Cisco IINS 2.0: VPN Technologies and Public Key Infrastructure

This course is included in our On-demand training solution.


An IP Security (IPsec) VPN uses the Internet to connect branch offices, remote employees, and business partners to the resources of your company. It is a reliable way to maintain your company privacy while streamlining operations, reducing costs, and allowing flexible network administration. VPNs are an integral part of any security architecture. Providing confidentiality, integrity, and endpoint authentication, VPNs are ubiquitous and provide data loss prevention mechanisms for data that is in transit at multiple levels. From Secure Sockets Layer (SSL) VPNs to IP Security (IPsec) VPNs, site-to-site VPNs, or remote-access options, this security control is now embedded in networks and applications and should be available in a transparent and manageable fashion. This course introduces the cryptographic elements of VPNs, including symmetric and asymmetric algorithms, and describes the components, deployment options, and operational framework of VPN technologies.
A public key infrastructure (PKI) is an increasingly critical component to ensure confidentiality, integrity, and authentication in an enterprise. PKI is based on the fundamentals of asymmetric encryption. PKI uses the power of private and public keys, digital signatures, and trust models that are derived from asymmetric encryption. PKI provides services that range from identity management to software code signing, and from encrypted file systems and email to VPNs and others. This course discusses the principles behind asymmetric encryption that result in PKI solutions and explains the operational framework of such solutions.

Target Audience

Network designers, administrators, engineers, and managers; systems engineers; individuals seeking the Implementing Cisco IOS Network Security (IINS) v2.0 640-554 certification, which is associated with the CCNA Security certification exam. Knowledge and skills equivalent to those learned in Interconnecting Cisco Networking Devices Part 1 (ICND1) are required, and a working knowledge of the Windows operating system and Cisco IOS networking and concepts is recommended.


Expected Duration

120 min.

Course Objectives

VPN Architecture

  • describe the benefits of VPNs
  • identify the OSI layers where MPLS VPNs operate
  • match the type of VPN to the appropriate descriptions
  • VPN Encryption

  • describe the role of cryptology in VPN implementations
  • identify the use of ciphers in VPN deployments
  • identify the use of encryption algorithms in VPN deployments
  • identify the use of cryptanalysis in VPN deployments
  • Symmetric and Asymmetric Encryption Algorithms

  • identify symmetric encryption algorithms and their use in VPN operations
  • identify asymmetric encryption algorithms and their use in VPN operations
  • Cryptographic Hashes and Key Management

  • describe the functions of cryptographic hashes
  • identify the components of key management
  • Cryptographic Processes in IPsec and SSL/TLS

  • describes the role of cryptography plays in commercial implementations such as IPsec and SSL/TLS
  • Asymmetric Encryption, PKI, and RSA

  • describe how PKI uses asymmetric cryptography to accomplish confidentiality
  • describe how PKI uses asymmetric cryptography to accomplish authentication
  • describe the features and functions of the RSA algorithm
  • PKI Definitions, Algorithms, and Standards

  • describe the principles behind a PKI
  • describe PKI standards
  • Certificate Authorities

  • identify the role of CAs in a PKI