00:00:00 - Hello.
00:00:00 - My name is Keith Barker.
00:00:02 - And on behalf of the
entire CBT Nuggets family,
00:00:05 - welcome to Implementing Cisco
Secure Mobility Solutions.
00:00:08 - Let's begin.
00:00:09 - Give me a V-- V!
00:00:11 - Give me a P-- P!
00:00:12 - Give me an N-- N!
00:00:14 - What do you get?
00:00:15 - SIMOS.
00:00:17 - And that is the
acronym that Cisco
00:00:18 - chose for this course,
which is very well
00:00:20 - could have been titled
Virtual Private Networks.
00:00:23 - The course formerly is called
Implementing Cisco Secure
00:00:25 - Mobility Solutions.
00:00:26 - And the acronym they
chose for it is SIMOS.
00:00:29 - The S would be for secure.
00:00:32 - So that's the S part.
00:00:33 - The I comes from the root
word of Implementing.
00:00:35 - And then we have the
M and O for mobility.
00:00:37 - And the S is for solutions.
00:00:40 - And the Associated
00:00:42 - for this new course in the
CCNP Security Track is 300-209.
00:00:47 - And in all seriousness, I wanted
to spend a few minutes to talk
00:00:50 - with you about how to
get the absolute most out
00:00:52 - of this course.
00:00:52 - The first thing
is, we want to make
00:00:54 - sure the prerequisites are met.
00:00:56 - You might say, Keith, what do
you mean, the prerequisites?
00:00:58 - What are the prerequisites
for the course?
00:01:00 - And the prerequisites
really are that you already
00:01:02 - have a CCNA or equivalent
knowledge regarding the CCNA
00:01:07 - route switch and the
CCNA for security.
00:01:11 - And I've got some
great news for you.
00:01:13 - If you don't yet have a CCNA
Route Switch or CCNA Security,
00:01:16 - or the equivalent
knowledge and skills,
00:01:18 - we've got some courses
right here at CBT Nuggets.
00:01:21 - But I wanted to
say right up front,
00:01:22 - I'm presuming that you're
already at least at that level.
00:01:25 - And then you and I are
going to continue building
00:01:28 - on that solid foundation.
00:01:29 - For example, if you already
know the basics of IPsec
00:01:32 - because you've been
through CCNA Security,
00:01:34 - and you're familiar with
IKEv1, which has two phases--
00:01:38 - phase 1 and phase 2-- that
is excellent, my friend.
00:01:40 - Because we're going to take
that knowledge and we're
00:01:42 - going to build on top of it.
00:01:43 - And what we're going to find
is that a lot of the concepts
00:01:46 - stay the same.
00:01:47 - However, our
00:01:48 - get better and better.
00:01:49 - For example, this is something
called Suite B cryptography.
00:01:53 - And these are specified
by NIST, which
00:01:56 - is the National Institute
of Standards and Technology.
00:01:59 - And they're used by NSA to
protect national security
00:02:03 - systems.
00:02:03 - For example, we all know that
Triple DES is better than DES,
00:02:06 - and AES is better
than Triple DES.
00:02:08 - And with Suite B,
00:02:10 - that for top secret
data, we're going
00:02:11 - to be required to use
a 256 key with AES.
00:02:15 - And if the data is
classified as just secret,
00:02:17 - we can go ahead and
use 128-bit key.
00:02:19 - Regarding Diffie-Hellman,
we have our old flavors
00:02:21 - of Diffie-Hellman, such as
Diffie-Hellman 1, 2, and 5.
00:02:24 - And we have some new
flavors of Diffie-Hellman
00:02:27 - that support ECC, which
stands for Elliptical Curve
00:02:29 - Cryptography.
00:02:30 - And based on the
standards, if we're
00:02:32 - trying to secure top secret
data we're going to use a 384.
00:02:35 - But we can get away with
256, Elliptical Curve
00:02:38 - Diffie-Hellman, if
00:02:40 - data that's been
labeled as secret.
00:02:41 - And that also applies
to digital signatures.
00:02:44 - Instead of just using
traditional RSA signatures,
00:02:46 - we'd want to use the
Elliptical Curve flavor,
00:02:49 - with 384 for top secret
and 256 for secret.
00:02:52 - And for data integrity--
for our hashing algorithms,
00:02:55 - we all know that SHA-1
is better than NB5.
00:02:58 - However, SHA-384 is a
lot better than SHA-1.
00:03:02 - And can be used
for data integrity
00:03:03 - for top secret classified
data, based on the standards.
00:03:07 - And SHA-256, which is also way
the heck better than SHA-1,
00:03:10 - is acceptable for protecting
secret data, or data
00:03:13 - that's been
classified as secret.
00:03:15 - Now, what's really cool about
this Suite B cryptography is
00:03:18 - that although the
mechanisms have gotten
00:03:20 - better, the implementation,
00:03:22 - specifying a transform
set, is done the same way.
00:03:25 - Or in implementing a
crypto map-- again,
00:03:27 - it's done the same way.
00:03:28 - And that's one of the
cool things about IPsec,
00:03:30 - is that it's a framework.
00:03:31 - As new technologies and
new protocols come in,
00:03:33 - we can adopt those
and start to use those
00:03:35 - as well to improve
our security posture.
00:03:38 - Another key factor
in our success
00:03:39 - in mastering this
technology, is for you and I
00:03:42 - to go through every single
video in this course.
00:03:45 - Plus, I'm going to be assigning
some additional videos
00:03:48 - from the CCNP Security VPN
2.0 course that are also
00:03:52 - extremely relevant
00:03:54 - So, as you and I go through
these videos together,
00:03:56 - I will call out and spell
out exactly which videos I
00:03:59 - want you to watch, and when
I want you to watch them.
00:04:01 - And when I do call
them out, they
00:04:02 - won't just be like, oh,
a recommendation, hey
00:04:04 - go check out this video.
00:04:06 - They are extremely
important to go through,
00:04:08 - as part of a holistic,
well-rounded approach to all
00:04:11 - of these topics.
00:04:12 - And, speaking of topics, we'll
be addressing the legacy IKEv1,
00:04:16 - and the newer IKEv2,
both on iOS and the ASA.
00:04:21 - And we'll be implementing
00:04:22 - and digital signatures for the
authentication of our tunnels.
00:04:26 - We'll learn about VTIs
in several flavors,
00:04:28 - including static and dynamic
virtual tunnel interfaces.
00:04:31 - We'll address site-to-site
VPNs, as well as
00:04:34 - the world of remote access
VPNs in all of its flavors,
00:04:37 - including clientless or WebVPN,
and the AnyConnect client.
00:04:41 - Additional technologies that
we get to go through together
00:04:44 - in this course include Dynamic
Multipoint VPN, FlexVPN,
00:04:48 - and Group Encrypted
Transport, or GET VPN,
00:04:51 - which are all extremely
relevant and very, very cool
00:04:54 - technologies.
00:04:55 - I've also integrated
00:04:57 - into the videos by going through
the appropriate Show commands
00:05:00 - as we implement the
00:05:03 - And with those Show
commands we can
00:05:04 - verify the behavior and the
results of our configurations.
00:05:07 - And it's those same
exact Show commands
00:05:09 - that we're going to use if we're
involved in troubleshooting
00:05:11 - a VPN scenario that's
not working correctly.
00:05:14 - Now, many people
have asked me, OK,
00:05:15 - Keith what's the secret
to becoming really, really
00:05:17 - good at some technology?
00:05:19 - And the answer's really simple.
00:05:20 - It is to go ahead and
first learn about the topic
00:05:23 - or technique-- and there's
many ways of doing that.
00:05:25 - We could read or watch a video.
00:05:27 - But after we have that
input about how it works
00:05:29 - and how it's configured,
00:05:31 - want to practice and verify
everything on our own.
00:05:34 - That means you and I, as we go
through the videos together,
00:05:37 - I would love for you
to take the opportunity
00:05:39 - to go ahead and then practice
what we've done in the video
00:05:41 - together on your own,
in a test environment.
00:05:44 - And that will reinforce the
concepts of the technology,
00:05:47 - as well as the implementation
00:05:49 - of that technology.
00:05:50 - So, if you're really serious
about getting really, really
00:05:52 - good at virtual
00:05:54 - the practicing will
be a critical piece
00:05:57 - in you getting those
skills that you want.
00:05:59 - And of course, last but not
least, enjoy the journey.
00:06:02 - Enjoy every step of
the way, realizing
00:06:04 - that as we go through
these videos together
00:06:06 - and you're learning the new
concepts that your knowledge is
00:06:09 - expanding and growing.
00:06:10 - And, technologies and
topics that we already
00:06:13 - had a basic knowledge
of, we're going
00:06:14 - to see that basic
knowledge expand and become
00:06:17 - bigger and better as a
result of you and I going
00:06:19 - through these videos
in order, together.
00:06:22 - So, I want to keep this
introduction fairly short,
00:06:24 - so we can get right
to the first video.
00:06:25 - It's about the DMVPNs.
00:06:27 - And I'm looking forward to
spending that time with you,
00:06:30 - in that video.
00:06:31 - So until then, I hope this
has been informative for you.
00:06:34 - And I'd like to thank
you for viewing.