Cisco SECURE 1.0: Deploying Scalable Authentication in Site-to-Site IPSec VPNs

This course is included in our On-demand training solution.

Overview

You can configure IP Security (IPSec) virtual private networks (VPNs) with various types of authentication, which often limit its scalability with regard to performance and configuration manageability. A simple method, such as using pre-shared keys (PSKs), requires you to share a secret between each pair of VPN peers. A more scalable authentication method incorporates the public key infrastructure (PKI) for authentication purposes. This course discusses the process of configuring an IPSec site-to-site VPN using PKI-facilitated peer authentication.

Target Audience

Network professionals responsible for securing and managing their network infrastructures who have CCNA certification, CCNA Security certification (IINS) and a working knowledge of Microsoft Windows operating systems

Prerequisites

Expected Duration

150 min.

Course Objectives

Trusted Introducer

  • recognize how trusted introducer facilitates the secure exchange of public keys
  • Certificate Authorities

  • describe how certificate authorities work
  • identify features of the X.509 standard for PKI data formats
  • recognize how to plan a PKI-enabled VPN
  • PKI-Enabled VPN Deployment

  • identify the features of Cisco IOS Software Certificate Server
  • configure Certificate Server prerequisites and database location
  • Configuring the Cisco IOS Software Certificate Server

  • complete the Certificate Server configuration
  • Troubleshooting Certificate Server

  • recognize how to troubleshoot a basic Cisco IOS Software Certificate Server
  • Configuring PKI Enrollment

  • configure a Cisco IOS Software PKI client
  • Configure a Router as a Certificate Server

    Enroll Two VPN Peers into a PKI

    Verifying and Troubleshooting PKI Enrollment

  • recognize how to troubleshoot a Cisco IOS Software VPN router in a PKI enrollment process
  • Configuring PKI-Enabled IKE Peer Authentication

  • configure the integration of a Cisco IOS Software VPN router with supporting PKI entities
  • Configure IKE Using Peer Canonical Name Verification

    Troubleshooting and Advanced PKI Integration

  • recognize how to troubleshoot PKI-enabled IKE authentication
  • configure advanced PKI integration
  • SUBSCRIPTION COST



     

    NEED HELP OR NOT SURE?