Cisco VPN 2.0: Implementing Core Cisco ASA Policy Configurations and PKI Services

This course is included in our On-demand training solution.


Configuring policies and network settings for many VPN users requires a scalable and flexible configuration mechanism. This course discusses how to configure connection profiles and group policies, which are the cornerstone for configuring either Secure Sockets Layer (SSL) VPNs or IP Security (IPsec) remote access policies on the Cisco ASA Adaptive Security Appliance.
Public key infrastructure (PKI) services provide a scaleable and trusted method of authentication. All types of VPNs can use PKI to perform mutual authentications, server-side authentications, and client authentications. In this course, several methods for deploying PKI services on the Cisco ASA Adaptive Security Appliance are explained.

Target Audience

Anyone wishing to obtain the Cisco Certified Network Professional CCNP Security designation. Cisco Network Security Engineers responsible for the selection, configuration, and the troubleshooting of the majority of Cisco ASA Adaptive Security Appliance perimeter security features to reduce risk to IT infrastructure and its applications within their networking environments. Established IT professionals with a good understanding of networking and Cisco technology, installation, troubleshooting and monitoring of devices used to maintain integrity, confidentiality and availability of data and network devices that Cisco uses in its security infrastructure, as well as working knowledge of the Microsoft Windows operating system. Candidates who have completed the Cisco Certified Network Associate (CCNA), the Cisco Certified Network Associate Security (CCNA Security), the Securing Networks with Cisco Routers and Switches (SECURE) v1.0, and the Deploying Cisco ASA Firewall Solutions (FIREWALL 2.0) Certifications.


Expected Duration

180 min.

Course Objectives

Cisco ASA VPN Policy Configuration

  • sequence priorities in the Cisco ASA Security Appliance’s policy inheritance model
  • Cisco ASA Connection Profiles

  • describe how connection profiles work
  • describe how to configure connection profiles
  • Cisco ASA Group Policies

  • identify the characteristics of Cisco ASA Security Appliance group policies
  • Configuring a Connection Profile and Group Policy

    Cisco ASA VPN AAA, Access Control, and Accounting

  • describe how Cisco ASA VPN AAA, access control, and accounting can be configured
  • Cisco Secure Desktop and DAP for SSL VPN

  • identify the features of Cisco Secure Desktop
  • identify the components of dynamic access policies on the Cisco ASA Security Appliance
  • Using PKI

  • recognize how to use PKI to support a scalable VPN deployment
  • differentiate between methods for determining certificate revocation
  • Provisioning Server-Side Certificates on the Cisco ASA

  • identify the steps configure the basic Cisco ASA Security Appliance SSL VPN gateway features to use a PKI-provisioned identity certificate of the appliance
  • Configuring PKI Enrollment

    Deploying Client-Based Certificate Authentication

  • sequence the steps to configure certificate-based client authentication by using the local CA of the Cisco ASA Security Appliance
  • Certificate-to-Connection Profile Mappings and SCEP

  • identify the steps to configure a certificate-to-connection profile mapping on the Cisco ASA Security Appliance
  • describe SCEP proxy operations
  • Configuring Client-Based Certificate Authentication