Cisco CCNP Security 300-209 SIMOS

Implementing Cisco Secure Mobility Solutions

by Keith Barker

Total Videos : 23 Course Duration: 09:13:56
1. Welcome and Overview (00:06:36)
2. Naked DMVPN (00:43:40)
3. Protected DMVPN (00:32:17)
4. TShoot DMVPN (00:37:23)
5. IKE Call Admission Control (00:25:17)
6. VTI Site2Site VPNs (00:25:24)
7. Dynamic VTI Hub (00:23:54)
8. FlexVPN Site2Site (00:37:49)
9. FlexVPN DVTI (00:09:12)
10. FlexVPN Smart Defaults (00:25:56)
11. Certificate Install (00:29:19)
12. RSA-Sig IKEv2 Authentication (00:19:41)
13. DVTI IKEv2 Hub and Spoke RSA-Sig (00:16:56)
14. IKEv2 Pushing Policy (00:12:51)
15. FlexVPN Clients (00:30:41)
16. Spoke 2 Spoke FlexVPN (00:32:59)
17. FlexVPN Troubleshooting (00:20:18)
18. GETVPN (00:50:45)
19. ASA 2 IOS IKEv2 (Site-to-Site IPsec VPN) (00:23:15)
20. Verify and TShoot IPsec (00:07:29)
21. RA VPNs (00:12:17)
22. AnyConnect Client Profile (00:14:24)
23. Closing Thoughts (00:15:33)
This Implementing Cisco Secure Mobility Solutions (SIMOS) (300-209) course provides training on how to configure and implement a variety of Virtual Private Network (VPN) solutions on the Cisco ASA firewall and Cisco IOS software platforms. Topics include IKEv2, DMVPN, FlexVPN, GETVPN, and troubleshooting.

Related area of expertise:
  • Cisco security

Recommended skills:
  • CCNA Route/Switch and CCNA Security certification (or equivalent knowledge and skills)
  • Knowledge of Microsoft Windows
  • CCNA Security is a pre-requisite for the CCNP Security certification

Recommended equipment:
  • IOS that supports DMVPN, GETVPN and FlexVPN
  • IOS and ASA that support IKEv2

Related certifications:
  • CCNP Security. This course (SIMOS exam # 300-209) is part of the curriculum in the Cisco Certified Network Professional Security (CCNP© Security) certification

Related job functions:
  • Network Analyst
  • Network Engineer
  • Network Technician
  • Network Designer
  • Security Analyst
  • Security Auditor
  • Penetration Tester
  • Security Architect
  • Technical Manager

In this course, you will learn how to implement and manage VPNs on Cisco routers and ASA firewalls. As part of your studies regarding VPNs, the course will include recommendations of specific videos from the CCNP Security VPN2.0 course. Viewing these additional videos are required for preparation for the new 300-209 certification.

Welcome and Overview

00:00:00 - Hello.
00:00:00 - My name is Keith Barker.
00:00:02 - And on behalf of the entire CBT Nuggets family,
00:00:05 - welcome to Implementing Cisco Secure Mobility Solutions.
00:00:08 - Let's begin.
00:00:09 - Give me a V-- V!
00:00:11 - Give me a P-- P!
00:00:12 - Give me an N-- N!
00:00:14 - What do you get?
00:00:15 - SIMOS.
00:00:17 - And that is the acronym that Cisco
00:00:18 - chose for this course, which is very well
00:00:20 - could have been titled Virtual Private Networks.
00:00:23 - The course formerly is called Implementing Cisco Secure
00:00:25 - Mobility Solutions.
00:00:26 - And the acronym they chose for it is SIMOS.
00:00:29 - The S would be for secure.
00:00:32 - So that's the S part.
00:00:33 - The I comes from the root word of Implementing.
00:00:35 - And then we have the M and O for mobility.
00:00:37 - And the S is for solutions.
00:00:40 - And the Associated Certification Number
00:00:42 - for this new course in the CCNP Security Track is 300-209.
00:00:47 - And in all seriousness, I wanted to spend a few minutes to talk
00:00:50 - with you about how to get the absolute most out
00:00:52 - of this course.
00:00:52 - The first thing is, we want to make
00:00:54 - sure the prerequisites are met.
00:00:56 - You might say, Keith, what do you mean, the prerequisites?
00:00:58 - What are the prerequisites for the course?
00:01:00 - And the prerequisites really are that you already
00:01:02 - have a CCNA or equivalent knowledge regarding the CCNA
00:01:07 - route switch and the CCNA for security.
00:01:11 - And I've got some great news for you.
00:01:13 - If you don't yet have a CCNA Route Switch or CCNA Security,
00:01:16 - or the equivalent knowledge and skills,
00:01:18 - we've got some courses right here at CBT Nuggets.
00:01:21 - But I wanted to say right up front,
00:01:22 - I'm presuming that you're already at least at that level.
00:01:25 - And then you and I are going to continue building
00:01:28 - on that solid foundation.
00:01:29 - For example, if you already know the basics of IPsec
00:01:32 - because you've been through CCNA Security,
00:01:34 - and you're familiar with IKEv1, which has two phases--
00:01:38 - phase 1 and phase 2-- that is excellent, my friend.
00:01:40 - Because we're going to take that knowledge and we're
00:01:42 - going to build on top of it.
00:01:43 - And what we're going to find is that a lot of the concepts
00:01:46 - stay the same.
00:01:47 - However, our encryption protocols
00:01:48 - get better and better.
00:01:49 - For example, this is something called Suite B cryptography.
00:01:53 - And these are specified by NIST, which
00:01:56 - is the National Institute of Standards and Technology.
00:01:59 - And they're used by NSA to protect national security
00:02:03 - systems.
00:02:03 - For example, we all know that Triple DES is better than DES,
00:02:06 - and AES is better than Triple DES.
00:02:08 - And with Suite B, we're specifying
00:02:10 - that for top secret data, we're going
00:02:11 - to be required to use a 256 key with AES.
00:02:15 - And if the data is classified as just secret,
00:02:17 - we can go ahead and use 128-bit key.
00:02:19 - Regarding Diffie-Hellman, we have our old flavors
00:02:21 - of Diffie-Hellman, such as Diffie-Hellman 1, 2, and 5.
00:02:24 - And we have some new flavors of Diffie-Hellman
00:02:27 - that support ECC, which stands for Elliptical Curve
00:02:29 - Cryptography.
00:02:30 - And based on the standards, if we're
00:02:32 - trying to secure top secret data we're going to use a 384.
00:02:35 - But we can get away with 256, Elliptical Curve
00:02:38 - Diffie-Hellman, if we're protecting
00:02:40 - data that's been labeled as secret.
00:02:41 - And that also applies to digital signatures.
00:02:44 - Instead of just using traditional RSA signatures,
00:02:46 - we'd want to use the Elliptical Curve flavor,
00:02:49 - with 384 for top secret and 256 for secret.
00:02:52 - And for data integrity-- for our hashing algorithms,
00:02:55 - we all know that SHA-1 is better than NB5.
00:02:58 - However, SHA-384 is a lot better than SHA-1.
00:03:02 - And can be used for data integrity
00:03:03 - for top secret classified data, based on the standards.
00:03:07 - And SHA-256, which is also way the heck better than SHA-1,
00:03:10 - is acceptable for protecting secret data, or data
00:03:13 - that's been classified as secret.
00:03:15 - Now, what's really cool about this Suite B cryptography is
00:03:18 - that although the mechanisms have gotten
00:03:20 - better, the implementation, for example,
00:03:22 - specifying a transform set, is done the same way.
00:03:25 - Or in implementing a crypto map-- again,
00:03:27 - it's done the same way.
00:03:28 - And that's one of the cool things about IPsec,
00:03:30 - is that it's a framework.
00:03:31 - As new technologies and new protocols come in,
00:03:33 - we can adopt those and start to use those
00:03:35 - as well to improve our security posture.
00:03:38 - Another key factor in our success
00:03:39 - in mastering this technology, is for you and I
00:03:42 - to go through every single video in this course.
00:03:45 - Plus, I'm going to be assigning some additional videos
00:03:48 - from the CCNP Security VPN 2.0 course that are also
00:03:52 - extremely relevant and important.
00:03:54 - So, as you and I go through these videos together,
00:03:56 - I will call out and spell out exactly which videos I
00:03:59 - want you to watch, and when I want you to watch them.
00:04:01 - And when I do call them out, they
00:04:02 - won't just be like, oh, a recommendation, hey
00:04:04 - go check out this video.
00:04:06 - They are extremely important to go through,
00:04:08 - as part of a holistic, well-rounded approach to all
00:04:11 - of these topics.
00:04:12 - And, speaking of topics, we'll be addressing the legacy IKEv1,
00:04:16 - and the newer IKEv2, both on iOS and the ASA.
00:04:21 - And we'll be implementing pre-shared keys
00:04:22 - and digital signatures for the authentication of our tunnels.
00:04:26 - We'll learn about VTIs in several flavors,
00:04:28 - including static and dynamic virtual tunnel interfaces.
00:04:31 - We'll address site-to-site VPNs, as well as
00:04:34 - the world of remote access VPNs in all of its flavors,
00:04:37 - including clientless or WebVPN, and the AnyConnect client.
00:04:41 - Additional technologies that we get to go through together
00:04:44 - in this course include Dynamic Multipoint VPN, FlexVPN,
00:04:48 - and Group Encrypted Transport, or GET VPN,
00:04:51 - which are all extremely relevant and very, very cool
00:04:54 - technologies.
00:04:55 - I've also integrated troubleshooting techniques
00:04:57 - into the videos by going through the appropriate Show commands
00:05:00 - as we implement the cryptography solutions.
00:05:03 - And with those Show commands we can
00:05:04 - verify the behavior and the results of our configurations.
00:05:07 - And it's those same exact Show commands
00:05:09 - that we're going to use if we're involved in troubleshooting
00:05:11 - a VPN scenario that's not working correctly.
00:05:14 - Now, many people have asked me, OK,
00:05:15 - Keith what's the secret to becoming really, really
00:05:17 - good at some technology?
00:05:19 - And the answer's really simple.
00:05:20 - It is to go ahead and first learn about the topic
00:05:23 - or technique-- and there's many ways of doing that.
00:05:25 - We could read or watch a video.
00:05:27 - But after we have that input about how it works
00:05:29 - and how it's configured, we absolutely
00:05:31 - want to practice and verify everything on our own.
00:05:34 - That means you and I, as we go through the videos together,
00:05:37 - I would love for you to take the opportunity
00:05:39 - to go ahead and then practice what we've done in the video
00:05:41 - together on your own, in a test environment.
00:05:44 - And that will reinforce the concepts of the technology,
00:05:47 - as well as the implementation and troubleshooting
00:05:49 - of that technology.
00:05:50 - So, if you're really serious about getting really, really
00:05:52 - good at virtual private networks,
00:05:54 - the practicing will be a critical piece
00:05:57 - in you getting those skills that you want.
00:05:59 - And of course, last but not least, enjoy the journey.
00:06:02 - Enjoy every step of the way, realizing
00:06:04 - that as we go through these videos together
00:06:06 - and you're learning the new concepts that your knowledge is
00:06:09 - expanding and growing.
00:06:10 - And, technologies and topics that we already
00:06:13 - had a basic knowledge of, we're going
00:06:14 - to see that basic knowledge expand and become
00:06:17 - bigger and better as a result of you and I going
00:06:19 - through these videos in order, together.
00:06:22 - So, I want to keep this introduction fairly short,
00:06:24 - so we can get right to the first video.
00:06:25 - It's about the DMVPNs.
00:06:27 - And I'm looking forward to spending that time with you,
00:06:30 - in that video.
00:06:31 - So until then, I hope this has been informative for you.
00:06:34 - And I'd like to thank you for viewing.


Protected DMVPN


IKE Call Admission Control

VTI Site2Site VPNs

Dynamic VTI Hub

FlexVPN Site2Site


FlexVPN Smart Defaults

Certificate Install

RSA-Sig IKEv2 Authentication

DVTI IKEv2 Hub and Spoke RSA-Sig

IKEv2 Pushing Policy

FlexVPN Clients

Spoke 2 Spoke FlexVPN

FlexVPN Troubleshooting


ASA 2 IOS IKEv2 (Site-to-Site IPsec VPN)

Verify and TShoot IPsec


AnyConnect Client Profile

Closing Thoughts

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
Keith Barker

Keith Barker

CBT Nuggets Trainer

Cisco CCIE Routing and Switching, Cisco CCIE Security, Cisco CCDP, HP-MASE, Brocade BCNP, (ISC)2 CISSSP, CompTIA’s Network+ and Security+, VMware VCP5-DCV, Palo Alto CNSE, Check Point CCSA

Area Of Expertise:
Cisco, security, networking, bitcoin. Author or coauthor of: CCNA Security 640-554 Official Cert Guide; CCNP Security IPS 642-627 Official Cert Guide; CCNA Security 640-554 Official Cert Guide, and many more.

Course Features

Speed Control

Play videos at a faster or slower pace.


Pick up where you left off watching a video.


Jot down information to refer back to at a later time.

Closed Captions

Follow what the trainers are saying with ease.


Files/materials that supplement the video training

Offline Training

Our mobile apps offer the ability to download videos and train anytime, anywhere offline.

Accountability Coaching

Develop and maintain a study plan with assistance from coaches.


Stay Connected

Get the latest updates on the subjects you choose.

  © 2015 CBT Nuggets. All rights reserved. Licensing Agreement | Billing Agreement | Privacy Policy | RSS