Overview/Description
When deploying VPNs, it is important to use strong authentication options. This course describes several advanced authentication options that you can use when implementing Cisco AnyConnect full-tunnel Secure Sockets Layer (SSL) VPNs on the Cisco ASA adaptive Security Appliance. These authentication options offer more adequate security and scalability, compared to basic local authentication. Advanced password-based authentication using external authentication, authorization, and accounting (AAA) servers, certificate-based authentication using the local certificate authority (CA) of the Security Appliance, and options that are available to verify user certificates for revocation are also covered.
Target Audience
Anyone wishing to obtain the Cisco Certified Network Professional CCNP Security designation. Cisco Network Security Engineers responsible for the selection, configuration, and the troubleshooting of the majority of Cisco ASA adaptive Security Appliance perimeter security features to reduce risk to IT infrastructure and its applications within their networking environments.
Established IT professionals with a good understanding of networking and Cisco technology, installation, troubleshooting and monitoring of devices used to maintain integrity, confidentiality and availability of data and network devices that Cisco uses in its security infrastructure, as well as working knowledge of the Microsoft Windows operating system.
Candidates who have completed the Cisco Certified Network Associate (CCNA), the Cisco Certified Network Associate Security (CCNA Security), the Securing Networks with Cisco Routers and Switches (SECURE) v1.0, and the Deploying Cisco ASA Firewall Solutions (FIREWALL 2.0) Certifications.
Cisco VPN 2.0: Deploying Advanced AAA in Cisco Full-Tunnel VPNs
describe how to select a gateway and user authentication method in Cisco AnyConnect full-tunnel SSL VPNs
describe the considerations involved in planning the deployment of advanced client authentication
distinguish between external AAA authentication configuration tasks
describe how to configure the local CA on the Cisco ASA Security Appliance and the Cisco AnyConnect Client, with client certificates provisioned by the Cisco ASA Security Appliance
describe the considerations involved in configuring the Cisco ASA and Cisco AnyConnect Client to use an external CA and provision client certificates
sequence the steps to configure SCEP proxy for Cisco AnyConnect
describe how to implement a certificate revocation solution
identify valid combinations for deploying multiple authentication combinations
describe how to configure local group policy authorization in a Cisco full-tunnel SSL VPN
match the external VPN authorization input parameters to their descriptions
describe how to configure remote group policy authorization in a Cisco full-tunnel SSL VPN
sequence the steps to enable accounting in a connection profile