LearnKey Training

Cisco® Authorized VPN
Security (642-511)


LearnKey delivers authorized Cisco® training as a Sponsored Organization of Tech 2000, a Cisco Learning Solutions Partner.
Cisco VPN Security


Cisco® Authorized VPN Security
(642-511)

3 Sessions –
9 Hours of Interactive Training
The Cisco® Secure VPN exam is one of four required to for the Cisco® CSS® 1 designation. In the Cisco® VPN Security course from LearnKey, you’ll learn about virtual private network (VPN) and IPSec protocol technologies. Expert instructor Michael Storm will demonstrate how to configure Cisco® Secure VPN clients as well as Cisco® router and PIX® firewall VPNs. At the conclusion of this course you will be prepared to pass the Cisco® Secure VPN exam.

Prerequisites: Valid CCNA ®certification required for CSS®1 designation.
About The Author
For the past 16 years, Michael Storm has managed the design, security and implementation of enterprise networks for Fortune 100 companies around the globe. As the founder of Brainstorm International, Inc., Storm specializes in InfoSec Security and Internetwork Solutions Architectures. He is currently the Director of Network Engineering and Security Officer for Interface Technical Training of Phoenix, AZ and creator of the Immersion Learning System™, used by countless Cisco® and Microsoft Professionals for achieving technical mastery. Storm holds many IT certifications, including the Cisco® CCIE® Security, CCNP®, CCSP™, CCDP®, NSA/CNSS CISSP, MCSE and MCT.
Session 1

Section A: Introduction
· CD Tour
· Prerequisites
· Certification Paths

Section B: VPN Basics
· What is a VPN?
· Three Scenarios
· Components & Protocols

Section C: IPSec Technologies
· What is IPSec?
· Cisco® Devices
· IPSec Standards
· IKE
· IPSec Modes
· Using IPSec Modes

Section D: IPSec Operations
· Operation Phases
· Interesting Traffic
· IKE Phase 1
· IKE Preshared Key
· RSA
· IKE Main Mode
· IKE Aggressive Mode

Section E: IPSec Operations (cont.)
· IKE Phase 2
· Quick Mode
· Forward Secrecy
· Encrypted Tunnel
· Tunnel Termination
· Security Associations
· Cisco® IPSec Flowchart

Section F: Product Family
· VPN 3000 Series
· VPN 3005
· VPN 3015
· VPN 3030
· VPN 3060
· VPN 3080
· Concentrator Front LED
· Client Support

Section G: IOS VPN Preparation
· Solutions
· Configuring Steps
· Prepare for IPSec
· Determine IKE Policy
· Determine IPSec Policy
· IPSec Policy Parameter
· Verify

Section H: IOS VPN Configuration
· Configuring IKE
· Create IKE Policies
· Preshared Keys Config
· Configure IPSec
· Crypto Access Lists
· Crypto Maps
· Map Configuration
· Test/Verify IPSec

Session 2

Section A: IOS IPSec Lab
· Prepare for IPSec
· Configure IKE Policy
· Configure IPSec
· Create Crypto ACL/Map
· Assign Interface/Test

Section B: Certificate Authorities
· CA Process
· Contents/Operation
· Benefits/RAs
· Scaling IPSec VPNs
· Supported CA Servers
· Configuring IPSec VPNs
· CA Configuration

Section C: IPSec on PIX®
· Topologies
· IKE Policy Example
· IPSec Config Example
· Crypto Map Example

Section D: PIX® IPSec Lab
· Create Crypto ACL
· Verify IKE Protocol
· Create Crypto Map
· Verify VPN Tunnel

Section E: PIX® CA Support
· Scaling PIX® VPNs
· PIX® CA Config

Section F: IPSec on VPN 3000
· VPN Types
· VPN 3000 Functions
· Client-to-LAN VPNs
· VPN 3000 Client
· Using Preshared Keys
· Concentrator Config

Section G: Concentrator 3000 Lab
· Concentrator Manager
· Create Groups/Users
· IPSec Parameters
· Create VPN Users
· Install VPN Client
· Create Connection
· Verify/Test

Section H: VPN Client Firewall
· Client Firewall Features
· Firewall Policy
· General Status
· Statistics/Firewall
· Set Up Client FW Policy

Section I: VPN Concentrator CA
· CA Process
· Certificate Validation
· Loading Process
· Concentrator Certificates

Session 3

Section A: VPN 3002 Hardware Client
· Client Features
· Usage
· Client Mode
· Split Tunnel Option
· Network Extension Mode

Section B: VPN 3002 HC Configuration
· Site-to-Site
· Group Set Up
· Add User to Group
· Configure 3002 HC
· IPSec/Preshared Key
· Monitor Tunnel

Section C: VPN 3002 HC Authentication
· Unit Authentication
· User Authentication
· Monitor User Statistics

Section D: 3002 Redundancy
· Server Features
· Load Balancing
· Virtual Cluster
· Reverse Route Injection

Section E: VPN Redundant Configuration
· Configure Backup Server
· Cluster Configuration
· Device Configuration
· Config Dynamic Protocol
· ID Reverse Route Injection
· Site-to-Site Configuration

Section F: Update 3000/3002
· Configure 3002 Client
· Update Process
· Standard Update
· Update 3000 Concentrator
· Auto Update
· Monitoring

Section G: Scaling VPN
· Cisco® Solutions
· Dynamic Crypto Maps
· PIX® Firewall
· PIX® Site-to-Site
· Extended Authentication
· PIX® VPN Client Access

CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, Cisco IOS, Cisco Systems, the Cisco Systems logo, and Networking Academy are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. All other trademarks mentioned in this web site are the property of their respective owners.