About the course
- Course organization
- Theory and Hands on labs approach
- 14 main LAB topics and 3 Troubleshooting
DMVPN Overview
- Dynamic Multipoint VPN Applications
- Dynamic Multipoint VPN Architecture – 3 pillars and phases
- Pillar 1: Next Hop Resolution Protocol
- Pillar 2: Multipoint GRE (mGRE)
- Pillar 3: IPSec tunnels
- DMVPN Phase 1: configuration specifics, Hub & Spoke behavior
- DMVPN Phase 2: configuration specifics, Hub & Spoke and Spoke to Spoke behavior
- DMVPN Phase 3: configuration specifics, shortcuts and redirects
- Overlay Routing: OSPF vs EIGRP in DMVPN – design challenges
- Configuration explained
Lab Topology overview
- Physical and logical topology description
Basic topology setup – Day 1 Labs
- LAB0: Sites addressing, interfaces setup – warm up excersise
- LAB1: Site to Site IPSec VPN configuration – warm up excersise
- LAB2: DMVPN Hubs and spokes basic configuration
- LAB3: Prefix exchange and connectivity
- Tunnels
- NHRP
- IPSec (PSK vs. X.509 authentication)
- LAB4: Overlay routing configuration (OSPF)
DMVPN – High availability and policy tuning
- Working with dual hub scenario
- LAB5: Ensuring HA architecture
- Switching between DMVPN Phases
- LAB6: Reconfiguring DMVPN deployment for different phases
- Underlying and overlay routing dependencies and tuning
- LAB7: Building anti-loop topology. DMVPN stability.
- Quality of Service (QoS) in DMVPN
- LAB8: Implementing QoS for DMVPN traffic
Troubleshooting in DMVPN – approach
- Testing and troubleshooting exercises
- Q&A and session summary
GETVPN Overview
- Group Encrypted Transport VPN Application and architecture
- Transport mode vs Header preservation and GDOI protocol
- GETVPN Key Server (KS) role, authentication methods, key management, policies
- GETVPN Group Member (GM) role, key management, policies
- High Availability architecture in GETVPN, Cooperative Key Server (COOP)
- Configuration Explained
GETVPN topology setup – Day 2 and 3 Labs
- GETVPN topology overview
- LAB9: Sites addressing, interfaces setup
- LAB10: GETVPN KS and GM provisioning
- LAB11: Underlying network and GETVPN routing
- LAB12: Quality of Service
VPN Remote Access
- Topology overview
- Remote Access VPN challenge – SSL or IPSec IKEv1 or IPSec IKEv2 ?
- Cisco Anyconnect Secure Mobility Client with Cisco ASA solution
- Working with Group Policies and Tunnel Groups
- Setting up pools, restrictions, AD and Cisco ISE integrations
- LAB13: Building solution