header
headerhomeService AreasCourse CatalogTraining SchedulesEnrollAbout UsCareers
   

 

Cisco Secure Virtual Private Networks (CSVPN)

4 Day Hands-On Course

Cisco Course v4.7 | Prepares you for Cisco Exam 642-511 CSVPN


Course Description

In this Authorized Cisco class, you will learn the skills necessary to securely extend your computing environment using Cisco VPN solutions. With instruction based on the latest VPN technology, you will learn how to most effectively install and configure VPN connections to leverage your investment in these important security products and technologies.

Over 20 advanced hands-on labs guide you through using the VPN Concentrator, VPN Software Client, and VPN Hardware Client to set up secure network connectivity in both LAN-to-LAN and Remote Access scenarios. A PIX Firewall-based VPN lab is included as a refresher on IPSec VPN principles. The labs include using the VPN 3000 Series Concentrator to host remote access VPN connections using the Cisco VPN Software Client and VPN 3002 Hardware Client with Pre-Shared Keys and digital certificates, integrated firewall features of the Software Client, and LAN-to-LAN IPSec VPN connections using the VPN 3000 Series Concentrator. New features in the 4.7 version of the Concentrator code, such as SSL VPN and Secure Desktop, are demonstrated.

Labs include configuring and testing split tunneling, bandwidth management, pre-configuring and customizing the Cisco VPN Software Client, RADIUS and TACACS-based authentication, and configuring a Windows 2000 Server as a Certificate Authority. This course gives you the most relevant, hands-on, and real-world experience available anywhere, all based on an enhanced topology designed to simulate a typical production network instead of a classroom.

 

Course Objectives

In this course students will learn:

  • Features, functions, and benefits of Cisco Secure VPN products
  • Cisco Secure VPN 3000 Series Concentrator
  • Cisco Secure VPN Software Client version 4.x
  • Cisco Secure VPN 3002 Hardware Client
  • IPSec fundamentals and operation
  • Public Key Infrastructure (PKI) organization and concepts
  • Processes involved in the creation and use of digital certificates
  • VPN 3000 Series Concentrator Redundancy and Load Balancing (Clustering)
  • VPN Software Client firewall features and how to create and apply centrally managed firewall policies
  • Configure and use split tunneling and split DNS
  • Configure Certificate Revocation List (CRL) caching
  • Configure and apply bandwidth policing or bandwidth reservation policies
  • Monitoring functions, including use of the Filterable Event Log
  • Reverse Route Injection
  • Differences between Client Mode and Network Extension Mode when using the VPN 3002 Hardware Client
  • How and why to configure IPSec over UDP, NAT Traversal, and IPSec over TCP
  • Configure and use WebVPN clientless connectivity
  • Configure and use the Cisco SSL VPN Client (new in Concentrator version 4.7)
  • Configure and use the Cisco Secure Desktop (new in Concentrator version 4.7)

 

Intended Audience

Networking professionals tasked with ensuring the effective use of Cisco VPN technologies within their networks; those seeking the Cisco Certified Security Professional (CCSP) or Cisco VPN Specialist certifications.

 

Course Outline

  • Security Fundamentals
  • Overview of Virtual Private Networks and IPSec Technologies
  • Cisco Virtual Private Network 3000 Concentrator Series Hardware Overview
  • VPN 3000 Series Concentrator Remote Access Using Pre-Shared Keys
  • VPN 3000 Series Concentrator Remote Access Using Digital Certificates
  • VPN Firewall Feature for the Software Client
  • VPN Client Auto-Initiation Feature
  • Monitor and Administer the Cisco VPN 3000 Series Concentrator Remote Access Networks
  • VPN 3002 Hardware Client for Remote Access Using Pre-Shared Keys
  • VPN 3002 Hardware Client for Unit and User Authentication
  • VPN Client Backup Server and Load Balancing
  • VPN 3002 Hardware Client for Software Auto-Update
  • VPN 3000 Series Concentrator for IPSec Over UDP and IPSec Over TCP
  • VPN 3000 Series Concentrator LAN-to-LAN with Pre-Shared Keys
  • VPN 3000 Series Concentrator LAN-to-LAN with NAT
  • VPN 3000 Series Concentrator LAN-to-LAN Using Digital Certificates
  • Configure the Cisco VPN 3000 Series Concentrator for WebVPN
  • Using Cisco SSL VPN Client
  • Installing and Configuring Cisco Secure Desktop

 

Course Labs

For CSVPN, each pod has a router, a switch, a PIX Firewall, a VPN 3000 Series Concentrator, and four PC systems. These devices are organized in a real-world fashion and are configured to work together to provide a complete security solution. The four PCs are strategically placed in the topology to provide interesting and realistic functional demonstrations.

An Inside PC is treated as the Security Administrator's office desktop PC, and an Inside Server runs the applications, such as Cisco Secure Access Control Server, intended to be installed in the data center and shared among multiple administrators. The DMZ server is partially exposed to the Internet and provides HTTP and FTP services. An Outside PC is connected to the simulated Internet and can be used as a simulated web server and as the source of inbound VPN client connections.

  • Lab 1: Remote Lab Familiarization
  • Lab 2: Exclusive - PIX Site-to-Site IPSec Using Pre-Shared Keys
  • Lab 3: Initialize the VPN Concentrator
  • Lab 4: VPN Software Client Remote Access Using Pre-Shared Keys via Quick-Configuration Mode
  • Lab 5: Pre-Configuring and Customizing the VPN Software Client
  • Lab 6: Exclusive - Configure a Windows 2000 Server as a Certificate Authority (CA)
  • Lab 7: Configure the VPN Concentrator for Digital Certificates
  • Lab 8: Configure the VPN Software Client for Digital Certificates
  • Lab 9: VPN Software Client Remote Access Using Digital Certificates
  • Lab 10: Configure the Firewall Feature for the VPN Software Client
  • Lab 11: VPN Client Auto-Initiation
  • Lab 12: VPN Concentrator Monitoring
  • Lab 13: Concentrator Administration with TACACS+ Setup
  • Lab 14: Exclusive - Configure Bandwidth Management Policies on the VPN Concentrator
  • Lab 15: VPN 3002 Hardware Client Remote Access Using Pre-Shared Keys (Client Mode) and RADIUS
  • Lab 16: VPN 3002 Hardware Client Remote Access Using Pre-Shared Keys (Network Extension Mode)
  • Lab 17: Configure the VPN 3002 Hardware Client for Unit and User Authentication
  • Lab 18: Exclusive - Configure Reverse Route Injection
  • Lab 19: Configure Software Auto-Update
  • Lab 20: VPN 3000 Series Concentrator LAN-to-LAN IPSec Using Pre-Shared Keys
  • Lab 21: VPN 3000 Series Concentrator LAN-to-LAN IPSec Using Digital Certificates
  • Lab 22: WebVPN
  • Lab 23: SSL VPN Client
  • Lab 24: Secure Desktop


TOP

 
 

Course Description

Course Objectives

Intended Audience

Course Outline

Course Labs

 

 
 
 
   
 
Course Catalog Training Schedules Enroll Training Locations Cancellation Policy Contact Us Related Links Site Map
Service Areas Careers About Us Customer Quotes News & Events
 

CCIP, CCIE, CCDA, CCDP, CCNP, CCNA, VLANDirector, TrafficDirector, CiscoWorks 2000, ONS 15454 Secure PIX Firewal, Secure Virtual Private Networks, Cisco, Cisco Systems, Cisco Systems Logo, Catalyst, EtherChannel, IOS and LightStream are registered trademarks of Cisco Systems, Inc. or its affiliates in the US and certain other countries.