VPN 1.0 - Deploying Cisco ASA VPN Solutions VPN 1.0

The Deploying Cisco ASA VPN Solutions (VPN) 1.0 course is an instructor-led course that is presented by Cisco Learning Partners to their end-user customers. This five-day course aims at choosing, configuring, and troubleshooting the majority of Cisco ASA adaptive security appliance remote access and site-to-site VPN features to reduce risk to IT infrastructure and its applications.

Upon completing this course, the student will be able to meet these overall objectives:

• Evaluate the Cisco ASA adaptive security appliance VPN subsystem
• Deploy Cisco ASA adaptive security appliance IPsec VPN solutions
• Deploy Cisco ASA adaptive security appliance Cisco AnyConnect remote access VPN solutions
• Deploy Cisco ASA adaptive security appliance clientless remote access VPN solutions
• Deploy advanced Cisco ASA adaptive security appliance VPN solutions

The primary audience for this course is as follows:

• Network security engineers

Module 1: Evaluation of the Cisco ASA Adaptive Security Appliance VPN Subsystem

• Lesson 1: Evaluating the Cisco ASA Adaptive Security Appliance Software Architecture
  • Cisco ASA Adaptive Security Appliance Access Control Model Refresher
  • Cisco ASA Adaptive Security Appliance Packet Routing Refresher
  • Cisco ASA Adaptive Security Appliance NAT Refresher
  • Cisco ASA Adaptive Security Appliance AAA Refresher
• Lesson 2: Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture
  • PKI Technology
  • Comparison of Cisco ASA Adaptive Security Appliance VPN Technologies
  • VPN Termination on Cisco ASA Adaptive Security Appliance Network Interfaces
  • Packet Flow in Cisco ASA Adaptive Security Appliance VPN Functions
  • Cisco ASA Adaptive Security Appliance VPN Access Control Model
  • Cisco ASA Adaptive Security Appliance VPN Licensing
• Lesson 3: Applying Common Cisco ASA Adaptive Security Appliance Remote Access VPN Configuration Concepts
  • Cisco ASA Adaptive Security Appliance VPN Policy Configuration
  • Connection Profiles
  • Group Policies
  • External Policy Storage

Module 2: Deployment of Cisco ASA Adaptive Security Appliance IPsec VPN Solutions

• Lesson 1: Deploying Basic Site-to-Site IPsec VPNs
  • Configuration Choices, Basic Procedures, and Required Input Parameters
  • Configuring Basic Peer Authentication
  • Configuring Transmission Protection
  • Troubleshooting a Cisco ASA Adaptive Security Appliance Site-to-Site VPN
• Lesson 2: Deploying Certificate Authentication in Site-to-Site IPsec VPNs
  • Configuration Choices, Basic Procedures, and Required Input Parameters
  • Deploying Certificate-Based Authentication
  • Configuring PKI-Based Peer Authentication
• Lesson 3: Deploying the Cisco VPN Client
  • Evaluating Cisco VPN Client Features
  • Installing Cisco VPN Client Software
  • Configuring Cisco VPN Client Profiles
  • Configuring Advanced Profile Settings
• Lesson 4: Deploying Basic Cisco Easy VPN Solutions
  • Configuration Choices, Basic Procedures, and Required Input Parameters
  • Configuring Basic Cisco ASA Adaptive Security Appliance Cisco Easy VPN Server Features
  • Configuring Group PSK Authentication
  • Configuring Extended User Authentication
  • Configuring Client Network Settings
  • Configuring Basic Access Control and Split Tunneling
  • Configuring the Cisco VPN Client
  • Troubleshooting Basic Cisco Easy VPN Operation
• Lesson 5: Deploying Advanced Authentication in Cisco Easy VPN Solutions
  • Configuration Choices, Basic Procedures, and Required Input Parameters
  • Deploying Cisco VPN Client Certificate Authentication
  • Configuring Hybrid Authentication
  • Deploying Advanced PKI Integration
  • Troubleshooting PKI Integration
• Lesson 6: Deploying the Cisco ASA 5505 Adaptive Security Appliance as Cisco Easy VPN Remote
  • Choosing Cisco Easy VPN Remote Modes
  • Deploying a Basic Cisco Easy VPN Remote Profile
  • Configuring Advanced Cisco Easy VPN Remote Features
  • Troubleshooting the Cisco Easy VPN Remote

Module 3: Deployment of Cisco ASA Adaptive Security Appliance Cisco AnyConnect Remote Access VPN Solutions

• Lesson 1: Deploying a Basic Cisco AnyConnect Full Tunnel SSL VPN Solution
  • Configuration Choices, Basic Procedures, and Required Input Parameters
  • Configuring Basic Cisco ASA Adaptive Security Appliance SSL VPN Gateway Features
  • Configuring Local Password-Based User Authentication
  • Configuring Client IP Address Management, Basic Access Control, and Split Tunneling
  • Installing and Configuring the Cisco AnyConnect Client
  • Troubleshooting Basic Full Tunnel SSL VPN Operation
• Lesson 2: Deploying Advanced Cisco AnyConnect VPN Client
  • Configuration Choices, Basic Procedures, and Required Input Parameters
  • Deploying DTLS
  • Managing Cisco AnyConnect Software
  • Configuring Cisco AnyConnect Client Profiles
  • Deploying Advanced Cisco AnyConnect Operating System Integration Options
  • Customizing the Cisco AnyConnect User Interface
• Lesson 3: Deploying Advanced Authentication in Cisco AnyConnect Full Tunnel SSL VPNs
  • Configuration Choices, Basic Procedures, and Required Input Parameters
  • Deploying External AAA Authentication
  • Deploying Certificate-Based Client Authentication Using the Cisco ASA Adaptive Security Appliance Local CA
  • Deploying Advanced PKI Integration
  • Deploying Multiple Client Authentication

Module 4: Deployment of Cisco ASA Adaptive Security Appliance Clientless Remote Access VPN Solutions

• Lesson 1: Deploying a Basic Clientless VPN Solution
  • Configuration Choices, Basic Procedure, and Required Input Parameters
  • Configuring Basic Cisco ASA Adaptive Security Appliance SSL VPN Gateway Features
  • Configuring Local Password-Based User Authentication
  • Configuring Basic Portal Features and Access Control
  • Troubleshooting Clientless SSL VPNs
• Lesson 2: Deploying Advanced Application Access for Clientless SSL VPN
  • Configuring Smart Tunnels
  • Configuring Port Forwarding
  • Troubleshooting Advanced Application Access
• Lesson 3: Deploying Advanced Authentication and SSO in a Clientless SSL VPN
  • Configuration Choices, Basic Procedures, and Required Input Parameters
  • Deploying Client Certificate-Based Authentication
  • Deploying Advanced Gateway PKI Integration, External Certificate Authorization, and Double Authentication
  • Troubleshooting PKI Integration
  • Deploying Clientless SSL VPN SSO
• Lesson 4: Customizing the Clientless SSL VPN User Interface and Portal
  • Deploying Basic Navigation Customization
  • Deploying Full Portal Customization
  • Deploying Portal Localization
  • Deploying Portal Help Customization
  • Cisco AnyConnect Portal Integration

Module 5: Deployment of Advanced Cisco ASA Adaptive Security Appliance VPN Solutions

• Lesson 1: Deploying VPN Authorization, Access Control, and Accounting
  • Configuration Choices, Basic Procedures, and Required Input Parameters
  • Deploying Local Authorization
  • Deploying External Authorization
  • Configuring Session Accounting
  • Troubleshooting Authorization and Accounting of a Clientless SSL VPN
• Lesson 2: Deploying Cisco Secure Desktop in SSL VPNs
  • Configuration Choices, Basic Procedures, and Required Input Parameters
  • Installing, Enabling, and Customizing Cisco Secure Desktop
  • Configuring Prelogin Criteria
  • Configuring Prelogin Policies
  • Configuring Advanced Endpoint Assessment
  • Troubleshooting Cisco Secure Desktop Operation for Clientless Connections
• Lesson 3: Deploying Dynamic Access Policies
  • Configuration Choices, Basic Procedures, and Required Input Parameters
  • Configuring DAP
  • Aggregating DAP Records
  • Integrating Cisco Secure Desktop with DAP
  • Using LUA Expressions in Dynamic Access Policies
  • Troubleshoot DAP
• Lesson 4: Deploying High Availability and High Performance in SSL and IPsec VPNs
  • Configuration Choices, Basic Procedures, and Required Input Parameters
  • Deploying Redundant Peering
  • Deploying Cisco ASA Adaptive Security Appliance Active/Standby Failover
  • Deploying Dynamic-Routing-Based VPN Failover
  • Deploying Cisco ASA Adaptive Security Appliance VPN Clustering
  • Deploying High Availability and High Performance Using Network Server Load Balancing
  • Deploying VPN QoS
  • Troubleshooting Cisco ASA Adaptive Security Appliance VPN Failover and Clustering

• Lab 2-1: Deploying a Basic Cisco ASA Adaptive Security Appliance IPsec Site-to-Site VPN
• Lab 2-2: Deploying a Certificate-Based Cisco ASA Adaptive Security Appliance IPsec Site-to-Site VPN
• Lab 2-3: Deploying Basic Cisco Easy VPN
• Lab 2-4: Deploying Advanced Cisco Easy VPN Server with Certificate-Based Authentication
• Lab 2-5: Deploying the Cisco ASA 5505 Adaptive Security Appliance as a Cisco Easy VPN Remote
• Lab 3-1: Configuring a Basic Cisco AnyConnect Full Tunnel SSL VPN Using Local Password Authentication
• Lab 3-2: Deploying the Cisco AnyConnect Client with Centralized Management
• Lab 3-3: Configuring a Basic Cisco AnyConnect Full Tunnel SSL VPN Using the Local CA
• Lab 4-1: Configuring Basic Clientless VPN Access on the Cisco ASA Adaptive Security Appliance
• Lab 4-2: Configuring Advanced Application Access in Clientless SSL VPNs
• Lab 4-3: Customizing the SSL VPN Portal on the Cisco ASA Adaptive Security Appliance
• Lab 5-1: Deploying SSL VPN Access Policies and Authorization Parameters
• Lab 5-2: Deploying Cisco Secure Desktop and DAP in SSL VPNs
• Lab 5-3: Configuring a Load-Balancing SSL VPN Cluster

The knowledge and skills that a learner must have before attending this course are as follows:

• Cisco CCNA® certification:
  • Interconnecting Cisco Network Devices Part 1 (ICND1)
  • Interconnecting Cisco Network Devices Part 2 (ICND2)
• Cisco CCNA Security certification:
  • Implementing Cisco IOS Network Security (IINS)
• Familiarity with networking and security terms and concepts:
  • Securing Networks with Cisco Routers and Switches (SECURE)
• Working knowledge of the Microsoft Windows operating system