Network Training - Course Details

ASVPN-CASSLVPN ASVPN - Cisco Advanced SSL VPN

Network Training Course Description:
You will cover Cisco Secure Desktop (CSD) topics in detail, and then you'lltie the components together by feeding the results of the policy checks intoDynamic Access Policies (DAPs) and examining the relationship between DAPs andgroup policies. You will take the configuration a step further by enablingLightweight Directory Access Protocol (LDAP) authentication within a DAP. Youwill add a few web-type Access Control Lists (ACLs) to the mix and discover howthe various components all work together.
Network Training Course Duration:
3 DAYS
Network Training Course Target Audience:
Anyone, including system engineers and network designers, administrators, engineers, and managers, seeking to learn the latest features of AnyConnect 3.0
Network Training Course Prerequisite:
Skills and knowledge equivalent to those learned in any firewall fundamentals course, including SNAF, SNAA, FIREWALL, VPN, ASAE, or ASA Lab Camp,Working knowledge of the Microsoft Windows operating system, including Microsoft Internet Explorer or Firefox,Fundamental understanding of SSL and certificates
Course Content:

  • 1. Feature Mapping and Scenario

    • SSL Technology
    • Clientless SSL Feature
    • AnyConnect Feature
    • Group Deployment Type (Clientless vs. AnyConnect)
    • License Requirements for Suggested Solution

  • 2. Initializing ASA and Preparing for PKI and AAA Support

    • Basic ASA Configuration
    • Validating Licenses
    • Generating Self-Signed Certificate to be used with ASDM
    • Enrolling Digital Certificate from CA Server to be used for SSL VPNAccess
    • Configuring Integration with AAA Servers (RADIUS, LDAP)
    • Logging

  • 3. Connection Profile and Group Policy Configuration

    • Creating Connection Profiles and Group Policies
    • Configuring Group Policy
    • Creating Bookmarks

  • 4. Enhanced Clientless WebVPN Features

    • Plug-Ins
    • Uploading the RDP Plug-In
    • Configuring Smart Tunnels
    • Auto Sign-On for HTTP/S Resources
    • Auto Sign-On for Forms-Based Authentication
    • KCD
    • Microsoft Extensions to KCD for VPN Authentication
    • Portal Customization

  • 5. Enhanced AnyConnect Client Features

    • AnyConnect 3.0 Features
    • AnyConnect Secure Mobility
    • Trusted Network Detection
    • Always-On VPN
    • Login Script
    • AnyConnect Client Profile Configuration
    • AnyConnect Diagnostics

  • 6. CSD and Pre-Login Assessment

    • Install and Configure CSD
    • Configure and Manage
    • Test and Troubleshoot CSD Issues

  • 7. HostScan and DAPs

    • DAP Attributes
    • Configuring DAP
    • Using EA Policies with DAP
    • Working with Policy Objects

  • 8. Securing Resources with Web-Type and Networks ACLs

    • Feature Overview
    • Configuring and Applying Web-Type ACLs
    • Configuring and Applying Network-Based ACLs

  • 9. CSD Endpoint Assessment

    • Configuring CSD for Advanced HostScan
    • Configuring DAP Policy to Utilize Advanced HostScan
    • Testing and Troubleshooting the Configuration

  • 10. Certificate-Based Authentication

    • Obtain a User Certificate
    • Configure VPN Authentication with Client Certificates
    • Configure Connection Profile Selection
    • Configure Group Policy Selection
    • Configure LDAP Attribute Maps for Authorization Settings
    • Two-Factor Authentication
    • Test and Verify the Configuration

  • 11. Advanced Troubleshooting

    • SSL VPN Troubleshooting
    • AnyConnect Troubleshooting
    • Clientless SSL VPN Troubleshooting

  • 12. Scaling SSL VPN

    • Configuring Load Balancing
    • Monitoring
    • Verifying and Troubleshooting
    • Configuring a Shared License

  • Lab 1: Lab Environment

  • Lab 2: Initializing the ASA and Preparing for PKI and AAA Support

    • Obtain Remote Access to the System
    • Bootstrap the ASA to a Baseline Configuration
    • Create a Self-Signed Certificate
    • Create a Certificate Request
    • AAA Server Setup
    • Verify the ASA Configuration

  • Lab 3: Configuring Basic Clientless and Client-Based SSL VPNs

    • Create Connection Profiles, IP Pools, and Group Policies
    • Assign Certificate to the Outside Interface
    • Connection Method Configuration
    • Create Bookmarks
    • Prepare for ASDM
    • Verify the ASA Configuration

  • Lab 4: Enhanced Clientless WebVPN Features

    • Configure RDP and SSH Plug-Ins for Application Access
    • Investigate the Use of Smart Tunnels
    • Use Auto Sign-On to Allow the Passing of Credentials
    • Verify the ASA Configuration

  • Lab 5: Enhanced AnyConnect Client Features

    • Discover Profile Editor
    • Configure TND (Trusted Network Detection)
    • Investigate Using Login Scripts
    • Configure the Firewall in AnyConnect
    • Verify the ASA Configuration

  • Lab 6: CSD Deployment and Pre-Login Assessments

    • Installing CSD
    • Pre-Login Watermark Checks (Registry, OS)
    • Secure Vault Isolation (Keystroke Logger, Vault Password)

  • Lab 7: HostScan and Dynamic Access Policies

    • HostScan Watermarks
    • DAP Configuration for Corporate Assets
    • LDAP Authorization with DAPs
    • Contractor Access Using DAPs
    • Verify the ASA Configuration

  • Lab 8: Securing Resources with Web-Type ACLs

    • Create Permissive ACLs
    • Create Restrictive ACLs
    • Assign the ACLs to the IT-Dept DAP
    • Verify the ASA Configuration

  • Lab 9: CSD Endpoint Assessment

    • Configure and Test a Basic EA (Firewall and AV Check)
    • Configure and Test an AEA (Firewall Rules Push, AV Update)

  • Lab 10: Certificate-Based Authentication

    • Configure Mutual Authentication using a Microsoft CA
    • Troubleshoot Certificate Issues

  • Lab 11: Advanced Troubleshooting

    • Walk-Through Packet Tracer and Debugs
    • Basic Troubleshooting with Packet Capture
    • Trouble Ticket ScenariosV