> > > SIMOS

Implementing Cisco Secure Mobility Solutions (SIMOS)

Course Description Schedule Course Outline
 

Now available in e-learning for a fraction of the ILT (Instructor Led Training) cost!

Cisco has revolutionized e-learning You will now receive the exact same content and labs in a self-paced format complete with HD video, searchable transcripts, hands-on labs (just like the ILT labs) and graded assessments. It is the utmost, interactive and state-of-the-art authorized Cisco e-learning available.

To start learning, click here to view this course.

Course Content

Implementing Cisco Secure Mobility Solutions (SIMOS) v1.0 is a new course that is part of the recommended training for the Cisco Certified Network Professional Security (CCNP© Security) certification. This course will prepare you with the knowledge and skills needed to protect data traversing a public or shared infrastructure such as the Internet by implementing and maintaining Cisco VPN solutions. You will gain hands-on experience with configuring and troubleshooting remote access and site-to-site VPN solutions using Cisco ASA adaptive security appliances and Cisco IOS routers.

Who should attend

  • Network Security Engineers
  • Network Engineers
  • Network Designers and Administrators
  • Network Managers
  • System Engineers

Prerequisites

Cisco Certified Network Associate (CCNA®) Security certification

OR

Any CCIE certification can act as a prerequisite

Course Objectives

By the end of this course, you will be able to:

  • Describe the various VPN technologies and deployments as well as the cryptographic algorithms and protocols that provide VPN security
  • Implement and maintain Cisco site-to-site VPN solutions
  • Deploy Cisco FlexVPN in point-to-point, hub-and-spoke and spoke-to-spoke IPsec VPNs
  • Implement Cisco clientless SSL VPNs
  • Implement and maintain Cisco AnyConnect SSL and IPsec VPNs
  • Deploy endpoint security and dynamic access policies (DAP)

Certifications

This course is part of the following Certification:

Follow On Courses

Outline: Implementing Cisco Secure Mobility Solutions (SIMOS)

Module 1: The Role of VPNs in Network Security

  • VPN Definition
  • Key Threats to WANs and Remote Access
  • Cisco Modular Network Architecture and VPNs
  • VPN Types
  • VPN Components
  • Secure Communication and Cryptographic Services
  • Cryptographic Algorithms
  • Cryptography and Confidentiality
  • Cryptography and Integrity
  • Cryptography and Authentication
  • Cryptography and Nonrepudiation
  • Keys in Cryptography
  • Public Key Infrastructure
  • Next-Generation Encryption
  • Dependencies in Cryptographic Services
  • Cryptographic Controls Guidelines

Module 2: Secure Site-to-Site Connectivity Solutions

  • Site-to-Site VPN Topologies and Technologies
  • IPsec VPN Overview
  • Internet Key Exchange v1 and v2
  • Security Payload Encapsulation
  • IPsec Virtual Tunnel Interface
  • Dynamic Multipoint VPN
  • Cisco IOS FlexVPN
  • Overview of Point-to-Point IPsec VPNs on the Cisco ASA
  • Configuration Tasks for Basic Point-to-Point Tunnels on the Cisco ASA
  • Enable IKE on an Interface
  • Configure IKE Policy
  • Configure PSKs
  • Choose Transform Set and VPN Peer
  • Choose Traffic for VPN
  • Configure Site-to-Site VPN with Connection Profiles Menu
  • Verify and Troubleshoot Basic Point-to-Point Tunnels on the Cisco ASA
  • Overview of Cisco IOS VTIs
  • Configure Static VTI Point-to-Point Tunnels
  • Verify Static VTI Point-to-Point Tunnels
  • Configure Dynamic VTI Point-to-Point Tunnels
  • Verify Dynamic VTI Point-to-Point Tunnels
  • Overview of Cisco IOS DMVPN
  • DMVPN Solution Components
  • GRE
  • NHRP
  • DMVPN
    • Types of Authentication
    • Configure DMVPN on Hub
    • Configure DMVPN on Spoke
    • Configure Routing in DMVPN
    • Verify DMVPN

Module 3: Cisco IOS Site-to-Site FlexVPN Solutions

  • FlexVPN Overview
  • Public Key Infrastructure (PKI)
  • Site-to-Site VPN Topologies
  • FlexVPN Architecture
  • FlexVPN Configuration Overview
  • FlexVPN Capabilities
  • IKEv2 vs. IKEv1 Overview
  • IKEv2 Message Exchange
  • IKEv2 DoS Prevention
  • IKEv1 and IKEv2 Comparison
  • FlexVPN Use Cases
  • Point-to-Point FlexVPN
  • FlexVPN Configuration Blocks
  • IKEv2 Profile
  • Smart Defaults
  • Manipulating Default Values
  • Negotiating IKEv2 Proposals
  • Point-to-Point VPN Scenario with IPv4 Static Routes
  • Configure and Verify Point-to-Point VPN with IPv4 Static Routes
  • Point-to-Point VPN Scenario with OSPFv3
  • Configure and Verify Point-to-Point VPN with OSPFv3
  • Enroll Devices to ECDSA PKI
  • Configure Router for ECDSA
  • Configure ASA for ECDSA
  • Verify EC Key Pairs and Certificates
  • Verify IKEv2 SA
  • Verify IPsec SA
  • Verify Point-to-Point FlexVPN (just flowchart and important show/debug command output)
  • Cisco IOS FlexVPN
  • IKEv2 Configuration Payload
  • Locally Managed Hub-and-Spoke Scenario
  • Configure a Spoke in a Hub-and-Spoke Scenario
  • Configure a Hub in a Hub-and-Spoke Scenario
  • Configuration Exchange
  • Verify and Troubleshoot Hub-and-Spoke FlexVPN
  • Spoke-to-Spoke Shortcut Scenario
  • NHRP in FlexVPN
  • Configure and Verify a Spoke in a Spoke-to-Spoke Shortcut Scenario
  • Configure and Verify a Hub in a Spoke-to-Spoke Shortcut Scenario
  • RADIUS-Managed FlexVPN Scenario
  • Verify Spoke-to-Spoke Shortcut Switching
  • Troubleshoot Spoke-to-Spoke Shortcut Switching (just flowchart and important show/debug command output)

Module 4: SSL VPNs

  • Components
  • SSL/TLS
  • Overview of group policies and connection profiles
  • Basic Cisco Clientless SSL VPN
  • Solution Components
  • Configure ASA gateway
  • Configure basic authentication
  • Configure access control (including URL entry and bookmarks)
  • Verify basic clientless SSL VPN
  • Troubleshoot basic clientless SSL VPN
  • Deploying Application Access options (plug-ins, smart tunnels)
  • Configure and verify plugins
  • Configure and verify smart tunnels
  • Troubleshoot plugins and smart tunnel
  • Advanced Authentication in Cisco Clientless SSL VPN Solution Components
  • Configure and verify Certificate based Authentication
  • Configure and Verify External Authentication
  • roubleshoot Advanced Authentication in Clientless SSL VPN

Module 5: Cisco AnyConnect VPNs

  • IP Address assignment
  • Split Tunneling
  • Basic Cisco AnyConnect SSL VPN
    • Solution Components
    • SSL VPN Server Authentication
    • SSL VPN Clients Authentication
    • SSL VPN Clients IP Address Assignment
    • SSL VPN Split Tunneling
  • Configure ASA for Basic AnyConnect SSL VPN
  • Configure Basic Cisco Authentication
  • Configure Access Control
  • Verify and Troubleshoot Basic Cisco AnyConnect SSL VPN
  • DTLS
    • Overview
    • Parallel DTLS and TLS Tunnels
    • Configure DTLS
    • Verify DTLS
  • Cisco AnyConnect Client Configuration Management
  • Cisco AnyConnect Client Operating System Integration Options
  • Cisco AnyConnect Start Before Logon
  • Cisco AnyConnect Trusted Network Detection
  • Configure, Verify and Troubleshoot Cisco AnyConnect Start Before Logon
  • Cisco AnyConnect Trusted Network Detection
  • AnyConnect Support for IPSec/IKEv2
  • Configure a Cisco AnyConnect IPsec/IKEv2 VPNs on a Cisco ASA Adaptive Security Appliance
  • Verify and Troubleshoot Cisco AnyConnect IPsec/IKEv2 VPNs on Cisco ASA
  • Cisco AnyConnect Advanced Authentication Scenarios
  • External Authentication
  • Certificate-Based Server Authentication
  • Configure and Verify Certificate-Based Client Authentication
  • SCEP Proxy
    • Connection Flow
    • Configuration Procedure
  • Local Authorization
  • External Authentication and Authorization Scenario
  • Configure External Authentication and Authorization
  • Troubleshoot Advanced Authentication and Authorization in Cisco AnyConnect VPNs
  • Accounting

Module 6: Endpoint Security and Dynamic Access Policies

  • Cisco HostScan Overview
  • Cisco HostScan Prelogin Assessment
  • Install Cisco HostScan
  • Configure Prelogin Criteria and Prelogin Policy
  • Configure Host Scan Endpoint Assessment
  • Configure Host Scan Advanced Endpoint Assessment
  • DAP
    • Integrate with Host Scan
    • Configure
    • Verifying and Troubleshooting

Labs

  • Site to Site Secure Connectivity on Cisco ASA
  • Implement a Cisco IOS static VTI point-to-point tunnel
  • Site-to-Site Secure Connectivity Using Cisco IOS FlexVPN
  • Hub-to-Spoke Secure Connectivity Using Cisco IOS Flex VPN
  • Spoke-to-Spoke Secure Connectivity Using Cisco IOS Flex VPN
  • Cisco Clientless SSL VPN on Cisco ASA
  • Application Access clientless SSL
  • Advanced AAA Clientless SSL
  • Implement Basic AnyConnect SSL VPN on Cisco ASA
  • Advanced AnyConnect SSL VPN on Cisco ASA
  • AnyConnect IPsec/IKEv2 VPNs on Cisco ASA
  • Hostscan and DAP for AnyConect SSL VPNs
Classroom Training
Modality: C

Duration 5 days

Price
  • United States: US$ 3,795
  • Cisco Learning Credits: 38 CLC
Enroll now
Online Training
Modality: L

Duration 5 days

Price
  • United States: US$ 3,795
  • Cisco Learning Credits: 38 CLC
Enroll now
E-Learning Cisco Digital Learning
Modality: P
Price
  • United States: US$ 995
  • Cisco Learning Credits: 10 CLC
Buy E-Learning
 
Click City Name To Book Schedule
This is an Instructor-Led Classroom course
This is an Instructor-Led Online (ILO) course. These sessions are conducted via WebEx in a VoIP environment and require an Internet Connection and headset with microphone connected to your computer or laptop.
This is a FLEX course, which is delivered simultaneously in two modalities. Choose to attend the Instructor-Led Online (ILO) virtual session or Instructor-Led Classroom (ILT) session.
  *   This class is delivered by a partner.
United States
Dec 17-21, 2018 Online Training 09:00 US/Central * Enroll
Europe
Germany
Nov 19-23, 2018 Frankfurt Enroll
Dec 17-21, 2018 Stuttgart Enroll
Jan 14-18, 2019 Stuttgart Enroll
Feb 4-8, 2019 Frankfurt Enroll
Feb 18-22, 2019 Hamburg Enroll
Mar 11-15, 2019 Munich Enroll
Mar 25-29, 2019 Düsseldorf Enroll
Apr 15-18, 2019 Stuttgart 4 days Enroll
May 6-10, 2019 Berlin Enroll
Jun 3-7, 2019 Münster Enroll
Austria
Dec 17-21, 2018 Vienna (iTLS) Enroll
Apr 15-18, 2019 Vienna (iTLS) 4 days Enroll
Jul 1-5, 2019 Vienna (iTLS) Enroll
Sep 9-13, 2019 Vienna (iTLS) Enroll
Dec 9-13, 2019 Vienna (iTLS) Enroll
Czech Republic
Dec 9-13, 2019 This is a FLEX event Prague Course language: English Enroll
Online Training Time zone: Europe/Prague Enroll
Estonia
Jun 10-14, 2019 This is a FLEX event Talin Course language: English Enroll
Online Training Time zone: Europe/Tallinn Enroll
France
Mar 11-15, 2019 Paris Enroll
Jul 1-5, 2019 Paris Enroll
Sep 30-Oct 4, 2019 Paris Enroll
Italy
Jan 28-Feb 1, 2019 Milan Enroll
May 13-17, 2019 Rome Enroll
Jun 17-21, 2019 Milan Enroll
Jul 22-26, 2019 Rome Enroll
Sep 23-27, 2019 Milan Enroll
Nov 18-22, 2019 Rome Enroll
Netherlands
May 20-24, 2019 Utrecht Course language: English Enroll
Poland
Jan 21-25, 2019 Warsaw Enroll
Portugal
Jan 28-Feb 1, 2019 Lisbon Enroll
May 27-31, 2019 Lisbon Enroll
Aug 5-9, 2019 Lisbon Enroll
Nov 4-8, 2019 Lisbon Enroll
Slovakia
Apr 8-12, 2019 This is a FLEX event Bratislava Enroll
Online Training Time zone: Europe/Bratislava Enroll
Slovenia
Oct 14-18, 2019 This is a FLEX event Ljubljana Course language: English Enroll
Online Training Time zone: Europe/Ljubljana Enroll
Spain
Jan 21-25, 2019 Madrid Enroll
May 20-24, 2019 Madrid Enroll
Jul 29-Aug 2, 2019 Madrid Enroll
Oct 21-25, 2019 Madrid Enroll
Switzerland
Jan 14-18, 2019 Zurich Enroll
Mar 11-15, 2019 Zurich Enroll
May 20-24, 2019 Zurich Enroll
Jul 8-12, 2019 Zurich Enroll
Sep 2-6, 2019 Zurich Enroll
Nov 18-22, 2019 Zurich Enroll
Turkey
Feb 4-8, 2019 This is a FLEX event Istanbul Course language: English Enroll
Online Training Time zone: Asia/Istanbul Enroll
United Kingdom
Feb 18-22, 2019 This is a FLEX event London (Int Hse) Enroll
Online Training Time zone: Europe/London Enroll
May 13-17, 2019 This is a FLEX event London (Int Hse) Enroll
Online Training Time zone: Europe/London Enroll
Latin America
Argentina
Jul 1-5, 2019 Online Training Time zone: America/Buenos_Aires Enroll
Dec 2-6, 2019 Online Training Time zone: America/Buenos_Aires Enroll
Brazil
Feb 11-15, 2019 Online Training Time zone: America/Sao_Paulo Enroll
Apr 22-26, 2019 Online Training Time zone: America/Sao_Paulo Enroll
Jul 22-26, 2019 Online Training Time zone: America/Sao_Paulo Enroll
Oct 21-25, 2019 Online Training Time zone: America/Sao_Paulo Enroll
Chile
Apr 8-12, 2019 Online Training Time zone: America/Santiago Enroll
Colombia
Jan 21-25, 2019 Online Training Time zone: America/Bogota Enroll
Costa Rica
May 13-17, 2019 Online Training Time zone: America/Costa_Rica Enroll
Mexico
Mar 4-8, 2019 Online Training Time zone: America/Mexico_City Enroll
Jul 1-5, 2019 Online Training Time zone: America/Mexico_City Enroll
Nov 25-29, 2019 Online Training Time zone: America/Mexico_City Enroll
Middle East
Qatar
Feb 10-14, 2019 Doha Course language: English Enroll
Jul 28-Aug 1, 2019 Doha Course language: English Enroll
United Arab Emirates
Feb 10-14, 2019 Dubai Course language: English This course is being delivered by iTLS. Enroll
May 5-9, 2019 Dubai Course language: English This course is being delivered by iTLS. Enroll
Jul 28-Aug 1, 2019 Dubai Course language: English This course is being delivered by iTLS. Enroll
Oct 27-31, 2019 Dubai Course language: English This course is being delivered by iTLS. Enroll
Africa
Egypt
Dec 2-6, 2018 Cairo Course language: English Enroll
Feb 10-14, 2019 Cairo Course language: English Enroll
May 5-9, 2019 Cairo Course language: English Enroll
Jul 28-Aug 1, 2019 Cairo Course language: English Enroll
Oct 27-31, 2019 Cairo Course language: English Enroll