Cisco SECURE 1.0: Deploying Scalable Authentication in Site-to-Site IPSec VPNs


Overview/Description
Target Audience
Expected Duration
Lesson Objectives
Course Number



Overview/Description
You can configure IP Security (IPSec) virtual private networks (VPNs) with various types of authentication, which often limit its scalability with regard to performance and configuration manageability. A simple method, such as using pre-shared keys (PSKs), requires you to share a secret between each pair of VPN peers. A more scalable authentication method incorporates the public key infrastructure (PKI) for authentication purposes. This course discusses the process of configuring an IPSec site-to-site VPN using PKI-facilitated peer authentication.

Target Audience
Network professionals responsible for securing and managing their network infrastructures who have CCNA certification, CCNA Security certification (IINS) and a working knowledge of Microsoft Windows operating systems

Expected Duration (hours)
2.5

Lesson Objectives

Cisco SECURE 1.0: Deploying Scalable Authentication in Site-to-Site IPSec VPNs

  • recognize how trusted introducer facilitates the secure exchange of public keys
  • describe how certificate authorities work
  • identify features of the X.509 standard for PKI data formats
  • recognize how to plan a PKI-enabled VPN
  • identify the features of Cisco IOS Software Certificate Server
  • configure Certificate Server prerequisites and database location
  • complete the Certificate Server configuration
  • recognize how to troubleshoot a basic Cisco IOS Software Certificate Server
  • configure a Cisco IOS Software PKI client
  • configure a router as a certificate server
  • enroll two VPN peers into a PKI
  • recognize how to troubleshoot a Cisco IOS Software VPN router in a PKI enrollment process
  • configure the integration of a Cisco IOS Software VPN router with supporting PKI entities
  • configure IKE using peer canonical name verification
  • recognize how to troubleshoot PKI-enabled IKE authentication
  • configure advanced PKI integration
  • Course Number:
    cc_cure_a12_it_enus