: Endpoint Security and High Availability for Cisco ASA VPNs

Deploy high-availability options for various Cisco ASA adaptive security
appliance VPN deployments

Lesson 1: Implementing Cisco Secure Desktop and DAP for SSL
VPNs

  • Choose network admission features for Cisco AnyConnect full-tunnel SSL VPNs
  • Install, enable, and verify Cisco Secure Desktop on a Cisco ASA security
    appliance SSL VPN gateway
  • Configure and verify Cisco Secure Desktop prelogin criteria on a Cisco ASA
    security appliance SSL VPN gateway
  • Configure and verify Cisco Secure Desktop prelogin policies on a Cisco ASA
    security appliance SSL VPN gateway
  • Configure and verify basic Cisco Secure Desktop Advanced Endpoint Assessment
    features on a Cisco ASA security appliance SSL VPN gateway
  • Configure and verify DAPs that are enabled for Cisco Secure Desktop on a
    Cisco ASA security appliance SSL VPN gateway
  • Troubleshoot Cisco Secure Desktop operations on a Cisco ASA security
    appliance SSL VPN gateway
  • Lab 6-1: Deploying Cisco Secure Desktop for Cisco VPNs

Lesson 2: Deploying High-Availability Features in Cisco ASA Adaptive
Security Appliance VPNs

  • Choose VPN high-availability and high-performance features
  • Configure and verify redundant peering with Cisco AnyConnect and IPsec
    client
  • Deploy active/standby failover for SSL and IPsec VPNs
  • Implement dynamic routing to achieve IPsec site-to-site VPN high
    availability
  • Describe the deployment of VPN load-balancing clusters
  • Provide high availability and high performance using an external SLB
    appliance
  • Troubleshoot Cisco ASA security appliance failover and VPN clustering
    functions
  • Lab 6-2: Configuring a Load Balancing SSL VPN Cluster

To Hire an AMS Cisco Certified Systems Instructor and Subject Matter Expert that teaches this class, call 800-798-3901 today!

 

Related posts:

  1. The benefits of VPN 2.0 Deploying Cisco ASA VPN Solutions classes
  2. Securing Networks with Cisco Routers and Switches
  3. MOC 10233 – Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010
  4. Implementing Cisco Intrusion Prevention System (IPS)

Leave a Reply