Cisco VPN 2.0: Implementing Core Cisco ASA Policy Configurations and PKI Services

Anyone wishing to obtain the Cisco Certified Network Professional CCNP Security designation. Cisco Network Security Engineers responsible for the selection, configuration, and the troubleshooting of the majority of Cisco ASA Adaptive Security Appliance perimeter security features to reduce risk to IT infrastructure and its applications within their networking environments.Established IT professionals with a good understanding of networking and Cisco technology, installation, troubleshooting and monitoring of devices used to maintain integrity, confidentiality and availability of data and network devices that Cisco uses in its security infrastructure, as well as working knowledge of the Microsoft Windows operating system.Candidates who have completed the Cisco Certified Network Associate (CCNA), the Cisco Certified Network Associate Security (CCNA Security), the Securing Networks with Cisco Routers and Switches (SECURE) v1.0, and the Deploying Cisco ASA Firewall Solutions (FIREWALL 2.0) Certifications.

Please contact us for information about prerequisites.

Expected Duration
180 minutes

Configuring policies and network settings for many VPN users requires a scalable and flexible configuration mechanism. This course discusses how to configure connection profiles and group policies, which are the cornerstone for configuring either Secure Sockets Layer (SSL) VPNs or IP Security (IPsec) remote access policies on the Cisco ASA Adaptive Security Appliance.
Public key infrastructure (PKI) services provide a scaleable and trusted method of authentication. All types of VPNs can use PKI to perform mutual authentications, server-side authentications, and client authentications. In this course, several methods for deploying PKI services on the Cisco ASA Adaptive Security Appliance are explained.


Implementing Profiles, Group Policies, and User Policies

  • sequence priorities in the Cisco ASA Security Appliance’s policy inheritance model
  • describe how connection profiles work
  • describe how to configure connection profiles
  • identify the characteristics of Cisco ASA Security Appliance group policies
  • describe how Cisco ASA VPN AAA, access control, and accounting can be configured
  • identify the features of Cisco Secure Desktop
  • identify the components of dynamic access policies on the Cisco ASA Security Appliance
  • Implementing PKI Services

  • recognize how to use PKI to support a scalable VPN deployment
  • differentiate between methods for determining certificate revocation
  • identify the steps configure the basic Cisco ASA Security Appliance SSL VPN gateway features to use a PKI-provisioned identity certificate of the appliance
  • sequence the steps to configure certificate-based client authentication by using the local CA of the Cisco ASA Security Appliance
  • identify the steps to configure a certificate-to-connection profile mapping on the Cisco ASA Security Appliance
  • describe SCEP proxy operations




    Multi-license discounts available for Annual and Monthly subscriptions.