Szkolenie VPN: Agenda

About the course

  • Course organization
  • Theory and Hands on labs approach
  • 14 main LAB topics and 3 Troubleshooting

DMVPN Overview

  • Dynamic Multipoint VPN Applications
  • Dynamic Multipoint VPN Architecture – 3 pillars and phases
  • Pillar 1: Next Hop Resolution Protocol
  • Pillar 2: Multipoint GRE (mGRE)
  • Pillar 3: IPSec tunnels
  • DMVPN Phase 1: configuration specifics, Hub & Spoke behavior
  • DMVPN Phase 2: configuration specifics, Hub & Spoke and Spoke to Spoke behavior
  • DMVPN Phase 3: configuration specifics, shortcuts and redirects
  • Overlay Routing: OSPF vs EIGRP in DMVPN – design challenges
  • Configuration explained

Lab Topology overview

  • Physical and logical topology description

Basic topology setup – Day 1 Labs

  • LAB0: Sites addressing, interfaces setup – warm up excersise
  • LAB1: Site to Site IPSec VPN configuration – warm up excersise
  • LAB2: DMVPN Hubs and spokes basic configuration
  • LAB3: Prefix exchange and connectivity
    • Tunnels
    • NHRP
    • IPSec (PSK vs. X.509 authentication)
  • LAB4: Overlay routing configuration (OSPF)

DMVPN – High availability and policy tuning

  • Working with dual hub scenario
  • LAB5: Ensuring HA architecture
  • Switching between DMVPN Phases
  • LAB6: Reconfiguring DMVPN deployment for different phases
  • Underlying and overlay routing dependencies and tuning
  • LAB7: Building anti-loop topology. DMVPN stability.
  • Quality of Service (QoS) in DMVPN
  • LAB8: Implementing QoS for DMVPN traffic

Troubleshooting in DMVPN – approach

  • Testing and troubleshooting exercises
  • Q&A and session summary

GETVPN Overview

  • Group Encrypted Transport VPN Application and architecture
  • Transport mode vs Header preservation and GDOI protocol
  • GETVPN Key Server (KS) role, authentication methods, key management, policies
  • GETVPN Group Member (GM) role, key management, policies
  • High Availability architecture in GETVPN, Cooperative Key Server (COOP)
  • Configuration Explained

GETVPN topology setup – Day 2 and 3 Labs

  • GETVPN topology overview
  • LAB9: Sites addressing, interfaces setup
  • LAB10: GETVPN KS and GM provisioning
  • LAB11: Underlying network and GETVPN routing
  • LAB12: Quality of Service

VPN Remote Access

  • Topology overview
  • Remote Access VPN challenge – SSL or IPSec IKEv1 or IPSec IKEv2 ?
  • Cisco Anyconnect Secure Mobility Client with Cisco ASA solution
  • Working with Group Policies and Tunnel Groups
  • Setting up pools, restrictions, AD and Cisco ISE integrations
  • LAB13: Building solution


Wróć do listy szkoleń