Transcript
Cisco Certifications: CCIE Security
ASVPN - Cisco Advanced SSL VPN (5761) Discover concepts of advanced SSL VPN designs using the Cisco ASA. In this exclusive course, you will explore advanced SSL VPN topics including: Customer requirements (clientless vs. client-based) Certificates, including self-signed certificates, Microsoft Certificate Services, and default certificates Connection profiles, group policies, and how they interact How to combat brute-force attempts by using mutual authentication with digital certificates and user credentials You'll push the boundaries of advanced topics by examining POST parameters on our Exchange OWA server and enabling auto sign-on. You'll examine and configure available plug-ins and contrast the concept to using smart tunnels, and you'll learn to check for registry and OS watermarks and create antivirus and firewall requirements. You'll examine the newest features of AnyConnect 3.0, including Trusted Network Detection (TND) and firewall features in the client login scripts, and you will learn to skin your AnyConnect client with custom logos and settings to offer a rich feature set to your users. You will cover Cisco Secure Desktop (CSD) topics in detail, and then you'll tie the components together by feeding the results of the policy checks into Dynamic Access Policies (DAPs) and examining the relationship between DAPs and group policies. You will take the configuration a step further by enabling Lightweight Directory Access Protocol (LDAP) authentication within a DAP. You will add a few web-type Access Control Lists (ACLs) to the mix and discover how the various components all work together. You will wrap up the week by testing your knowledge with various troubleshooting tickets to fix a broken VPN design.
What You'll Learn:
Client-based vs. clientless VPN solutions Using ASA 8.4 code for SSL VPN Basic and advanced features within the CiscAnyConnect client version 3.0, including firewall policy push, TND, login scripts, and profile editor in ASDM Relationship between tunnel groups, group and user policies, connection profiles, and dynamic access policies Kerberos Constrained Delegation (KCD) for VPN authentication Basic and advanced features of the Clientless WebVPN solution, including smart tunnels, Web ACLs, plug-ins, autsignon, bookmarks, and portal customization Features and benefits of CSD and the fundamental differences between the pre-login policies and HostScan How tuse CSD tintegrate Endpoint Assessment (EA) and Advanced Endpoint Assessment (AEA) Configure DAPs Enrolling the ASA with a third-party Certificate Authority (CA) and retrieval based on user-based certificates tprovide mutual authentication How the username credential can be automatically populated and how the connection profile can be chosen automatically using the pre-fill and certificate mapping features in the ASA Troubleshooting SSL VPNs
Who Needs to Attend: Anyone, including system engineers and network designers, administrators, engineers, and managers, seeking to learn the latest features of AnyConnect 3.0
Tegra Solutions Ltd
5761 – ASVPN - Cisco Advanced SSL VPN
Page 1 of 2
Prerequisites:
Skills and knowledge equivalent to those learned in any firewall fundamentals course, including SNAF, SNAA, FIREWALL, VPN, ASAE, or ASA Lab Camp Working knowledge of the Microsoft Windows operating system, including Microsoft Internet Explorer or Firefox Fundamental understanding of SSL and certificates
Course Duration: 3 days Follow-On Courses: There are no follow-ons for this course. Certification Programs and Certificate Tracks: This course is part of the following programs or tracks: CCIE Security
Course Outline
Labs
1. Feature Mapping and Scenario
Lab 1: Lab Environment
2. Initializing ASA and Preparing for PKI and AAA Support
Lab 2: Initializing the ASA and Preparing for PKI and AAA Support
3. Connection Profile and Group Policy Configuration 4. Enhanced Clientless WebVPN Features 5. Enhanced AnyConnect Client Features 6. CSD and Pre-Login Assessment
Lab 6: CSD Deployment and Pre-Login Assessments
8. Securing Resources with Web-Type and Networks ACLs
10. Certificate-Based Authentication 11. Advanced Troubleshooting 12. Scaling SSL VPN
Tegra Solutions Ltd
Lab 4: Enhanced Clientless WebVPN Features Lab 5: Enhanced AnyConnect Client Features
7. HostScan and DAPs
9. CSD Endpoint Assessment
Lab 3: Configuring Basic Clientless and Client-Based SSL VPNs
Lab 7: HostScan and Dynamic Access Policies Lab 8: Securing Resources with Web-Type ACLs Lab 9: CSD Endpoint Assessment Lab 10: Certificate-Based Authentication Lab 11: Advanced Troubleshooting
5761 – ASVPN - Cisco Advanced SSL VPN
Page 2 of 2
