Cisco VPN 2.0: Policy Configurations and PKI Services

This course is included in our On-demand training solution.


Most enterprises need scalable authentication schemes, in which the network devices offload the authentication process to back-end user databases such as Lightweight Directory Access Protocol (LDAP), TACACS+, or RADIUS. In clientless Secure Sockets Layer (SSL) VPNs, public key infrastructure (PKI) offers a scalable and secure authentication method. This course discusses the various authentication approaches that you should evaluate when designing a clientless SSL VPN solution, including the option of combining multiple authentications in a single process. This lesson also shows you how to provide a user-friendly authentication strategy by requiring only a single sign-on (SSO) when accessing various resources.
Many enterprises want to customize the user interface that is presented to clientless Secure Sockets Layer (SSL) VPN clients. Typical needs include language localization, which ensures that users navigate through pages that are written in their own language. This course discusses basic and advanced customization of portal navigation pages, help pages, and application integration. The course also explains how to implement language localization and describes the integration options that are available with the Cisco AnyConnect Client.

Target Audience

Anyone wishing to obtain the Cisco Certified Network Professional CCNP Security designation. Cisco Network Security Engineers responsible for the selection, configuration, and the troubleshooting of the majority of Cisco ASA adaptive Security Appliance perimeter security features to reduce risk to IT infrastructure and its applications within their networking environments. Established IT professionals with a good understanding of networking and Cisco technology, installation, troubleshooting and monitoring of devices used to maintain integrity, confidentiality and availability of data and network devices that Cisco uses in its security infrastructure, as well as working knowledge of the Microsoft Windows operating system. Candidates who have completed the Cisco Certified Network Associate (CCNA), the Cisco Certified Network Associate Security (CCNA Security), the Securing Networks with Cisco Routers and Switches (SECURE) v1.0, and the Deploying Cisco ASA Firewall Solutions (FIREWALL 2.0) Certifications.


Expected Duration

90 min.

Course Objectives

Advanced Clientless SSL VPN Authentication Solution Components

  • describe the considerations involved in clientless SSL VPN authentication design
  • Deploying Client Certificate-Based Authentication

  • describe how to deploy client-side certificate-based authentication
  • Advanced Gateway PKI Integration and Double Authentication

  • describe the characteristics of Double AAA Authentication
  • describe how to troubleshoot authentication failures in clientless SSL VPN with PKI
  • Deploying Clientless VPN SSO

  • describe how to configure and verify clientless VPN SSO methods
  • recognize how to troubleshoot clientless VPN SSO
  • Deploying Basic Navigation Customization

  • describe how to configure and verify the basic customization of the VPN portal navigation panes
  • Deploying Full Portal Customization

  • recognize steps to configure full portal HTML customization
  • Deploying Portal Localization

  • describe the characteristics of portal language localization
  • match the language localization configuration task with their descriptions
  • Deploying Portal Help and Integrated Application Customization

  • configure portal help customization in a given scenario
  • describe how to configure application-integration customization