Академический Документы
Профессиональный Документы
Культура Документы
Describe the general properties of the Cisco ASA security appliance VPN subsystem
Implement and maintain Cisco clientless remote access Secure Sockets Layer (SSL) VPNs on the Cisco ASA
security appliance VPN gateway
Implement and maintain Cisco AnyConnect client-based remote access SSL VPNs on the Cisco ASA security
appliance VPN gateway, according to policies and environmental requirements
Implement and maintain Cisco remote access IP Security (IPsec) VPNs on the Cisco ASA VPN gateway,
according to policies and environmental requirements
Implement and maintain site-to-site VPN solutions on the Cisco ASA security appliance VPN gateway,
according to policies and environmental requirements
Deploy endpoint security with Cisco Secure Desktop and dynamic access policy (DAP), and deploy and
manage high-availability and high-performance features of the Cisco ASA security appliance
Prerequisites:
Course Outline:
Module 1: Cisco ASA Adaptive Security Appliance VPN Architecture and Common Components
o Lesson 1: Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture
Identify the various VPN topologies and identify the correct topology to use for a given
scenario
Identify the Cisco ASA security appliance IPv6 VPN capabilities
Identify the components of the Cisco AnyConnect Secure Mobility Client 3.0
Identify the available VPN licensing options and choose the appropriate licensing option
for your network
o Lesson 2: Evaluating the Cisco ASA Adaptive Security Appliance Software Architecture
Describe the principles of the Cisco ASA security appliance access control model
Evaluate Cisco ASA security appliance VPN-related routing features
Evaluate Cisco ASA security appliance VPN-related NAT features
Evaluate Cisco ASA security appliance VPN-related AAA features
o Lesson 3: Implementing Profiles, Group Policies, and User Policies
Describe the components of Cisco ASA security appliance VPN policy configuration
Configure Cisco ASA security appliance connection profiles
Configure Cisco ASA security appliance group policies
Describe AAA functions that are available in remote access VPNs
Configure Cisco ASA security appliance user attributes
Identify access control methods for VPN users
Implement VPN accounting to external RADIUS and TACACS+ servers
Identify Cisco Secure Desktop and DAP features
o Lesson 4: Implementing PKI Services
Evaluate PKI services for IPsec and SSL VPN configurations
Evaluate methods of deploying server-side certificates on the Cisco ASA security
appliance
Choose the appropriate CA server for your design
Describe methods for deploying a client certificate to use with Cisco VPN deployments
Configure and verify the local CA on the Cisco ASA security appliance and the Cisco
AnyConnect client using client certificates that are provisioned by a Cisco ASA security
appliance
Configure and verify certificate-to-connection-profile mapping on the Cisco ASA security
appliance
Describe SCEP proxy operations
Module 2: Cisco ASA Adaptive Security Appliance Clientless Remote Access SSL VPN Solutions
o Lesson 1: Deploying Basic Clientless VPN Solutions
Describe the building blocks of, and use cases for, the Cisco ASA clientless SSL VPN
solution
Plan the configuration of a clientless SSL VPN solution
Configure and verify basic Cisco ASA security appliance gateway features and gateway
authentication for a clientless SSL VPN
Configure and verify password-based local user authentication in a clientless SSL VPN
Configure and verify basic access control in a clientless SSL VPN
Tune and verify the gateway content-rewriting features
Troubleshoot VPN session establishment between a browser client and a Cisco ASA
security appliance gateway
o Lesson 2: Deploying Advanced Application Access for Clientless SSL VPNs
Plan the deployment of clientless SSL VPN application-access features
Configure and verify application plug-ins
Configure and verify smart tunnels in clientless SSL VPNs
Troubleshoot advanced application access in clientless SSL VPNs
o Lesson 3: Deploying Advanced Authentication and SSO for Clientless SSL VPNs
Design clientless SSL VPN authentication
Deploy client-side certificate-based authentication
Configure and verify local and remote group policy authorization in a Cisco full-tunnel
SSL VPN
Configure and verify local and remote group policy accounting in a Cisco full-tunnel SSL
VPN
Module 4: Cisco ASA Adaptive Security Appliance Remote Access IPsec VPNs
o Lesson 1: Deploying Cisco Remote Access VPN Clients
Describe the operation of IPsec VPN technology
Choose the appropriate Cisco VPN Client product
Install, configure, and verify the installation of the legacy Cisco IPsec VPN Client
Configure and verify the legacy Cisco IPsec VPN Client profiles
Configure and verify advanced the legacy Cisco IPsec VPN Client profile settings
Install, configure, and verify the installation of Cisco AnyConnect 3.0
Configure and verify the auto-initiation feature of Cisco AnyConnect 3.0
Troubleshoot Cisco remote access VPN session establishment
Lesson 2: Deploying Basic Cisco Remote Access IPsec VPN Solutions
Plan the configuration of a Cisco remote access IPsec VPN gateway
Configure and verify basic Cisco ASA gateway features and gateway authentication in a
Cisco for remote access IPsec VPNs
Configure and verify Cisco remote access VPN PSK-based peer authentication
Configure and verify Cisco remote access VPN extended authentication
Configure and verify Cisco remote access VPN hybrid authentication
Configure and verify Cisco remote access VPN local IP address management
Configure and verify Cisco remote access VPN basic access control and split tunneling
Configure IKEv2 support for remote access IPsec VPN solutions
Troubleshoot Cisco remote access VPN session establishment between a Cisco VPN
client and a Cisco ASA gateway
Module 5: Cisco ASA Adaptive Security Appliance Site-to-Site IPsec VPN Solutions
o Lesson 1: Deploying Basic Site-to-Site IPsec VPNs
Plan a Cisco ASA security appliance site-to-site VPN
Configure and verify basic peer authentication in a Cisco ASA security appliance site-tosite VPN
Configure and verify transmission protection in a Cisco ASA security appliance site-tosite VPN
Troubleshoot the operation of a Cisco ASA security appliance site-to-site VPN
o Lesson 2: Deploying Advanced Site-to-Site IPsec VPNs
Plan a Cisco ASA security appliance site-to-site VPN using PKI- based authentication
Configure and verify PKI-based peer authentication in a Cisco ASA security appliance
site-to-site VPN
Troubleshoot the operation of a PKI-based Cisco ASA security appliance site-to-site VPN
Module 6: Endpoint Security and High Availability for Cisco ASA VPNs
o Lesson 1: Implementing Cisco Secure Desktop and DAP for SSL VPNs
Choose network admission features for Cisco AnyConnect full-tunnel SSL VPNs
Install, enable, and verify Cisco Secure Desktop on a Cisco ASA security appliance SSL
VPN gateway
Labs:
Configure and verify Cisco Secure Desktop prelogin criteria on a Cisco ASA security
appliance SSL VPN gateway
Configure and verify Cisco Secure Desktop prelogin policies on a Cisco ASA security
appliance SSL VPN gateway
Configure and verify basic Cisco Secure Desktop Advanced Endpoint Assessment
features on a Cisco ASA security appliance SSL VPN gateway
Configure and verify DAPs that are enabled for Cisco Secure Desktop on a Cisco ASA
security appliance SSL VPN gateway
Troubleshoot Cisco Secure Desktop operations on a Cisco ASA security appliance SSL
VPN gateway
Lesson 2: Deploying High-Availability Features in Cisco ASA Adaptive Security Appliance VPNs
Choose VPN high-availability and high-performance features
Configure and verify redundant peering with Cisco AnyConnect and IPsec client
Deploy active/standby failover for SSL and IPsec VPNs
Implement dynamic routing to achieve IPsec site-to-site VPN high availability
Describe the deployment of VPN load-balancing clusters
Provide high availability and high performance using an external SLB appliance
Troubleshoot Cisco ASA security appliance failover and VPN clustering functions
Lab 2-1: Configuring Basic Clientless VPN Access on the Cisco ASA Security Appliance
Lab 2-2: Configuring Advanced Application Access for Clientless SSL VPNs
Lab 2-3: Customizing the SSL VPN Portal on the Cisco ASA Security Appliance
Lab 3-1: Configuring Basic Cisco AnyConnect Client Full-Tunnel SSL VPNs Using Local Password
Authentication
Lab 3-2: Deploying the Cisco AnyConnect Client with Centralized Management
Lab 3-3: Configuring Basic Cisco AnyConnect Full-Tunnel SSL VPNs Using Local CA and SCEP Proxy
Lab 4-1: Deploying Basic Remote Access IPsec VPN with IKEv2
Lab 5-1: Deploying a Basic Cisco ASA Security Appliance IPsec IKEv1 Site-to-Site VPN
Lab 6-1: Deploying Cisco Secure Desktop in Cisco SSL VPNs
Lab 6-2: Configuring a Load-Balancing SSL VPN Cluster