1­-855­-778­-7246
> > > SIMOS

Implementing Cisco Secure Mobility Solutions (SIMOS)

 

Now available in e-learning for a fraction of the ILT (Instructor Led Training) cost!

Cisco has revolutionized e-learning You will now receive the exact same content and labs in a self-paced format complete with HD video, searchable transcripts, full Student Guide textbook, hands-on labs (just like the ILT labs) and graded assessments. It is the utmost, interactive and state-of-the-art authorized Cisco e-learning available.

To start learning, click here to view this course.

Course Content

Implementing Cisco Secure Mobility Solutions (SIMOS) v1.0 is a newly created five-day instructor-led training (vILT) course that is part of the curriculum path leading to the Cisco Certified Network Professional Security (CCNP Security) certification. This course is designed to prepare network security engineers with the knowledge and skills they need to protect data traversing a public or shared infrastructure such as the Internet by implementing and maintaining Cisco VPN solutions. You will gain hands-on experience with configuring and troubleshooting remote access and site-to-site VPN solutions, using Cisco ASA adaptive security appliances and Cisco IOS routers.

Who should attend

The primary audience for this course is as follows:

  • Network Security Engineers

Certifications

This course is part of the following Certifications:

Prerequisites

This section lists the skills and knowledge that you must possess to benefit fully from the course. This section includes recommended Cisco learning offerings that you may complete to benefit fully from this course, including the following:
  • Cisco Certified Network Associate (CCNA) certification
  • Cisco Certified Network Associate (CCNA) Security certification [*Knowledge of Microsoft Windows operating system

Course Objectives

Upon completing this course, the you will be able to meet these overall objectives:
  • Describe the various VPN technologies and deployments as well as the cryptographic algorithms and protocols that provide VPN security.
  • Implement and maintain Cisco site-to-site VPN solutions.
  • Implement and maintain Cisco FlexVPN in point-to-point, hub-and-spoke, and spoke-to-spoke IPsec VPNs.
  • Implement and maintain Cisco clientless SSL VPNs.
  • Implement and maintain Cisco AnyConnect SSL and IPsec VPNs.
  • Implement and maintain endpoint security and dynamic access policies (DAP)

Follow On Courses

Outline: Implementing Cisco Secure Mobility Solutions (SIMOS)

Module 1: The Role of VPNs in Network Security
  • VPN Definition
  • Key Threats to WANs and Remote Access
  • Cisco Modular Network Architecture and VPNs
  • VPN Types
  • VPN Components
  • Secure Communication and Cryptographic Services
  • Cryptographic Algorithms
  • Cryptography and Confidentiality
  • Cryptography and Integrity
  • Cryptography and Authentication
  • Cryptography and Nonrepudiation
  • Keys in Cryptography
  • Public Key Infrastructure
  • Next-Generation Encryption
  • Dependencies in Cryptographic Services
  • Cryptographic Controls Guidelines

Module 2: Deploying Secure Site-to-Site Connectivity Solutions
  • Site-to-Site VPN Topologies
  • Site-to-Site VPN Technologies
  • IPsec VPN Overview
  • Internet Key Exchange v1 and v2
  • Encapsulating Security Payload
  • IPsec Virtual Tunnel Interface
  • Dynamic Multipoint VPN
  • Cisco IOS FlexVPN
  • Overview of Point-to-Point IPsec VPNs on the Cisco ASA
  • Configuration Tasks for Basic Point-to-Point Tunnels on the Cisco ASA
  • Enable IKE on an Interface
  • Configure IKE Policy
  • Configure PSKs
  • Choose Transform Set and VPN Peer
  • Choose Traffic for VPN
  • Configuring Site-to-Site VPN with Connection Profiles Menu
  • Verify and Troubleshoot Basic Point-to-Point Tunnels on the Cisco ASA
  • Lab 2-1 Implement Site to Site Secure Connectivity on Cisco ASA
  • Overview of Cisco IOS VTIs
  • Configure Static VTI Point-to-Point Tunnels
  • Verify Static VTI Point-to-Point Tunnels
  • Configure Dynamic VTI Point-to-Point Tunnels
  • Verify Dynamic VTI Point-to-Point Tunnels
  • Lab 2-2 Objective: Implement a Cisco IOS static VTI point-to-point tunnel
  • Overview of Cisco IOS DMVPN
  • DMVPN Solution Components
  • GRE
  • NHRP
  • DMVPN Operations
  • Types of Authentication
  • Configure DMVPN on Hub
  • Configure DMVPN on Spoke
  • Configure Routing in DMVPN
  • Verify DMVPN

Module 3: Deploying Cisco IOS Site-to-Site FlexVPN Solutions
  • FlexVPN Overview
  • Public Key Infrastructure (PKI)
  • Site-to-Site VPN Topologies
  • FlexVPN Architecture
  • FlexVPN Configuration Overview
  • FlexVPN Capabilities
  • IKEv2 vs. IKEv1 Overview
  • IKEv2 Message Exchange
  • IKEv2 DoS Prevention
  • IKEv1 and IKEv2 Comparison
  • FlexVPN Use Cases
  • Point-to-Point FlexVPN
  • FlexVPN Configuration Blocks
  • IKEv2 Profile
  • Smart Defaults
  • Manipulating Default Values
  • Negotiating IKEv2 Proposals
  • Point-to-Point VPN Scenario with IPv4 Static Routes
  • Configure and Verify Point-to-Point VPN with IPv4 Static Routes
  • Point-to-Point VPN Scenario with OSPFv3
  • Configure and Verify Point-to-Point VPN with OSPFv3
  • Enroll Devices to ECDSA PKI
  • Configure Router for ECDSA
  • Configure ASA for ECDSA
  • Verify EC Key Pairs and Certificates
  • Verify IKEv2 SA
  • Verify IPsec SA
  • Verify Point-to-Point FlexVPN (just flowchart and important show/debug command output)
  • Lab 3-1: Implement Site-to-Site Secure Connectivity Using Cisco IOS FlexVPN
  • Cisco IOS FlexVPN
  • IKEv2 Configuration Payload
  • Locally Managed Hub-and-Spoke Scenario
  • Configure a Spoke in a Hub-and-Spoke Scenario
  • Configure a Hub in a Hub-and-Spoke Scenario
  • Configuration Exchange
  • Verify and Troubleshoot Hub-and-Spoke FlexVPN
  • Lab 3-2: Implement Hub-to-Spoke Secure Connectivity Using Cisco IOS Flex VPN
  • Spoke-to-Spoke Shortcut Scenario
  • NHRP in FlexVPN
  • Configure and Verify a Spoke in a Spoke-to-Spoke Shortcut Scenario
  • Configure and Verify a Hub in a Spoke-to-Spoke Shortcut Scenario
  • RADIUS-Managed FlexVPN Scenario
  • Verify Spoke-to-Spoke Shortcut Switching
  • Troubleshoot Spoke-to-Spoke Shortcut Switching (just flowchart and important show/debug command output)
  • Lab 3-3: Implement Spoke-to-Spoke Secure Connectivity Using Cisco IOS Flex VPN

Module 4: Deploying SSL VPNs
  • SSL VPN Components
  • SSL/TLS
  • Overview of group policies and connection profiles
  • Basic Cisco Clientless SSL VPN
  • Solution Components
  • Configure ASA gateway
  • Configure basic authentication
  • Configure access control (including URL entry and bookmarks)
  • Verify basic clientless SSL VPN
  • Troubleshoot basic clientless SSL VPN
  • Lab 4-1 Objective: Implement Basic Cisco Clientless SSL VPN on Cisco ASA
  • Deploying Application Access options (plug-ins, smart tunnels)
  • Configure and verify plugins
  • Configure and verify smart tunnels
  • Troubleshoot plugins and smart tunnel
  • Lab 4-2 Objective: Application Access clientless SSL
  • Advanced Authentication in Cisco Clientless SSL VPN Solution Components
  • Configure and verify Certificate based Authentication
  • Configure and Verify External Authentication
  • Troubleshoot Advanced Authentication in Clientless SSL VPN
  • Lab 4-3 Objective: Advanced AAA Clientless SSL

Module 5: Deploying Cisco AnyConnect VPNs
  • IP Address assignment
  • Split Tunneling
  • Basic Cisco AnyConnect SSL VPN
  • Solution Components
  • SSL VPN Server Authentication
  • SSL VPN Clients Authentication
  • SSL VPN Clients IP Address Assignment
  • SSL VPN Split Tunneling
  • Configure ASA for Basic AnyConnect SSL VPN
  • Configure Basic Cisco Authentication
  • Configure Access Control
  • Verify and Troubleshoot Basic Cisco AnyConnect SSL VPN
  • Lab 5-1 Objective: Implement Basic Cisco AnyConnect SSL VPN on Cisco ASA
  • DTLS Overview
  • Parallel DTLS and TLS Tunnels
  • Configure DTLS
  • Verify DTLS
  • Cisco AnyConnect Client Configuration Management
  • Cisco AnyConnect Client Operating System Integration Options
  • Cisco AnyConnect Start Before Logon
  • Cisco AnyConnect Trusted Network Detection
  • Configure, Verify, and Troubleshoot Cisco AnyConnect Start Before Logon and Cisco AnyConnect Trusted Network Detection
  • Lab 5-2: Implement Advanced Cisco AnyConnect SSL VPN on Cisco ASA
  • AnyConnect Support for IPSec/IKEv2
  • Configure a Cisco AnyConnect IPsec/IKEv2 VPNs on a Cisco ASA Adaptive Security Appliance
  • Verify and Troubleshoot Cisco AnyConnect IPsec/IKEv2 VPNs on Cisco ASA
  • Lab 5-3: Configure Cisco AnyConnect IPsec/IKEv2 VPNs on Cisco ASA
  • Cisco AnyConnect Advanced Authentication Scenarios
  • External Authentication
  • Certificate-Based Server Authentication
  • Configure and Verify Certificate-Based Client Authentication
  • SCEP Proxy Overview
  • SCEP Proxy Connection Flow
  • SCEP Proxy Configuration Procedure
  • Configure SCEP Proxy
  • Verify SCEP Proxy
  • Local Authorization Overview
  • Local Authorization Scenario
  • Local Authorization Configuration Procedure
  • Configure Local Authorization
  • External Authentication and Authorization Scenario
  • Configure External Authentication and Authorization
  • Troubleshoot Advanced Authentication and Authorization in Cisco AnyConnect VPNs
  • Accounting
  • Lab 5-3: Configure Cisco AnyConnect IPsec/IKEv2 VPNs on Cisco ASA
  • Lab 5-4: Implement Advanced Cisco AnyConnect SSL VPN on Cisco ASA

Module 6: Endpoint Security and Dynamic Access Policies
  • Cisco HostScan Overview
  • Cisco HostScan Prelogin Assessment
  • Install Cisco HostScan
  • Configure Prelogin Criteria and Prelogin Policy
  • Configure Host Scan Endpoint Assessment
  • Configure Host Scan Advanced Endpoint Assessment
  • DAP Overview
  • Integrating DAP with Host Scan
  • Configuring DAP
  • Verifying and Troubleshooting DAP
  • Lab 6-1: Configure Hostscan and DAP for AnyConect SSL VPNs

Classroom Training

Duration 5 days

Price
  • Canada: CAD 5,195
  • Cisco Learning Credits: 40 CLC
Online Training

Duration 5 days

Price
  • Canada: CAD 5,195
  • Cisco Learning Credits: 40 CLC
E-Learning Cisco Digital Learning

Duration 360 days

Price
  • Canada: CAD 1,395
  • Cisco Learning Credits: 10 CLC
Buy E-Learning
 
Click on town name to book Schedule
This is an Instructor-Led Classroom course
This computer icon in the schedule indicates that this date/time will be conducted as Instructor-Led Online Training.
This is a FLEX course, which is delivered both virtually and in the classroom.
  *   This class is delivered by a partner.
Canada

Currently there are no training dates scheduled for this course.  For enquiries please write to info@fastlaneca.com.

United States
Sep 9-13, 2019 Online Training 09:00 US/Central * Enroll
Dec 2-6, 2019 Online Training 09:00 US/Central * Enroll
Europe
Germany
Jul 29-Aug 2, 2019 Berlin Enroll
Aug 19-23, 2019 Düsseldorf Enroll
Sep 2-6, 2019 Stuttgart Enroll
Sep 23-27, 2019 Münster Enroll
Oct 14-18, 2019 Hamburg Enroll
Nov 4-8, 2019 Frankfurt Enroll
Nov 18-22, 2019 Munich Enroll
Nov 25-29, 2019 Berlin Enroll
Dec 9-13, 2019 Düsseldorf Enroll
Jan 6-10, 2020 Düsseldorf Enroll
Austria
Sep 9-13, 2019 Vienna (iTLS) Enroll
Dec 9-13, 2019 Vienna (iTLS) Enroll
Mar 23-27, 2020 Vienna (iTLS) Enroll
Aug 17-21, 2020 Vienna (iTLS) Enroll
Belgium
Sep 30-Oct 4, 2019 Brussels Course language: English Enroll
Czech Republic
Dec 9-13, 2019 This is a FLEX event Prague Course language: English Enroll
Online Training Time zone: Europe/Prague Enroll
France
Sep 30-Oct 4, 2019 Paris Enroll
Feb 10-14, 2020 Paris Enroll
Jun 15-19, 2020 Paris Enroll
Italy
Sep 23-27, 2019 Milan Enroll
Nov 18-22, 2019 Rome Enroll
Netherlands
Nov 25-29, 2019 Utrecht Course language: English Enroll
Portugal
Aug 5-9, 2019 Lisbon Enroll
Nov 4-8, 2019 Lisbon Enroll
Slovenia
Oct 14-18, 2019 This is a FLEX event Ljubljana Course language: English Enroll
Online Training Time zone: Europe/Ljubljana Enroll
Spain
Jul 29-Aug 2, 2019 Madrid Enroll
Oct 21-25, 2019 Madrid Enroll
Switzerland
Sep 2-6, 2019 Zurich Enroll
Nov 18-22, 2019 Zurich Enroll
Jun 2-6, 2020 Zurich 4 days Enroll
Oct 26-30, 2020 Zurich Enroll
United Kingdom
Nov 11-15, 2019 This is a FLEX event London (Int Hse) Enroll
Online Training Time zone: Europe/London Enroll
Latin America
Argentina
Dec 2-6, 2019 Online Training Time zone: America/Buenos_Aires Enroll
Brazil
Oct 21-25, 2019 Online Training Time zone: America/Sao_Paulo Enroll
Mexico
Nov 25-29, 2019 Online Training Time zone: America/Mexico_City Enroll
Middle East
Qatar
Jul 28-Aug 1, 2019 Doha Course language: English Enroll
United Arab Emirates
Jul 28-Aug 1, 2019 Dubai Course language: English This course is being delivered by iTLS. Enroll
Oct 27-31, 2019 Dubai Course language: English This course is being delivered by iTLS. Enroll
Africa
Egypt
Jul 28-Aug 1, 2019 Cairo Course language: English Enroll
Oct 27-31, 2019 Cairo Course language: English Enroll