> > > SIMOS

Implementing Cisco Secure Mobility Solutions (SIMOS)

Course Description Schedule Course Outline
 

Now available in e-learning for a fraction of the ILT (Instructor Led Training) cost!

Cisco has revolutionized e-learning You will now receive the exact same content and labs in a self-paced format complete with HD video, searchable transcripts, hands-on labs (just like the ILT labs) and graded assessments. It is the utmost, interactive and state-of-the-art authorized Cisco e-learning available.

To start learning, click here to view this course.

About this Course

Implementing Cisco Secure Mobility Solutions (SIMOS) v1.0 is a new course that is part of the recommended training for the Cisco Certified Network Professional Security (CCNP© Security) certification. This course will prepare you with the knowledge and skills needed to protect data traversing a public or shared infrastructure such as the Internet by implementing and maintaining Cisco VPN solutions. You will gain hands-on experience with configuring and troubleshooting remote access and site-to-site VPN solutions using Cisco ASA adaptive security appliances and Cisco IOS routers.

Who should attend

  • Network Security Engineers
  • Network Engineers
  • Network Designers and Administrators
  • Network Managers
  • System Engineers

Class Prerequisites

Cisco Certified Network Associate (CCNA®) Security certification

OR

Any CCIE certification can act as a prerequisite

What You Will Learn

By the end of this course, you will be able to:

  • Describe the various VPN technologies and deployments as well as the cryptographic algorithms and protocols that provide VPN security
  • Implement and maintain Cisco site-to-site VPN solutions
  • Deploy Cisco FlexVPN in point-to-point, hub-and-spoke and spoke-to-spoke IPsec VPNs
  • Implement Cisco clientless SSL VPNs
  • Implement and maintain Cisco AnyConnect SSL and IPsec VPNs
  • Deploy endpoint security and dynamic access policies (DAP)

Certifications

This course is part of the following Certification:

Follow On Courses

Outline: Implementing Cisco Secure Mobility Solutions (SIMOS)

Module 1: The Role of VPNs in Network Security

  • VPN Definition
  • Key Threats to WANs and Remote Access
  • Cisco Modular Network Architecture and VPNs
  • VPN Types
  • VPN Components
  • Secure Communication and Cryptographic Services
  • Cryptographic Algorithms
  • Cryptography and Confidentiality
  • Cryptography and Integrity
  • Cryptography and Authentication
  • Cryptography and Nonrepudiation
  • Keys in Cryptography
  • Public Key Infrastructure
  • Next-Generation Encryption
  • Dependencies in Cryptographic Services
  • Cryptographic Controls Guidelines

Module 2: Secure Site-to-Site Connectivity Solutions

  • Site-to-Site VPN Topologies and Technologies
  • IPsec VPN Overview
  • Internet Key Exchange v1 and v2
  • Security Payload Encapsulation
  • IPsec Virtual Tunnel Interface
  • Dynamic Multipoint VPN
  • Cisco IOS FlexVPN
  • Overview of Point-to-Point IPsec VPNs on the Cisco ASA
  • Configuration Tasks for Basic Point-to-Point Tunnels on the Cisco ASA
  • Enable IKE on an Interface
  • Configure IKE Policy
  • Configure PSKs
  • Choose Transform Set and VPN Peer
  • Choose Traffic for VPN
  • Configure Site-to-Site VPN with Connection Profiles Menu
  • Verify and Troubleshoot Basic Point-to-Point Tunnels on the Cisco ASA
  • Overview of Cisco IOS VTIs
  • Configure Static VTI Point-to-Point Tunnels
  • Verify Static VTI Point-to-Point Tunnels
  • Configure Dynamic VTI Point-to-Point Tunnels
  • Verify Dynamic VTI Point-to-Point Tunnels
  • Overview of Cisco IOS DMVPN
  • DMVPN Solution Components
  • GRE
  • NHRP
  • DMVPN
    • Types of Authentication
    • Configure DMVPN on Hub
    • Configure DMVPN on Spoke
    • Configure Routing in DMVPN
    • Verify DMVPN

Module 3: Cisco IOS Site-to-Site FlexVPN Solutions

  • FlexVPN Overview
  • Public Key Infrastructure (PKI)
  • Site-to-Site VPN Topologies
  • FlexVPN Architecture
  • FlexVPN Configuration Overview
  • FlexVPN Capabilities
  • IKEv2 vs. IKEv1 Overview
  • IKEv2 Message Exchange
  • IKEv2 DoS Prevention
  • IKEv1 and IKEv2 Comparison
  • FlexVPN Use Cases
  • Point-to-Point FlexVPN
  • FlexVPN Configuration Blocks
  • IKEv2 Profile
  • Smart Defaults
  • Manipulating Default Values
  • Negotiating IKEv2 Proposals
  • Point-to-Point VPN Scenario with IPv4 Static Routes
  • Configure and Verify Point-to-Point VPN with IPv4 Static Routes
  • Point-to-Point VPN Scenario with OSPFv3
  • Configure and Verify Point-to-Point VPN with OSPFv3
  • Enroll Devices to ECDSA PKI
  • Configure Router for ECDSA
  • Configure ASA for ECDSA
  • Verify EC Key Pairs and Certificates
  • Verify IKEv2 SA
  • Verify IPsec SA
  • Verify Point-to-Point FlexVPN (just flowchart and important show/debug command output)
  • Cisco IOS FlexVPN
  • IKEv2 Configuration Payload
  • Locally Managed Hub-and-Spoke Scenario
  • Configure a Spoke in a Hub-and-Spoke Scenario
  • Configure a Hub in a Hub-and-Spoke Scenario
  • Configuration Exchange
  • Verify and Troubleshoot Hub-and-Spoke FlexVPN
  • Spoke-to-Spoke Shortcut Scenario
  • NHRP in FlexVPN
  • Configure and Verify a Spoke in a Spoke-to-Spoke Shortcut Scenario
  • Configure and Verify a Hub in a Spoke-to-Spoke Shortcut Scenario
  • RADIUS-Managed FlexVPN Scenario
  • Verify Spoke-to-Spoke Shortcut Switching
  • Troubleshoot Spoke-to-Spoke Shortcut Switching (just flowchart and important show/debug command output)

Module 4: SSL VPNs

  • Components
  • SSL/TLS
  • Overview of group policies and connection profiles
  • Basic Cisco Clientless SSL VPN
  • Solution Components
  • Configure ASA gateway
  • Configure basic authentication
  • Configure access control (including URL entry and bookmarks)
  • Verify basic clientless SSL VPN
  • Troubleshoot basic clientless SSL VPN
  • Deploying Application Access options (plug-ins, smart tunnels)
  • Configure and verify plugins
  • Configure and verify smart tunnels
  • Troubleshoot plugins and smart tunnel
  • Advanced Authentication in Cisco Clientless SSL VPN Solution Components
  • Configure and verify Certificate based Authentication
  • Configure and Verify External Authentication
  • roubleshoot Advanced Authentication in Clientless SSL VPN

Module 5: Cisco AnyConnect VPNs

  • IP Address assignment
  • Split Tunneling
  • Basic Cisco AnyConnect SSL VPN
    • Solution Components
    • SSL VPN Server Authentication
    • SSL VPN Clients Authentication
    • SSL VPN Clients IP Address Assignment
    • SSL VPN Split Tunneling
  • Configure ASA for Basic AnyConnect SSL VPN
  • Configure Basic Cisco Authentication
  • Configure Access Control
  • Verify and Troubleshoot Basic Cisco AnyConnect SSL VPN
  • DTLS
    • Overview
    • Parallel DTLS and TLS Tunnels
    • Configure DTLS
    • Verify DTLS
  • Cisco AnyConnect Client Configuration Management
  • Cisco AnyConnect Client Operating System Integration Options
  • Cisco AnyConnect Start Before Logon
  • Cisco AnyConnect Trusted Network Detection
  • Configure, Verify and Troubleshoot Cisco AnyConnect Start Before Logon
  • Cisco AnyConnect Trusted Network Detection
  • AnyConnect Support for IPSec/IKEv2
  • Configure a Cisco AnyConnect IPsec/IKEv2 VPNs on a Cisco ASA Adaptive Security Appliance
  • Verify and Troubleshoot Cisco AnyConnect IPsec/IKEv2 VPNs on Cisco ASA
  • Cisco AnyConnect Advanced Authentication Scenarios
  • External Authentication
  • Certificate-Based Server Authentication
  • Configure and Verify Certificate-Based Client Authentication
  • SCEP Proxy
    • Connection Flow
    • Configuration Procedure
  • Local Authorization
  • External Authentication and Authorization Scenario
  • Configure External Authentication and Authorization
  • Troubleshoot Advanced Authentication and Authorization in Cisco AnyConnect VPNs
  • Accounting

Module 6: Endpoint Security and Dynamic Access Policies

  • Cisco HostScan Overview
  • Cisco HostScan Prelogin Assessment
  • Install Cisco HostScan
  • Configure Prelogin Criteria and Prelogin Policy
  • Configure Host Scan Endpoint Assessment
  • Configure Host Scan Advanced Endpoint Assessment
  • DAP
    • Integrate with Host Scan
    • Configure
    • Verifying and Troubleshooting

Labs

  • Site to Site Secure Connectivity on Cisco ASA
  • Implement a Cisco IOS static VTI point-to-point tunnel
  • Site-to-Site Secure Connectivity Using Cisco IOS FlexVPN
  • Hub-to-Spoke Secure Connectivity Using Cisco IOS Flex VPN
  • Spoke-to-Spoke Secure Connectivity Using Cisco IOS Flex VPN
  • Cisco Clientless SSL VPN on Cisco ASA
  • Application Access clientless SSL
  • Advanced AAA Clientless SSL
  • Implement Basic AnyConnect SSL VPN on Cisco ASA
  • Advanced AnyConnect SSL VPN on Cisco ASA
  • AnyConnect IPsec/IKEv2 VPNs on Cisco ASA
  • Hostscan and DAP for AnyConect SSL VPNs
Classroom Training
Modality: C

Duration 5 days

Price
  • United States: US$ 3,795
  • Cisco Learning Credits: 38 CLC
Enroll now
Online Training
Modality: L

Duration 5 days

Price
  • United States: US$ 3,795
  • Cisco Learning Credits: 38 CLC
Enroll now
E-Learning Cisco Digital Learning
Modality: P
Price
  • United States: US$ 995
  • Cisco Learning Credits: 10 CLC
Buy E-Learning
 
Click City Name To Book Schedule
This is an Instructor-Led Classroom course
This is an Instructor-Led Online (ILO) course. These sessions are conducted via WebEx in a VoIP environment and require an Internet Connection and headset with microphone connected to your computer or laptop.
This is a FLEX course, which is delivered simultaneously in two modalities. Choose to attend the Instructor-Led Online (ILO) virtual session or Instructor-Led Classroom (ILT) session.
  *   This class is delivered by a partner.
United States
Dec 11-15, 2017 Online Training 09:00 US/Central * Enroll
Feb 19-23, 2018 Online Training 09:00 US/Central Enroll
Feb 26-Mar 2, 2018 Online Training 09:00 US/Central * Enroll
Apr 16-20, 2018 Online Training 09:00 US/Eastern Enroll
May 21-25, 2018 Online Training 09:00 US/Central * Enroll
Jun 11-15, 2018 Online Training 09:00 US/Central Enroll
Aug 13-17, 2018 Online Training 09:00 US/Central * Enroll
Sep 10-14, 2018 Online Training 09:00 US/Eastern Enroll
Oct 1-5, 2018 Online Training 09:00 US/Central Enroll
Nov 5-9, 2018 Online Training 09:00 US/Central * Enroll
Dec 3-7, 2018 Online Training 09:00 US/Eastern Enroll
Dec 17-21, 2018 Online Training 09:00 US/Central * Enroll
Canada
Nov 27-Dec 1, 2017 Quebec City, QC 08:30 Canada/Eastern Course language: French * Enroll
Feb 19-23, 2018 Online Training 09:00 Canada/Central Enroll
Apr 16-20, 2018 Online Training 09:00 Canada/Eastern Enroll
Jun 11-15, 2018 Online Training 09:00 Canada/Central Enroll
Sep 10-14, 2018 Online Training 09:00 Canada/Eastern Enroll
Oct 1-5, 2018 Online Training 09:00 Canada/Central Enroll
Dec 3-7, 2018 Online Training 09:00 Canada/Eastern Enroll
Europe
Germany
Dec 11-15, 2017 Frankfurt Enroll
Dec 18-22, 2017 Düsseldorf Enroll
Jan 8-12, 2018 Münster Enroll
Jan 29-Feb 2, 2018 Berlin Enroll
Feb 12-16, 2018 This is a FLEX event Munich Course language: English Enroll
Online Training Time zone: Europe/Berlin Enroll
Feb 19-23, 2018 Hamburg Enroll
Mar 5-9, 2018 Frankfurt Enroll
Mar 12-16, 2018 Düsseldorf Enroll
Mar 26-29, 2018 Stuttgart 4 days Enroll
Apr 9-13, 2018 Münster Enroll
Austria
Feb 12-16, 2018 Vienna (iTLS) Enroll
Apr 16-20, 2018 Vienna (iTLS) Enroll
Jul 2-6, 2018 Vienna (iTLS) Enroll
Aug 27-31, 2018 Vienna (iTLS) Enroll
Oct 15-19, 2018 Vienna (iTLS) Enroll
Dec 17-21, 2018 Vienna (iTLS) Enroll
Czech Republic
Jun 18-22, 2018 This is a FLEX event Prague Course language: English Enroll
Online Training Time zone: Europe/Prague Enroll
France
Mar 12-16, 2018 Paris Enroll
Jul 2-6, 2018 Paris Enroll
Oct 1-5, 2018 Paris Enroll
Italy
Dec 11-15, 2017 Milan Enroll
Jan 29-Feb 2, 2018 Milan Enroll
Apr 16-20, 2018 Rome Enroll
May 28-Jun 1, 2018 Milan Enroll
Jul 30-Aug 3, 2018 Rome Enroll
Oct 22-26, 2018 Milan Enroll
Nov 26-30, 2018 Rome Enroll
Netherlands
Mar 12-26, 2018 Utrecht 3 days Course language: English FastTrack - combination of classroom-based training and self-study Klassikale trainingsdagen: 12/03, 13/03, 26/03 Enroll
Portugal
Dec 18-22, 2017 Lisbon Enroll
Apr 9-13, 2018 Lisbon Enroll
Sep 17-21, 2018 Lisbon Enroll
Romania
Feb 5-9, 2018 This is a FLEX event Bucharest Course language: English Enroll
Online Training Time zone: Europe/Bucharest Enroll
Slovenia
Nov 12-16, 2018 This is a FLEX event Ljubljana Course language: English Enroll
Online Training Time zone: Europe/Ljubljana Enroll
Spain
Dec 11-15, 2017 Madrid Enroll
Feb 19-23, 2018 Madrid Enroll
May 21-25, 2018 Madrid Enroll
Aug 20-24, 2018 Madrid Enroll
Nov 12-16, 2018 Madrid Enroll
Sweden
Feb 5-9, 2018 This is a FLEX event Stockholm Course language: English Enroll
Online Training Time zone: Europe/Stockholm Enroll
Apr 23-27, 2018 This is a FLEX event Stockholm Course language: English Enroll
Online Training Time zone: Europe/Stockholm Enroll
Switzerland
Dec 18-22, 2017 Zurich Enroll
Jan 22-26, 2018 Zurich Enroll
Mar 26-29, 2018 Zurich 4 days Enroll
Jun 11-15, 2018 Zurich Enroll
Aug 13-17, 2018 Zurich Enroll
Oct 1-5, 2018 Zurich Enroll
Dec 3-7, 2018 Zurich Enroll
United Kingdom
Feb 12-16, 2018 This is a FLEX event London (mid) Enroll
Online Training Time zone: Europe/London Enroll
Apr 30-May 4, 2018 This is a FLEX event London (Int Hse) Enroll
Online Training Time zone: Europe/London Enroll
Latin America
Brazil
Mar 5-9, 2018 Online Training Time zone: America/Sao_Paulo Enroll
May 14-18, 2018 Online Training Time zone: America/Sao_Paulo Enroll
Jul 16-20, 2018 Online Training Time zone: America/Sao_Paulo Enroll
Sep 17-21, 2018 Online Training Time zone: America/Sao_Paulo Enroll
Chile
May 14-18, 2018 Online Training Time zone: America/Santiago Enroll
Nov 5-9, 2018 Online Training Time zone: America/Santiago Enroll
Colombia
Jan 15-19, 2018 Online Training Time zone: America/Bogota Enroll
Apr 2-6, 2018 Online Training Time zone: America/Bogota Enroll
Sep 3-7, 2018 Online Training Time zone: America/Bogota Enroll
Mexico
Feb 12-16, 2018 Online Training Time zone: America/Mexico_City Enroll
Jun 4-8, 2018 Online Training Time zone: America/Mexico_City Enroll
Sep 17-21, 2018 Online Training Time zone: America/Mexico_City Enroll
Peru
Mar 12-16, 2018 Online Training Time zone: America/Lima Course language: Spanish Enroll
Jul 23-27, 2018 Online Training Time zone: America/Lima Course language: Spanish Enroll
Asia Pacific
Australia
Jan 29-Feb 2, 2018 This is a FLEX event Melbourne Enroll
Online Training Time zone: Australia/Melbourne Enroll
Apr 9-13, 2018 This is a FLEX event Sydney Enroll
Online Training Time zone: Australia/Sydney Enroll
Jun 18-22, 2018 This is a FLEX event Melbourne Enroll
Online Training Time zone: Australia/Melbourne Enroll
Aug 27-31, 2018 This is a FLEX event Sydney Enroll
Online Training Time zone: Australia/Sydney Enroll
Nov 12-16, 2018 This is a FLEX event Melbourne Enroll
Online Training Time zone: Australia/Melbourne Enroll
Middle East
Qatar
Apr 22-26, 2018 Doha Course language: English Enroll
Saudi Arabia
Oct 21-25, 2018 Riyadh Course language: English Enroll
United Arab Emirates
Jan 28-Feb 1, 2018 Dubai Course language: English This course is being delivered by iTLS. Enroll
Apr 15-19, 2018 Dubai Course language: English This course is being delivered by iTLS. Enroll
Jul 15-19, 2018 Dubai Course language: English This course is being delivered by iTLS. Enroll
Oct 14-18, 2018 Dubai Course language: English This course is being delivered by iTLS. Enroll
Africa
Egypt
Dec 17-21, 2017 Cairo Course language: English Enroll
Mar 4-8, 2018 Cairo Course language: English Enroll
May 20-24, 2018 Cairo Course language: English Enroll
Sep 16-20, 2018 Cairo Course language: English Enroll
Dec 2-6, 2018 Cairo Course language: English Enroll