Overview/Description
Configuring policies and network settings for many VPN users requires a scalable and flexible configuration mechanism. This course discusses how to configure connection profiles and group policies, which are the cornerstone for configuring either Secure Sockets Layer (SSL) VPNs or IP Security (IPsec) remote access policies on the Cisco ASA Adaptive Security Appliance. Public key infrastructure (PKI) services provide a scaleable and trusted method of authentication. All types of VPNs can use PKI to perform mutual authentications, server-side authentications, and client authentications. In this course, several methods for deploying PKI services on the Cisco ASA Adaptive Security Appliance are explained.
Target Audience
Anyone wishing to obtain the Cisco Certified Network Professional CCNP Security designation. Cisco Network Security Engineers responsible for the selection, configuration, and the troubleshooting of the majority of Cisco ASA Adaptive Security Appliance perimeter security features to reduce risk to IT infrastructure and its applications within their networking environments.
Established IT professionals with a good understanding of networking and Cisco technology, installation, troubleshooting and monitoring of devices used to maintain integrity, confidentiality and availability of data and network devices that Cisco uses in its security infrastructure, as well as working knowledge of the Microsoft Windows operating system.
Candidates who have completed the Cisco Certified Network Associate (CCNA), the Cisco Certified Network Associate Security (CCNA Security), the Securing Networks with Cisco Routers and Switches (SECURE) v1.0, and the Deploying Cisco ASA Firewall Solutions (FIREWALL 2.0) Certifications.
sequence priorities in the Cisco ASA Security Appliance's policy inheritance model
describe how connection profiles work
describe how to configure connection profiles
identify the characteristics of Cisco ASA Security Appliance group policies
configure a connection profile and a group policy for a given scenario
describe how Cisco ASA VPN AAA, access control, and accounting can be configured
identify the features of Cisco Secure Desktop
identify the components of dynamic access policies on the Cisco ASA Security Appliance
recognize how to use PKI to support a scalable VPN deployment
differentiate between methods for determining certificate revocation
identify the steps configure the basic Cisco ASA Security Appliance SSL VPN gateway features to use a PKI-provisioned identity certificate of the appliance
generate RSA keys and enroll the Cisco ASA into an existing PKI
sequence the steps to configure certificate-based client authentication by using the local CA of the Cisco ASA Security Appliance
identify the steps to configure a certificate-to-connection profile mapping on the Cisco ASA Security Appliance
describe SCEP proxy operations
configure the Cisco ASA as a local CA server
create a certificate user account on the Cisco ASA
enable certificate-based authentication for remote-access SSL VPN clients
configure and define connection profile map critera