SASSL v1.0 Managing Advanced Cisco SSL VPN. 3 days lecture course and hands-on lab $2,495 USD 25 Digital Version

Similar documents
Deploying Cisco ASA VPN Solutions v2.0 (VPN)

CCNP Security VPN

ASACAMP - ASA Lab Camp (5316)

5 days lecture course and hands-on lab $3,295 USD 33 Digital Version

Implementing Core Cisco ASA Security (SASAC)

Create and Apply Clientless SSL VPN Policies for Accessing. Connection Profile Attributes for Clientless SSL VPN

Cisco Passguide Exam Questions & Answers

Exam A QUESTION 1 An XYZ Corporation systems engineer, while making a sales call on the ABC Corporation headquarters, tried to access the XYZ sales de

For Sales Kathy Hall

Contents. Introduction. Prerequisites. Requirements. Components Used

ASA 8.0: How to Change the WebVPN Logo

Cisco - ASA Lab Camp v9.0

Cisco Secure Desktop (CSD) on IOS Configuration Example using SDM

New Features for ASA Version 9.0(2)

Implementing Cisco Network Security (IINS) 3.0

ASA Clientless SSL VPN (WebVPN) Troubleshooting Tech Note

AnyConnect HostScan. Prerequisites for HostScan

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

Administering the Web Server (IIS) Role of Windows Server (10972)

Cisco AnyConnect Secure Mobility Client

Clientless SSL VPN Overview

Clientless SSL VPN. Security Precautions CHAPTER

Cisco CISCO Securing Networks with ASA Advanced. Practice Test. Version

CNS-207-2I Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

Firepower Threat Defense Remote Access VPNs

Cisco Virtualization Experience Media Engine Overview

Using the Terminal Services Gateway Lesson 10

ASDM Book 3: Cisco ASA Series VPN ASDM Configuration Guide, 7.6

Implementing and Administering Security in a Microsoft Windows 2000 Network Course 2820 Five days Instructor-led Published: February 17, 2004

Contents. Introduction. Prerequisites. Requirements. Components Used

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

Clientless SSL VPN Users

Cisco Exam Questions & Answers

ASA 8.x Dynamic Access Policies (DAP) Deployment Guide

Introduction to 802.1X Operations for Cisco Security Professionals (802.1X)

Integration Guide. SafeNet Authentication Manager. Using RADIUS Protocol for Cisco ASA

Citrix NetScaler Essentials and Unified Gateway

Cisco Exam Questions & Answers

Students interested in learning how to implement and manage the advanced NetScaler features using leading practices. Specifically:

Exam Questions

10972: ADMINISTERING THE WEB SERVER (IIS) ROLE OF WINDOWS SERVER

Prerequisites CNS-220 Citrix NetScaler Essentials and Traffic Management

Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release

Cisco s AnyConnect VPN Client (version 2.4)

Table of Contents HOL-1757-MBL-6

Administering System Center Configuration Manager ( A)

CCNP Security VPN

6421A: Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure

Table of Contents 1 Cisco AnyConnect...1

Basic Clientless SSL VPN Configuration

Clientless SSL VPN Remote Users

Remote Access VPN. Remote Access VPN Overview. Licensing Requirements for Remote Access VPN

A: Administering System Center Configuration Manager

Implementing Security in Windows 2003 Network (70-299)

Configure an External AAA Server for VPN

DevNet Sandbox Collaboration 11.5

Establishing two-factor authentication with Cisco and HOTPin authentication server from Celestix Networks

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Cisco Adaptive Security Appliance 9.5(2)

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

Module 1: Understanding and Installing Internet Information Services

This document describes the configuration of Secure Sockets Layer (SSL) decryption on the FirePOWER Module using ASDM (On-Box Management).

Clientless SSL VPN Users

Advanced Clientless SSL VPN Configuration

NetScaler for Apps and Desktops CNS-222; 5 Days; Instructor-led

CCNA CCNA Security Official Cert Guide. Course Outline. CCNA Security Official Cert Guide.

WebVPN. WebVPN Security Precautions CHAPTER

Pulse Secure Client for Chrome OS

Identity Services Engine Guest Portal Local Web Authentication Configuration Example

NetScaler Gateway 10.5

Basic Clientless SSL VPN Configuration

2554 : Administering Microsoft Windows SharePoint Services and SharePoint Portal Server 2003

Cisco Unified Serviceability

AnyConnect on Mobile Devices

CISSP - Certified Information Systems Security Professional

"Charting the Course... MOC A Planning, Deploying and Managing Microsoft Forefront TMG Course Summary

Configure HTTPS Support for ISE SCEP Integration

Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM

Configuring, Managing, and Maintaining Windows Server 2008 R2 Servers

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

Course: Duration: Fees: Cisco Learning Credits: Kit:

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

Configuring the Cisco VPN 3000 Concentrator 4.7.x to Get a Digital Certificate and a SSL Certificate

Secure Mobility. Klaus Lenssen Senior Business Development Manager Security

The Rockefeller University I NFORMATION T ECHNOLOGY E DUCATION & T RAINING. VPN Web Portal Usage Guide

CCNP Security: Securing Networks with ASA VPNs

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Contents. Introduction

The VPN menu and its options are not available in the U.S. export unrestricted version of Cisco Unified Communications Manager.

Administering System Center 2012 Configuration Manager

Five9 Plus Adapter for Agent Desktop Toolkit

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Clientless SSL VPN End User Set-up

Implementing Microsoft Azure Infrastructure Solutions (20533)

Evangel euniversity [ANGEL ACCESS AND HELP GUIDE]

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

CISCO EXAM QUESTIONS & ANSWERS

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

ASA Remote Access VPN IKE/SSL Password Expiry and Change for RADIUS, TACACS, and LDAP Configuration Example

Transcription:

Course: Duration: Fees: Cisco Learning Credits: Kit: 3 days lecture course and hands-on lab $2,495 USD 25 Digital Version Course Overview Managing Advanced Cisco SSL VPN (SASSL) v1.0 is an instructor-led three-day course focused on providing advanced knowledge and features of Secure Sockets Layer (SSL) VPNs on the Cisco Adaptive Security Appliance (ASA). Students will be able to evaluate various deployment options for SSL VPNs and configure advanced features using the Cisco Advanced Security Device Manager (ASDM) GUI. Objective Students will learn and able to meet following objectives: Describe client-based and clientless VPN solutions Explain the relationship between tunnel groups, group and user policies, connection profiles, and dynamic access policies Describe basic and advanced features of the clientless WebVPN solution, including smart tunnels, web ACLs, plug-ins, auto-signon, bookmarks, and portal customization Describe basic and advanced features within Cisco AnyConnect client version 3.0, including firewall policy push, Trusted Network Detection (TND), login scripts and profile editor Describe the features and benefits of Cisco Secure Desktop and understand the differences between the prelogin policies and Host Scan; use Cisco Secure Desktop to integrate Endpoint Assessment and Advanced Endpoint Assessment (AEA) Configure dynamic access policies (DAPs) Describe the process required to enroll the Cisco ASA appliance with a third-party certificate authority (CA) and how to enroll and retrieve user-based certificates to provide mutual authentication Explain how the username credential can be automatically populated and how the connection profile can be chosen automatically using the prefill and certificate mapping features in the Cisco ASA appliance December 30, 2015 1 / 8

Prerequisite Skills and Knowledge The knowledge and skills that a learner must have before attending this course are as follows: Skills and knowledge equivalent to those learned in Securing Networks with ASA Fundamentals (SNAF) Working knowledge of the Microsoft Windows operating system, including Microsoft Internet Explorer Understanding of SSL and certificate fundamentals It is recommended that a learner have the following knowledge and skills before attending this course: Skills and knowledge equivalent to those learned in Securing Networks with ASA Advanced (SNAA) -OR- Skills and knowledge equivalent to those learned in Virtual Private Networks (VPN) Laptop requirements Students registering for this course will be receive digital format course kit. To be able to view digital kit students will need to bring a laptop. The recommended system requirements are as under; Windows 7 or 8.1 or 10 is recommended. Mac OSX 10.6 or greater is supported as well. Intel Celeron or better processors are preferred. 1 GB or more of RAM Browser requirement: Internet Explorer 10 or Mozilla Firefox. (Safari, Mozilla Firefox for Mac OSX) Note: Our labs currently cannot run on Microsoft Edge (Windows 10) due to it not supporting Extensions/Add-ons or Google Chrome due to Java being removed from the platform itself. All students are required to have administrator rights to their PCs and cannot be logged in to a domain using any Group Policies that will limit their machine's capabilities. If you do not have administrator rights to your PC, you at least need permissions to download, install, and run Cisco Any Connect Client and Java. All PCs require the latest Java Runtime Environment, which can be downloaded from www.java.com. Course Outline Course Introduction The Course Introduction provides learners with the course objectives and prerequisite learner skills and knowledge. The Course Introduction presents the course flow diagram and the icons that are used in the course illustrations and figures. This course component also describes the curriculum for this course, providing learners with the information that they need to make decisions regarding their specific learning path. Overview Learner Prerequisite Skills and Knowledge Course Goal and Objectives Course Flow Additional References Lab Exercise Scenario Your Training Curriculum December 30, 2015 2 / 8

Module 1: Feature Mapping and Scenario Discussion This module provides an understanding of SSL technology and an overall understanding of which SSL VPN solution to implement given a set of requirements. Upon completing this module, the learner will be able to meet these objectives: Describe SSL technology Describe clientless SSL VPN features Describe AnyConnect features Design SSL VPN solution Select SSL VPN solution according to user access needs 1. SSL Technology Overview 2. Clientless SSL Feature Overview 3. AnyConnect Feature Overview 4. Group Deployment Type (Clientless versus AnyConnect) 5. License Requirements for Suggested Solution Module 2: Initializing ASA and Preparing for PKI and AAA Support This module provides an understanding of the ASA basic configuration required to allow the ASDM access to the ASA. The module also provides an understanding of enrolling with a third-party certificate authority and using self-signed and default certificates. RADIUS and LDAP authentication are discussed. Upon completing this module, the learner will be able to meet these objectives: Initialize ASA and enable ASDM Generate a self-signed persistent certificate Enroll a certificate from the CA server Integrate with the AAA server Monitoring 1. Basic ASA Configuration 2. Validating Licenses 3. Generating Self-Signed Certificate to Be Used with ASDM 4. Enrolling Digital Certificate from CA Server to Be Used for SSL VPN Access 5. Configuring Integration with AAA Servers (RADIUS, LDAP) 6. Review of Logging December 30, 2015 3 / 8

Module 3: Connection Profile and Group Policy Configuration This module provides an understanding of the fundamental policy assignments applied by the ASA when a remote user connects to the VPN. The module investigates the use of group policies by configuring bookmarks that will be used for clientless WebVPN users. Upon completing this module, the learner will be able to meet these objectives: Create a new connection profile and group policies for supporting clientless and AnyConnect remote VPN users Restrict tunneling protocols Create bookmarks using plug-ins, CIFS, HTTP and HTTPS links 1. Creating Connection Profiles and Group Policies 2. Configuring Group Policy 3. Creating Bookmarks Module 4: Enhanced Clientless WebVPN Features This module provides an understanding of enhanced features for clientless VPN access. Building on the basic bookmarks covered in the previous module, this module investigates the use of plug-ins and the use of Smart Tunnels and auto-signon for single-signon access. Kerberos Constrained Delegation, as it applies to VPN authentication, is discussed. Portal customization is discussed with simple examples. Upon completing this module, the learner will be able to meet these objectives: Configure Smart Tunnels Configure Auto-Signon Configure Auto-Signon with forms-based authentication Describe Kerberos Constrained Delegation Describe portal customization options 1. Plug-ins 2. Uploading the RDP Plug-in 3. Configuring Smart Tunnels 4. Auto-signon for HTTP/S resources 5. Auto-signon for forms-based authentication 6. Kerberos Constrained Delegation 7. Microsoft extensions to KCD for VPN authentication 8. Portal customization December 30, 2015 4 / 8

Module 5: Enhanced Cisco AnyConnect Client Features This module provides an understanding of the latest Cisco AnyConnect 3.0 features including login scripts, secure mobility, trusted network detection, and always-on. The module investigates AnyConnect customization by using the profile editor in ASDM to edit and deploy policies to remote users. Upon completing this module, the learner will be able to meet these objectives: Describe the new features of the AnyConnect 3.0 Configure some of the AC 3.0 features 1. AnyConnect 3.0 Features 2. AnyConnect Secure Mobility 3. Trusted Network Detection 4. Always-on VPN 5. Login Script 6. AnyConnect Client Profile configuration 7. AnyConnect diagnostics Module 6: Cisco Secure Desktop Deployment and Prelogin Assessment This module provides an understanding of Cisco Secure Desktop and the use of Cisco Secure Desktop with dynamic access policies (DAPs). Upon completing this module, the learner will be able to meet these objectives: Install and configure Cisco Secure Desktop Configure and manage: Keystroke Logger Detection Host emulator Cache cleaner Test and troubleshoot Cisco Secure Desktop issues Install and configure Cisco Secure Desktop Cisco Secure Desktop Overview Installing and configuring Cisco Secure Desktop Configure and Manage Keystroke Logger Detection Host Emulator Cache cleaner Test and troubleshoot Cisco Secure Desktop issues December 30, 2015 5 / 8

Module 7: Dynamic Access Policies This module covers the use of dynamic access policies (DAPs) with SSL VPNs. The module defines the basic operation of DAPs and investigates Endpoint Assessment watermark checks with DAPs, by using a detailed example. Upon completing this module, the learner will be able to meet these objectives: Configure DAP Use Endpoint Assessment Policies with DAP Work with policy objects 1. Describing DAP Attributes 2. Configuring DAP 3. Using Endpoint Assessment Policies with DAP 4. Working with Policy Objects Module 8: Securing Resources with Webtype and Network ACLs This module provides an understanding of the use of Webtype ACLs and network-based ACLs. The module investigates use cases of when one would use each technology. Upon completing this module, the learner will be able to meet these objectives: Describe Webtype ACLs Configure Webtype ACLs Apply Webtype ACLs Describe Network-Based ACLs Configure Network-Based ACLs Apply Network-Based ACLs 1. Feature Overview 2. Configuring and Applying Webtype ACLs 3. Configuring and Applying Network-Based ACLs Module 9: Cisco Secure Desktop Endpoint Assessment This module provides an understanding of the distinctions between Host Scan, and the Host Scan Extensions Endpoint Assessment and Advanced Endpoint Assessment (AEA) with DAPs. The module investigates the use of watermarking using AEA and providing remediation for Anti-virus/Anti-spyware services. The module also includes a discussion surrounding firewall checks and firewall rule policy configurations. Upon completing this module, the learner will be able to meet these objectives: December 30, 2015 6 / 8

Describe the difference between the Host Scan and the Advanced Host Scan Configure the Host Scan and the Advanced Host Scan features Use these features with the Dynamic Access Policy Troubleshoot DAP-related issues 1. Configuring Cisco Secure Desktop for Advanced Host Scan 2. Configuring DAP Policy to Utilize Advanced Host Scan 3. Testing and Troubleshooting the Configuration Module 10: Certificate-Based Authentication This module covers detailed certificate authentication options for the SSL VPN. The module defines how to obtain manual user certificates using a Microsoft CA and investigates certificate templates on the CA. The module also covers the various methods of mapping remote users to connection profiles including the use of the group alias, group URL access, and certificate profile mapping. There is a review of methods of Connection Profile selection, and Group Policy selection. The module then moves from Certificate Mapping to LDAP Attribute mapping. Finally, after enumerating all these configuration options, two variations on two-factor authentication are presented. Upon completing this module, the learner will be able to meet this objective: Configure client authentication and authorization using digital certificates 1. Obtain a User Certificate 2. Configure VPN authentication with client certificates 3. Configure Connection Profile selection 4. Configure Group Policy selection 5. Configure LDAP Attribute maps for Authorization settings 6. Two-Factor Authentication Module 11: Advanced Troubleshooting This module provides the tools to allow thorough troubleshooting for clientless and client-based SSL VPNs. Upon completing this module, the learner will be able to meet this objective: Use troubleshooting tools and techniques to overcome SSL VPN problems 1. SSL VPN Troubleshooting 2. AnyConnect Troubleshooting December 30, 2015 7 / 8

3. Clientless SSL VPN Troubleshooting Module 12: Scaling SSL VPN This module provides an understanding of VPN load balancing between several ASAs. The section describes the configuration and monitoring of the load-balanced sessions. Upon completing this module, the learner will be able to meet these objectives: Configure load balancing Configure shared license 1. Introduction 2. Configuring Load Balancing 3. Monitoring 4. Verifying and Troubleshooting 5. Configuring a Shared License Lab Overview Students will work on the following labs in course. 1. Lab 1: Accessing the Lab Machines 2. Lab 2: Initializing the Cisco ASA Appliance and Preparing for PKI and AAA Support 3. Lab 3: Configuring Basic Clientless and Client-Based SSL VPNs 4. Lab 4: Enhanced Clientless WebVPN Features 5. Lab 5: Enhanced Cisco AnyConnect Client Features 6. Lab 6: Cisco Secure Desktop Deployment and Prelogin Assessment 7. Lab 7: Host Scan and DAPs 8. Lab 8: Securing Resources with Webtype ACLs 9. Lab 9: Cisco Secure Desktop Endpoint Assessment 10. Lab 10: Certificate-Based Authentication 11. Lab 11: Advanced Troubleshooting 12. Configuration Files Summary 13. Teardown and Restoration December 30, 2015 8 / 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback