Try our training for free.

Gain instant access to our entire IT training library for 1 week. Train anytime on your desktop, tablet, or mobile devices.

This Implementing Cisco Secure Mobility Solutions (SIMOS) (300-209) course provides training on how to configure and implement a variety of Virtual Private Network (VPN) solutions on the Cisco ASA firewall and Cisco IOS software platforms. Topics include IKEv2, DMVPN, FlexVPN, GETVPN, and troubleshooting....
This Implementing Cisco Secure Mobility Solutions (SIMOS) (300-209) course provides training on how to configure and implement a variety of Virtual Private Network (VPN) solutions on the Cisco ASA firewall and Cisco IOS software platforms. Topics include IKEv2, DMVPN, FlexVPN, GETVPN, and troubleshooting.

Related area of expertise:
  • Cisco security

Recommended skills:
  • CCNA Route/Switch and CCNA Security certification (or equivalent knowledge and skills)
  • Knowledge of Microsoft Windows
  • CCNA Security is a pre-requisite for the CCNP Security certification

Recommended equipment:
  • IOS that supports DMVPN, GETVPN and FlexVPN
  • IOS and ASA that support IKEv2

Related certifications:
  • CCNP Security. This course (SIMOS exam # 300-209) is part of the curriculum in the Cisco Certified Network Professional Security (CCNP© Security) certification

Related job functions:
  • Network Analyst
  • Network Engineer
  • Network Technician
  • Network Designer
  • Security Analyst
  • Security Auditor
  • Penetration Tester
  • Security Architect
  • Technical Manager


In this course, you will learn how to implement and manage VPNs on Cisco routers and ASA firewalls. As part of your studies regarding VPNs, the course will include recommendations of specific videos from the CCNP Security VPN2.0 course. Viewing these additional videos are required for preparation for the new 300-209 certification.
1. Welcome and Overview (6 min)
2. Naked DMVPN (43 min)
3. Protected DMVPN (32 min)
4. TShoot DMVPN (37 min)
5. IKE Call Admission Control (25 min)
6. VTI Site2Site VPNs (25 min)
7. Dynamic VTI Hub (23 min)
8. FlexVPN Site2Site (37 min)
9. FlexVPN DVTI (9 min)
10. FlexVPN Smart Defaults (25 min)
11. Certificate Install (29 min)
12. RSA-Sig IKEv2 Authentication (19 min)
13. DVTI IKEv2 Hub and Spoke RSA-Sig (16 min)
14. IKEv2 Pushing Policy (12 min)
15. FlexVPN Clients (30 min)
16. Spoke 2 Spoke FlexVPN (32 min)
17. FlexVPN Troubleshooting (20 min)
18. GETVPN (50 min)
19. ASA 2 IOS IKEv2 (Site-to-Site IPsec VPN) (23 min)
20. Verify and TShoot IPsec (7 min)
21. RA VPNs (12 min)
22. AnyConnect Client Profile (14 min)
23. Closing Thoughts (15 min)

Welcome and Overview

00:00:00

Hello. My name is Keith Barker. And on behalf of the entire CBT Nuggets family, welcome to Implementing Cisco Secure Mobility Solutions. Let's begin. Give me a V-- V! Give me a P-- P! Give me an N-- N! What do you get? SIMOS. And that is the acronym that Cisco chose for this course, which is very well could have been titled Virtual Private Networks.

00:00:23

The course formerly is called Implementing Cisco Secure Mobility Solutions. And the acronym they chose for it is SIMOS. The S would be for secure. So that's the S part. The I comes from the root word of Implementing. And then we have the M and O for mobility.

00:00:37

And the S is for solutions. And the Associated Certification Number for this new course in the CCNP Security Track is 300-209. And in all seriousness, I wanted to spend a few minutes to talk with you about how to get the absolute most out of this course. The first thing is, we want to make sure the prerequisites are met.

00:00:56

You might say, Keith, what do you mean, the prerequisites? What are the prerequisites for the course? And the prerequisites really are that you already have a CCNA or equivalent knowledge regarding the CCNA route switch and the CCNA for security. And I've got some great news for you.

00:01:13

If you don't yet have a CCNA Route Switch or CCNA Security, or the equivalent knowledge and skills, we've got some courses right here at CBT Nuggets. But I wanted to say right up front, I'm presuming that you're already at least at that level. And then you and I are going to continue building on that solid foundation.

00:01:29

For example, if you already know the basics of IPsec because you've been through CCNA Security, and you're familiar with IKEv1, which has two phases-- phase 1 and phase 2-- that is excellent, my friend. Because we're going to take that knowledge and we're going to build on top of it.

00:01:43

And what we're going to find is that a lot of the concepts stay the same. However, our encryption protocols get better and better. For example, this is something called Suite B cryptography. And these are specified by NIST, which is the National Institute of Standards and Technology.

00:01:59

And they're used by NSA to protect national security systems. For example, we all know that Triple DES is better than DES, and AES is better than Triple DES. And with Suite B, we're specifying that for top secret data, we're going to be required to use a 256 key with AES. And if the data is classified as just secret, we can go ahead and use 128-bit key. Regarding Diffie-Hellman, we have our old flavors of Diffie-Hellman, such as Diffie-Hellman 1, 2, and 5. And we have some new flavors of Diffie-Hellman that support ECC, which stands for Elliptical Curve Cryptography.

00:02:30

And based on the standards, if we're trying to secure top secret data we're going to use a 384. But we can get away with 256, Elliptical Curve Diffie-Hellman, if we're protecting data that's been labeled as secret. And that also applies to digital signatures.

00:02:44

Instead of just using traditional RSA signatures, we'd want to use the Elliptical Curve flavor, with 384 for top secret and 256 for secret. And for data integrity-- for our hashing algorithms, we all know that SHA-1 is better than NB5. However, SHA-384 is a lot better than SHA-1. And can be used for data integrity for top secret classified data, based on the standards.

00:03:07

And SHA-256, which is also way the heck better than SHA-1, is acceptable for protecting secret data, or data that's been classified as secret. Now, what's really cool about this Suite B cryptography is that although the mechanisms have gotten better, the implementation, for example, specifying a transform set, is done the same way.

00:03:25

Or in implementing a crypto map-- again, it's done the same way. And that's one of the cool things about IPsec, is that it's a framework. As new technologies and new protocols come in, we can adopt those and start to use those as well to improve our security posture.

00:03:38

Another key factor in our success in mastering this technology, is for you and I to go through every single video in this course. Plus, I'm going to be assigning some additional videos from the CCNP Security VPN 2.0 course that are also extremely relevant and important.

00:03:54

So, as you and I go through these videos together, I will call out and spell out exactly which videos I want you to watch, and when I want you to watch them. And when I do call them out, they won't just be like, oh, a recommendation, hey go check out this video.

00:04:06

They are extremely important to go through, as part of a holistic, well-rounded approach to all of these topics. And, speaking of topics, we'll be addressing the legacy IKEv1, and the newer IKEv2, both on iOS and the ASA. And we'll be implementing pre-shared keys and digital signatures for the authentication of our tunnels.

00:04:26

We'll learn about VTIs in several flavors, including static and dynamic virtual tunnel interfaces. We'll address site-to-site VPNs, as well as the world of remote access VPNs in all of its flavors, including clientless or WebVPN, and the AnyConnect client.

00:04:41

Additional technologies that we get to go through together in this course include Dynamic Multipoint VPN, FlexVPN, and Group Encrypted Transport, or GET VPN, which are all extremely relevant and very, very cool technologies. I've also integrated troubleshooting techniques into the videos by going through the appropriate Show commands as we implement the cryptography solutions.

00:05:03

And with those Show commands we can verify the behavior and the results of our configurations. And it's those same exact Show commands that we're going to use if we're involved in troubleshooting a VPN scenario that's not working correctly. Now, many people have asked me, OK, Keith what's the secret to becoming really, really good at some technology? And the answer's really simple.

00:05:20

It is to go ahead and first learn about the topic or technique-- and there's many ways of doing that. We could read or watch a video. But after we have that input about how it works and how it's configured, we absolutely want to practice and verify everything on our own.

00:05:34

That means you and I, as we go through the videos together, I would love for you to take the opportunity to go ahead and then practice what we've done in the video together on your own, in a test environment. And that will reinforce the concepts of the technology, as well as the implementation and troubleshooting of that technology.

00:05:50

So, if you're really serious about getting really, really good at virtual private networks, the practicing will be a critical piece in you getting those skills that you want. And of course, last but not least, enjoy the journey. Enjoy every step of the way, realizing that as we go through these videos together and you're learning the new concepts that your knowledge is expanding and growing.

00:06:10

And, technologies and topics that we already had a basic knowledge of, we're going to see that basic knowledge expand and become bigger and better as a result of you and I going through these videos in order, together. So, I want to keep this introduction fairly short, so we can get right to the first video.

Naked DMVPN

Protected DMVPN

TShoot DMVPN

IKE Call Admission Control

VTI Site2Site VPNs

Dynamic VTI Hub

FlexVPN Site2Site

FlexVPN DVTI

FlexVPN Smart Defaults

Certificate Install

RSA-Sig IKEv2 Authentication

DVTI IKEv2 Hub and Spoke RSA-Sig

IKEv2 Pushing Policy

FlexVPN Clients

Spoke 2 Spoke FlexVPN

FlexVPN Troubleshooting

GETVPN

ASA 2 IOS IKEv2 (Site-to-Site IPsec VPN)

Verify and TShoot IPsec

RA VPNs

AnyConnect Client Profile

Closing Thoughts

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
Intermediate 9 hrs 23 videos

COURSE RATING

Basic Plan Features


Speed Control
Included in this course
Play videos at a faster or slower pace.

Bookmarks
Included in this course
Pick up where you left off watching a video.

Notes
Included in this course
Jot down information to refer back to at a later time.

Closed Captions
Included in this course
Follow what the trainers are saying with ease.

NuggetLab
Included in this course
Files/materials that supplement the video training

Premium Plan Features


Practice Exams
These practice tests help you review your knowledge and prepare you for exams.

Virtual Lab
Use a virtual environment to reinforce what you are learning and get hands-on experience.

Offline Training
Included in this course
Our mobile apps offer the ability to download videos and train anytime, anywhere offline.

Accountability Coaching
Included in this course
Develop and maintain a study plan with assistance from coaches.
Keith Barker
Nugget trainer since 2012