Cisco SECURE 1.0: Deploying Scalable Authentication in Site-to-Site IPSec VPNs

This course is included in our On-demand training solution.


You can configure IP Security (IPSec) virtual private networks (VPNs) with various types of authentication, which often limit its scalability with regard to performance and configuration manageability. A simple method, such as using pre-shared keys (PSKs), requires you to share a secret between each pair of VPN peers. A more scalable authentication method incorporates the public key infrastructure (PKI) for authentication purposes. This course discusses the process of configuring an IPSec site-to-site VPN using PKI-facilitated peer authentication.

Target Audience

Network professionals responsible for securing and managing their network infrastructures who have CCNA certification, CCNA Security certification (IINS) and a working knowledge of Microsoft Windows operating systems


Expected Duration

150 min.

Course Objectives

Trusted Introducer

  • recognize how trusted introducer facilitates the secure exchange of public keys
  • Certificate Authorities

  • describe how certificate authorities work
  • identify features of the X.509 standard for PKI data formats
  • recognize how to plan a PKI-enabled VPN
  • PKI-Enabled VPN Deployment

  • identify the features of Cisco IOS Software Certificate Server
  • configure Certificate Server prerequisites and database location
  • Configuring the Cisco IOS Software Certificate Server

  • complete the Certificate Server configuration
  • Troubleshooting Certificate Server

  • recognize how to troubleshoot a basic Cisco IOS Software Certificate Server
  • Configuring PKI Enrollment

  • configure a Cisco IOS Software PKI client
  • Configure a Router as a Certificate Server

    Enroll Two VPN Peers into a PKI

    Verifying and Troubleshooting PKI Enrollment

  • recognize how to troubleshoot a Cisco IOS Software VPN router in a PKI enrollment process
  • Configuring PKI-Enabled IKE Peer Authentication

  • configure the integration of a Cisco IOS Software VPN router with supporting PKI entities
  • Configure IKE Using Peer Canonical Name Verification

    Troubleshooting and Advanced PKI Integration

  • recognize how to troubleshoot PKI-enabled IKE authentication
  • configure advanced PKI integration