About This Course Certification: NONE Duration: 5 Days Delivery: Virtual Classroom,Classroom Offering Location: View Offerings Securing

Networks with Cisco Routers and Switches (SECURE) Prerequisites The knowledge and skills that a learner must have before attending this course: Cisco Certified Network Associate (CCNA) certification Interconnecting Cisco Network Devices 1 (ICND1) Interconnecting Cisco Network Devices 2 (ICND2) Cisco Certified Network Associate Security (CCNA Security) certification Implementing Cisco IOS Network Security (IINS) Working knowledge of the Microsoft Windows operating system Course Content The Securing Networks with Cisco Routers and Switches (SECURE) 1.0 course is an instructor-led course presented by Cisco training partners to their end-user cus tomers. This five-day course aims at providing network security engineers with t he knowledge and skills needed to secure Cisco IOS Software router- and switch-b ased networks, and provide security services based on Cisco IOS Software. Succes sful graduates will be able to secure the network environment using existing Cis co IOS Software features, as well as install and configure components of the Cis co IOS Software, such as zone-based policy firewall, Cisco IOS Intrusion Prevent ion System (IPS), user-based firewall, secure tunnels using IP Security (IPsec) virtual private network (VPN) technology including public key infrastructure (PK I), virtual tunnel interface / dynamic virtual tunnel interface (VTI / DVTI), Gr oup Encrypted Transport VPN (GET VPN), Dynamic Multipoint Virtual Private Networ k (DMVPN), Secure Sockets Layer (SSL) VPN, and advanced switch security features . The course focuses on the implementation and troubleshooting aspects of the li fecycle services approach, adding some elements of the design phase as well. Course Objectives Upon completing this course, the learner will be able to meet these overall obje ctives: Implement and maintain Cisco IOS Software infrastructure protection controls in a Cisco router- and switch-based network infrastructure. Implement and maintain Cisco IOS Software threat control and containment technol ogies in a Cisco router-based perimeter infrastructure. Implement and maintain Cisco IOS Software VPN technologies in a Cisco router-bas ed WAN. Implement and maintain Cisco IOS Software remote access VPN technologies in a Ci sco router-based remote access solution. Course Outline Module 1: Deploying Cisco IOS Software Network Foundation Protection Lesson

Lesson Lesson Lesson Lesson Lesson Lesson Lesson Module Lesson Lesson Lesson Lesson Module Lesson Lesson Lesson Lesson Lesson Lesson Module

1: 2: 3: 4: 5: 6: 7: 2: 1: 2: 3: 4: 3: 1: 2: 3: 4: 5: 6: 4:

Deploying Network Foundation Protection Controls Deploying Advanced Switched Data Plane Security Controls Implementing Cisco Identity-Based Network Services Deploying Basic 802.1X Features Deploying Advanced Routed Data Plane Security Controls Deploying Advanced Control Plane Security Controls Deploying Advanced Management Plane Security Controls Deploying Cisco IOS Software Threat Control and Containment Deploying Deploying Deploying Deploying Deploying Cisco IOS Software Network Address Translation Basic Zone-Based Policy Firewalls Advanced Zone-Based Policy Firewalls Cisco IOS Software IPS Cisco IOS Software Site-to-Site Transmission Security

Site-to-Site VPN Architectures and Technologies Deploying VTI-Based Site-to-Site IPsec VPNs Deploying Scalable Authentication in Site-to-Site IPsec VPNs Deploying DMVPNs Deploying High Availability in Tunnel-Based IPsec VPNs Deploying GET VPN Deploying Secure Remote Access with Cisco IOS Software

Lesson 1: Remote Access VPN Architectures and Technologies Lesson 2: Deploying Remote Access Solutions Using SSL VPN Lesson 3: Deploying Remote Access Solutions Using Cisco Easy VPN Who Should Attend

xam Topics The following topics are general guidelines for the content likely to be include d on the exam. However, other related topics may also appear on any specific del ivery of the exam. Cisco ASA adaptive security appliance Basic Configurations Identify the ASA product family Implement ASA licensing Manage the ASA boot process Implement ASA interface settings Implement ASA management features Implement ASA access control features Implement Network Address Translation (NAT) on the ASA Implement ASDM public server feature Implement ASA quality of service (QoS) settings Implement ASA transparent firewall ASA Routing Features Implement ASA static routing Implement ASA dynamic routing ASA Inspection Policy Implement ASA inspections features ASA Advanced Network Protections Implement ASA Botnet traffic filter

ASA High Availability Implement ASA Interface redundancy and load sharing features Implement ASA virtualization feature Implement ASA stateful failover

Exam Topics The following topics are general guidelines for the content likely to be include d on the exam. However, other related topics may also appear on any specific del ivery of the exam. Common Cisco ASA adaptive security appliance VPN Configurations Components Identify ASA VPN licensing requirements Identify the components and features of AnyConnect 3.0 Mobility (VPN, NAM, Web S ec (ScanSafe), an Telemetry) Implement ASA VPN connection profiles, group policies, and user policies Implement Simple Certificate Enrollment Protocol (SCEP) proxy operations using C isco Adaptive Security Device Manager (ASDM) Implement local and external VPN authorization using ASDM Implement VPN session accounting using ASDM Implement Cisco Secure Desktop and Independent Host Scan operations using ASDM Implement DAP operations using ASDM Implement LOCAL CA operations for Secure Sockets Layer (SSL) VPNs using ASDM Implement certificate maps using ASDM Identify the ASA IPv6 VPN capabilities Monitor and verify the resulting CLI commands resulting from the various VPN con figurations on the ASA ASA IP SEC S2S VPN Implement a security high-level design according to policy and environmental req uirements by identifying Cisco ASA IPSec S2S VPN features and supporting technol ogies Implement basic IPSEC S2S VPN operations with PSK and digital certificates using ASDM Implement basic IKEv2 based IPSEC S2S VPN operations using ASDM Troubleshoot the initial provisioning IPSec S2S VPN applications due to misconfi guration ASA EZVPN Implement a security high level design according to policy and environmental req uirements by identifying Cisco ASA VPN client features and supporting technologi es Implement basic EZVPN server operations on the ASA using ASDM Basic EZVPN remote operations on the ASA 5505 using ASDM Implement AnyConnect 3.0 IKEv2 RA VPN operations Implement Client Services Server (CSS) feature Troubleshoot the initial provisioning IPSec RA VPN applications due to misconfig uration ASA AnyConnect SSL VPNs Implement a security high-level design according to policy and environmental req uirements by identifying Cisco ASA AnyConnect client features and supporting tec hnologies Implement DTLS operations using ASDM

Implement basic AnyConnect 3.0 full tunnel SSL VPN operations Troubleshoot AnyConnect SSL VPN operations using DART Implement AnyConnect Profiles using ASDM Implement advanced authentication in AnyConnect Full Tunnel SSL VPNs (certificat e and multi-authentication) using ASDM Troubleshoot the initial provisioning client-based SSL VPN applications due to m isconfiguration ASA Clientless SSL VPNs Implement a security high level design according to policy and environmental req uirements by identifying Cisco ASA clientless SSL VPN features and supporting te chnologies Implement basic Clientless SSL VPN operations using ASDM Implement advanced applications access using ASDM Implement the SSO features on the ASA in a clientless SSL VPN environment Implement advanced authentication in clientless SSL VPNs (certificate and multiauthentication) using ASDM Manage the clientless SSL VPN user interface and portal using ASDM Implement basic portal customization Troubleshoot the initial provisioning of Clientless SSL VPN applications due to misconfiguration SSL VPN High Availability Implement SSL and IPSEC VPN high availability features

Exam Topics The following topics are general guidelines for the content likely to be include d on the exam. However, other related topics may also appear on any specific del ivery of the exam. Pre-Production Design Choose Cisco IPS technologies to implement HLD Choose Cisco products to implement HLD Choose Cisco IPS features to implement HLD Integrate Cisco network security solutions with other security technologies Create and test initial Cisco IPS configurations for new devices/services Complex Support Operations Optimize Cisco IPS security infrastructure device performance Create complex network security rules, to meet the security policy requirements Configure and verify the IPS features to identify threats and dynamically block them from entering the network Maintain, update and tune IPS signatures Use CSM and MARS for IPS management, deployment, and advanced event correlation Optimize security functions, rules, and configuration Advanced Troubleshooting Advanced Cisco IPS security software configuraiton fault finding and repairing Advanced Cisco IPS sensor and module hardware fault finding and repairing