• No results found

VPN_2: Deploying Cisco ASA VPN Solutions

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "VPN_2: Deploying Cisco ASA VPN Solutions"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

VPN_2: Deploying Cisco ASA VPN Solutions

Description

Deploying Cisco ASA VPN Solutions (VPN) 2.0 is the latest update to the Cisco Certified VPN Training that aims at providing network security engineers with the knowledge and skills needed to configure Cisco VPN Solutions with the Cisco ASA Security Appliance and focuses on the use of the Cisco AnyConnect 3.0 Client and ASA 8.4 code version. Our students will learn the skills they need to choose, configure, and troubleshoot the majority of Cisco ASA adaptive security appliance remote access and site-to-site VPN features to reduce risk to IT infrastructure and its applications.

Return to Top

Prerequisites

The knowledge and skills that you must have before attending this course include concepts from the following Cisco Certification Courses:

Cisco Certified Network Associate (CCNA) certification: Interconnecting Cisco Network Devices 1 (ICND1) Interconnecting Cisco Network Devices 2 (ICND2)

Cisco Certified Network Associate Security (CCNA Security) certification: Implementing Cisco IOS Network Security (IINS)

In addition to the above prerequisite skills, learners will benefit from a working knowledge of the Microsoft Windows operating system.

Return to Top

Audience

This course is intended for the following audience: Network Security Engineers (NSEs)

ASA Administrators

Network Security Administrators Firewall Administrators

Return to Top

At Course Completion

After completing this course, you will be able to:

Evaluate the Cisco ASA adaptive security appliance VPN subsystem Deploy Cisco ASA adaptive security appliance IPsec VPN solutions

Deploy Cisco ASA adaptive security appliance Cisco AnyConnect remote access VPN solutions Deploy Cisco ASA adaptive security appliance clientless remote access VPN solutions

(2)

Course Outline

Module 1: The Cisco ASA Adaptive Security Appliance VPN Architecture and Common Components

Describe the general properties of the Cisco ASA adaptive security appliance VPN subsystem

Lesson 1: Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture

Lesson objective: Choose the most appropriate Cisco ASA VPN topologies and licensing options The lesson includes these topics or topic (enabling) objectives:

Identify the various VPN topologies and identify the correct topology to use for a given scenario Identify the Cisco ASA security appliance IPv6 VPN capabilities

Identify the components of the Cisco AnyConnect Secure Mobility Client 3.0

Identify the available VPN licensing options and choose the appropriate licensing option for your network

Lesson 2: Evaluating the Cisco ASA Adaptive Security Appliance Software Architecture

Lesson objective: Evaluate core Cisco ASA security appliance networking functions as they relate to its VPN functionality The lesson includes these topics or topic (enabling) objectives:

Describe the principles of the Cisco ASA security appliance access control model Evaluate Cisco ASA security appliance VPN-related routing features

Evaluate Cisco ASA security appliance VPN-related NAT features Evaluate Cisco ASA security appliance VPN-related AAA features

The lesson includes this activity: Case Study 1-1: Implementing a Security High-Level Design

Lesson 3: Implementing Profiles, Group Policies, and User Policies

Lesson objective: Implement core Cisco ASA security appliance policy configurations that are common to all VPN configurations The lesson includes these topics or topic (enabling) objectives:

Describe the components of Cisco ASA security appliance VPN policy configuration Configure Cisco ASA security appliance connection profiles

Configure Cisco ASA security appliance group policies Configure Cisco ASA security appliance user attributes

Describe AAA functions that are available in remote-access VPNs Identify access control methods for VPN Users

Implement VPN accounting to external RADIUS and TACACS+ servers Identify Cisco Secure Desktop and DAP features

Lesson 4: Implementing PKI Services

Lesson objective: Implement PKI services for IP Security (IPsec) and Secure Sockets Layer (SSL) VPN configurations The lesson includes these topics or topic (enabling) objectives:

Evaluate PKI services for IPsec and SSL VPN configurations

Evaluate different methods of deploying server-side certificates on the Cisco ASA security appliance

Configure and verify the local CA on the Cisco ASA security appliance and the Cisco AnyConnect client with client certificates that are provisioned by a Cisco ASA security appliance

Choose the appropriate CA server for your design

Describe methods to deploy a client certificate to use with Cisco VPN deployments

Configure and verify certificate-to-connection-profile mapping on the Cisco ASA security appliance Describe SCEP proxy operations

Module 2: Cisco ASA Adaptive Security Appliance Clientless Remote Access SSL VPN Solutions

Implement and maintain Cisco clientless remote access SSL VPNs on the Cisco ASA adaptive security appliance VPN gateway

Lesson 1: Deploying Basic Clientless VPN Solutions

Lesson objective: Configure and verify the baseline clientless SSL VPN remote access features of the Cisco ASA security appliance

The lesson includes these topics or topic (enabling) objectives:

(3)

Plan the configuration of a clientless SSL VPN solution

Configure and verify basic Cisco ASA security appliance gateway features and gateway authentication for a clientless SSL VPN

Configure and verify password-based local user authentication in a clientless SSL VPN Configure and verify basic access control in a clientless SSL VPN

Tune and verify the gateway content rewriting features

Troubleshoot VPN session establishment between a browser client and a Cisco ASA security appliance gateway The lesson includes this activity: Lab 2-1: Configuring Basic Clientless VPN Access on the Cisco ASA Adaptive Security Appliance

Lesson 2: Deploying Advanced Application Access for Clientless SSL VPNs

Lesson objective: Deploy and manage advanced clientless VPN application access features of a clientless Cisco SSL VPN The lesson includes these topics or topic (enabling) objectives:

Plan the deployment of clientless SSL VPN application access features Configure and verify application plug-ins

Configure and verify smart tunnels in clientless SSL VPNs

Troubleshoot advanced application access in clientless SSL VPNs

The lesson includes this activity: Lab 2-2: Configuring Advanced Application Access for Clientless SSL VPNs

Lesson 3: Deploying Advanced Authentication and SSO for Clientless SSL VPNs

Lesson objective: Deploy and manage advanced authentication features of a clientless Cisco SSL VPN The lesson includes these topics or topic (enabling) objectives:

Design clientless SSL VPN authentication

Deploy client-side certificate-based authentication Configure and verify multiple client authentications

Troubleshoot the integration of a clientless SSL VPN with PKI Configure and verify clientless VPN SSO methods

Troubleshoot clientless VPN SSO methods

Lesson 4: Customizing the Clientless SSL VPN User Interface and Portal

Lesson objective: Deploy portal customizations

The lesson includes these topics or topic (enabling) objectives:

Configure and verify basic customization of the VPN portal navigation pages Configure and verify full portal HTML customization

Configure and verify portal localization Configure and verify portal help customization

Configure and verify application integration customization

The lesson includes this activity: Lab 2-3: Customizing the SSL VPN Portal on the Cisco ASA Adaptive Security Appliance

Module 3: Cisco AnyConnect Remote Access SSL Solutions

Implement and maintain Cisco AnyConnect client-based remote access SSL VPNs on the Cisco ASA security appliance VPN gateway according to policies and environmental requirements

Lesson 1: Deploying a Basic Cisco AnyConnect Full-Tunnel SSL VPN Solution

Lesson objective: Deploy and manage the basic features of Cisco AnyConnect full-tunnel SSL VPNs The lesson includes these topics or topic (enabling) objectives:

Describe the operation of full-tunnel SSL VPN technology

Plan, configure, and verify the gateway features of the Cisco ASA security appliance for a Cisco AnyConnect full-tunnel SSL VPN solution

Configure and verify password-based local user authentication and client IP address assignment for a full-tunnel SSL VPN Configure basic access control and split tunneling for a full-tunnel SSL VPN

Install, configure, and verify Cisco AnyConnect 3.0 using the predeployment method

Troubleshoot VPN session establishment between a Cisco AnyConnect client and a Cisco ASA security appliance gateway The lesson includes this activity:

Lab 3-1: Configuring Basic Cisco AnyConnect Client Full-Tunnel SSL VPNs Using Local Password Authentication

Lesson 2: Deploying an Advanced Cisco AnyConnect Full-Tunnel SSL VPN Solution

(4)

The lesson includes these topics or topic (enabling) objectives:

Describe the tasks you use to configure centrally controlled client functions in for Cisco AnyConnect clients Deploy DTLS on the Cisco ASA security appliance

Deploy and upgrade Cisco AnyConnect from a Cisco ASA gateway Configure and verify Cisco AnyConnect XML profiles

Configure and verify the Cisco AnyConnect Trusted Network Detection, scripting, and SBL feature Customize and verify the Cisco AnyConnect user interface

The lesson includes this activity:Lab 3-2: Deploying the Cisco AnyConnect Client with Centralized Management

Lesson 3: Deploying Advanced AAA in Cisco Full-Tunnel VPNs

Lesson objective: Deploy advanced authentication with public key infrastructure (PKI) integration for Cisco AnyConnect full-tunnel SSL VPNs

The lesson includes these topics or topic (enabling) objectives:

Choose a gateway and user authentication method in Cisco AnyConnect full-tunnel SSL VPNs Plan the deployment of advanced client authentication

Configure and verify the local CA on the Cisco ASA security appliance and the Cisco AnyConnect client with client certificates that are provisioned by the Cisco ASA security appliance

Configure and verify the Cisco ASA security appliance and Cisco AnyConnect client to use an external CA and provision client certificates

Configure SCEP proxy for Cisco AnyConnect

Configure and verify integration with supporting PKI entities Configure multiple client authentication

Troubleshoot advanced client authentication in full-tunnel SSL VPNs

Configure and verify local and remote group policy authorization in a Cisco full-tunnel SSL VPN Configure and verify local and remote group policy accounting in a Cisco full-tunnel SSL VPN

The lesson includes this activity: Lab 3-3: Configuring Basic Cisco AnyConnect Full-Tunnel SSL VPNs Using Local CA and SCEP Proxy

Module 4: Cisco ASA Adaptive Security Appliance Remote Access IPsec VPNs

Implement and maintain Cisco remote access IPsec VPNs on the Cisco ASA VPN gateway according to policies and environmental requirements

Lesson 1: Deploying Cisco Remote Access VPN Clients

Lesson objective: Deploy and manage the features of the Cisco remote access IPsec VPN clients The lesson includes these topics or topic (enabling) objectives:

Describe the operation of IPsec VPN technology Choose the appropriate Cisco VPN client product

Install, configure, and verify the installation of the legacy Cisco IPsec VPN client Configure and verify the legacy Cisco IPsec VPN client profiles

Configure and verify advanced the legacy Cisco IPsec VPN client profile settings Install, configure, and verify the installation of Cisco AnyConnect 3.0

Configure and verify the auto-initiation feature of Cisco AnyConnect 3.0 Troubleshoot Cisco remote access VPN session establishment

The lesson includes this activity: Lab 4-1: Deploying Basic Cisco Easy VPN

Lesson 2: Deploying Basic Cisco Remote Access IPsec VPN Solutions

Lesson objective: Deploy and manage the basic features of Cisco ASA remote access IPsec VPN server The lesson includes these topics or topic (enabling) objectives:

Plan the configuration of a Cisco remote access IPsec VPN gateway

Configure and verify basic Cisco ASA gateway features and gateway authentication in a Cisco for remote access IPsec VPNs

Configure and verify Cisco remote access VPN PSK-based peer authentication Configure and verify Cisco remote access VPN extended authentication

Configure and verify Cisco remote access VPN hybrid authentication

Configure and verify Cisco remote access VPN local IP address management

Configure and verify Cisco remote access VPN basic access control and split tunneling Configure IKEv2 support for remote access IPsec VPN solutions

(5)

Module 5: Cisco ASA Adaptive Security Appliance Site-to-Site IPsec VPN Solutions

Implement and maintain site-to-site VPN solutions on the Cisco ASA security appliance VPN gateway according to policies and environmental requirements

Lesson 1: Deploying Basic Site-to-Site IPsec VPNs

Lesson objective: Deploy and manage basic site-to-site IPsec VPN features of the Cisco ASA security appliance The lesson includes these topics or topic (enabling) objectives:

Plan a Cisco ASA security appliance site-to-site VPN

Configure and verify basic peer authentication in a Cisco ASA security appliance site-to-site VPN Configure and verify transmission protection in a Cisco ASA security appliance site-to-site VPN Troubleshoot the operation of a Cisco ASA security appliance site-to-site VPN

The lesson includes this activity: Lab 5-1: Deploying a Basic Cisco ASA IPsec Site-to-Site VPN

Lesson 2: Deploying Advanced Site-to-Site IPsec VPNs

Lesson objective: Deploy and manage advanced site-to-site IPsec VPN authentication features of the Cisco ASA security appliance The lesson includes these topics or topic (enabling) objectives:

Plan a Cisco ASA security appliance site-to-site VPN using PKI- based authentication

Configure and verify PKI-based peer authentication in a Cisco ASA security appliance site-to-site VPN Troubleshoot the operation of a PKI-based Cisco ASA security appliance site-to-site VPN

Module 6: Endpoint Security and High Availability for Cisco ASA VPNs

Deploy high-availability options for various Cisco ASA adaptive security appliance VPN deployments

Lesson 1: Implementing Cisco Secure Desktop and DAP for SSL VPNs

Lesson objective: Implement Cisco Secure Desktop for both clientless and full-tunnel SSL VPNs The lesson includes these topics or topic (enabling) objectives:

Choose network admission features for Cisco AnyConnect full-tunnel SSL VPNs

Install, enable, and verify Cisco Secure Desktop on a Cisco ASA security appliance SSL VPN gateway

Configure and verify Cisco Secure Desktop prelogin criteria on a Cisco ASA security appliance SSL VPN gateway Configure and verify Cisco Secure Desktop prelogin policies on a Cisco ASA security appliance SSL VPN gateway Configure and verify basic Cisco Secure Desktop Advanced Endpoint Assessment features on a Cisco ASA security appliance SSL VPN gateway

Configure and verify DAPs that are enabled for Cisco Secure Desktop on a Cisco ASA security appliance SSL VPN gateway Troubleshoot Cisco Secure Desktop operations on a Cisco ASA security appliance SSL VPN gateway

The lesson includes this activity: Lab 6-1: Deploying Cisco Secure Desktop for Cisco VPNs

Lesson 2: Deploying High-Availability Features in Cisco ASA Adaptive Security Appliance VPNs

Lesson objective: Deploy and manage high-availability and high-performance features of the Cisco ASA adaptive security appliance The lesson includes these topics or topic (enabling) objectives:

Choose VPN high-availability and high-performance features

Configure and verify redundant peering with Cisco AnyConnect and IPsec client Deploy active/standby failover for SSL and IPsec VPNs

Implement dynamic routing to achieve IPsec site-to-site VPN high availability Describe the deployment of VPN load-balancing clusters

Provide high availability and high performance using an external SLB appliance Troubleshoot Cisco ASA security appliance failover and VPN clustering functions

The lesson includes this activity: Lab 6-2: Configuring a Load Balancing SSL VPN Cluster Labs

Lab 2-1: Configuring Basic Clientless VPN Access on the Cisco ASA Security Appliance Lab 2-2: Configuring Advanced Application Access for Clientless SSL VPNs

Lab 2-3: Customizing the SSL VPN Portal on the Cisco ASA Security Appliance

Lab 3-1: Configuring Basic Cisco AnyConnect Client Full-Tunnel SSL VPNs Using Local Password Authentication Lab 3-2: Deploying the Cisco AnyConnect Client with Centralized Management

Lab 3-3: Configuring Basic Cisco AnyConnect Full-Tunnel SSL VPNs Using Local CA and SCEP Proxy Lab 4-1: Deploying Basic Remote Access IPsec VPN with IKEv2

(6)

Lab 6-1: Deploying Cisco Secure Desktop in Cisco SSL VPNs Lab 6-2: Configuring a Load-Balancing SSL VPN Cluster Return to Top

Contact us today. Visit www.quickstart.com or

call

References

Download now ( PDF - 6 Page - 55.17 KB )

Related documents

Step by step guide to implement SMS authentication to Cisco ASA Clientless SSL VPN and Cisco VPN

This is a complete installation guide for securing the authentication to your Cisco ASA 5500 Clientless SSL VPN and Cisco VPN Client   Solutions with the Nordic Edge One Time

Library Research Skills Teaching Staff ( ) The Library

The aim of this session is to develop knowledge and understanding of data scholarship and the related Library Research Skills Teaching.

Brute-Force Cryptanalysis with Aging Hardware: Controlling Half the Output of SHA-256

Abstract. This paper describes a “three-way collision” on SHA-256 trun- cated to 128 bits. More precisely, it gives three random-looking bit strings whose hashes by SHA-256 maintain

Deloitte. GASA GROUP Holding A/S. Annual report Logistikvej Odense SV Central Business Registration No

We have audited the consolidated financial statements and the parent financial statements of GASA GROUP Holding A/S for the financial year 01.01.2019 - 31.12.2019, which comprise

Demography, paleopathology, and health status of the Moche remains in Huambacho, Peru: a comprehensive osteological analysis

2004 The Manipulation of Human Remains in Moche Society: Delayed Burials, Grave Reopening, and Secondary Offerings of Human Bones on the Peruvian North Coast. 1992 Determination

Cisco IPsec and SSL VPN Solutions Portfolio

The extensive portfolio of Cisco ® VPN solutions includes Cisco ASA 5500 Series Adaptive Security Appliances, Cisco Integrated Services Routers, Cisco ASR 1000 Series

Cisco ASA 5500 Series Adaptive Security Appliances

Cisco ASA 5510 Security Plus Firewall Edition includes 2 Gigabit Ethernet + 3 Fast Ethernet interfaces, 250 IPsec VPN peers, 2 SSL VPN peers, Active/Standby high availability,

Cisco ASA 5500 Series Adaptive Security Appliances

Cisco ASA 5540 Firewall Edition includes 4 Gigabit Ethernet interfaces + 1 Fast Ethernet interface, 5000 IPsec VPN peers, 2 SSL VPN peers, 3DES/AES