One Day Workshop for Cisco IOS Devices Implementing IPSec using Certificate Authentication via a Windows 2008 R2 CA
This one day workshop covers the configuration and operation of negotiating IKE/IPSec Security Association (SA) between Cisco IOS devices. The devices will authenticate using certificates provided through enrollment with a Windows 2008 R2 Certification Authority. The Windows 2008 R2 server will run the Simple Certificate Enrollment Process (SCEP) using the Network Device Enrollment Service (NDES).
Suitable for network planners, engineers or anyone interested in operation of Cisco IOS devices running IPSec using certificate authentication.
Review the operation of IPSec SA negotiation.
Configure Cisco Router/ASA to authenticate and enroll with a Windows 2008 R2 CA.
Configure Windows 2008 R2 Server to perform network device enrollment using NDES.
Test successful operation of IPSec with certificate authentication.
Equipment used in Practical Sessions:
Cisco IOS devices running v12 of IOS and Windows 2008 R2 server acting as an enterprise CA and running NDES and certificate enrollment.
One Day Workshop for PEAP Authentication of Windows 7 Supplicant using a Cisco Switch as Authenticator and Windows 2008 R2 Server
This one day workshop covers the configuration and operation of the IEEE802.1x protocol in the authentication and authorisation of a wired Windows 7 supplicant. The authenticator is a Cisco Switch and the server is Windows NPS running on Windows 2008 R2 server, operating as a Certification Authority (CA). The EAP protocol is Protected EAP (PEAP) and a successful request will be allocated a VLAN on the switch via RADIUS attributes received from the server following successful authentication. The procedure for a wired supplicant is almost identical to that of a wireless supplicant.
Suitable for network planners, engineers or anyone interested in operation of PEAP with Cisco IOS Devices and NPS.
Review the operation of IEEE802.1x process.
Configure Cisco Switch to use IEEE802.1x and RADIUS.
Configure Cisco Switch to authorise VLAN assignment via RADIUS attributes from server.
Configure Windows 7 supplicant for dot1x authentication and install certificate from CA as a trusted computer certificate.
Configure connection request and network policies on NPS to authenticate and to pass VLAN assignment to switch.
Configure Windows users/groups on Windows 2008 R2 server to enable NPS authentication.
Configure Windows 2008 R2 server as a DHCP server.
Configure ip helper addresses and inter-VLAN routing on Cisco L3 switch.
Test successful PEAP authentication and PING PCs in different VLANs.
Equipment used in Practical Sessions:
Cisco L2 and L3 switches running v12 of IOS. Windows 2008 R2 server running Network Policy Server (NPS).
Informationssicherung und Netzwerksicherheit
user access control
user credential management
regular review and logwatch
Computer system rules
tighten up firewall
DMZ design and deployment
port knocking protection
classify client-side users/devides
collabration models for multiple sysadmins
mobile devices / storage media
certificates, encryption keys, passwords, passphrases
data intergrity and verification
auto-detecting of intrusions
alert and alarm
log tracking and accountability
SIP protocol in VoIP
The course consists of two complementary parts – a theoretical and a practical one. The first is a one day introduction covering motivation, philosophy, fundamentals and rules of operation of the SIP protocol and ways it is used to implement telecom services with focus on IP telephony and VoIP. The second two-day part enables participants to learn practical aspects of service operation within a framework of hand-on laboratory exercises giving detailed insight into configuration of components of SIP telephony architecture, SIP signalling at both message sequence chart and internal message structure levels, and assists in understanding of typical problems and troubleshooting including security and telecom fraud aspects. The trainers will share their experience in launching, operation and management of SIP telephony covering also virtualization and cloud based solutions. Practical part is presented using both SIP hardphones and softphones and IP telephony servers (Asterisk and Freeswitch). Participants can take advantage of the fact trainers have got rich technical and business experience in IP telephony and submit their own problems and questions. They will be included in the agenda at wrap-up as a supplement to the training to meet current urgent needs of clients. Training is addressed to participants with basic knowledge and experience in telecom services – specifically in VoIP and IP networking.
Part I: Introduction
History and motivation
Types of VoIP and its evolution
SIP – main concepts
SIP standardization (RFC 3261 and other relevant standards)
UA – User Agent
Predefined servers: Registrar, Location, Proxy and Redirect
Identification and addressing
Servers and their operation
SIP server in Proxy and Redirect modes
Stateless and stateful Proxy servers
SRV records and DNS
uri/url/urn, ENUM and NAPTR records
SIP signalling messages (including Instant Messaging & Presence – IMP extensions)
Example of a call
Headers and parameters
SDP (Session Description Protocol)
Description of media
Standard list of codecs
Session negotiation rules
Call flows – SIP signalling
SIP session – main RFC 3261 example
Sample call scenarios
Conferencing and IP PBX
Changing media during a session
Routing of SIP requests and responses
ROUTE and RECORD-ROUTE headers
SIP-T and SIP-I
SIP early media and SIP trunking
SIP – security problems
Secure SIP, Secure RTP and Secure RTCP
Typical implementations of Secure SIP
Practical problems and perspectives
NAT and firewall traversal
SIP and SDP in 3GPP IMS architecture
Wrap-up and discussion
Part II: Hands on
SIP in LAN environment: XLite SIP UA + Asterisk
Creating Asterisk accounts with a simple dial plan
Configuration of XLite SIP UA (dtmf, codecs, nat, rtp, timer, register) and SIP phones (Polycom, Gigaset, Yealink, Linphone)
Registration, initiating and receiving calls
P2P calls with Linphone
Analyzing of SIP signalling using Wireshark
Configuration of a server
Registration of SIP signalling and RTP media streams
SIP packet analysis. Retrieval of a specific call
Voice quality problems. Jitter buffer. Retrieval of DTMF signalling (RFC 2833, INFO). Codec and DTMF troubleshooting (transcoding, GSM codec failure, DTMF tone duplication)
SDP, Instant Messaging and Presence (IM&P)
SDP parameters and attributes
SUBSCRIBE, PUBLISH and MESSAGE SIP methods
Practising IM&P with XLite and Linphone
SIP call flows
SIP Registration with DNS
SIP SRV record
SIP phone registration using DNS-SRV
Call Flows with DNS
Analysing SIP call signalling using Wireshark
Troubleshooting – DNS timeout, latency
Establishing a test SIP trunk
Troubleshooting (DOS, DDOS, fraud, cps)
SIP security issues
SIP security with IPSec
Security with Secure SIP
IP telephony – risk of frauds
Preventing DDOS and other types of attacks
Launching SIP based VoIP services
Configuration of a switch
SIP client configuration and registration
Asterisk PBX / Freeswitch softswitch / Cisco Call Manager
Softphones (XLite, Linphone)
Hardphone (Polycom, Gigaset, Yealink)
Operation and signalling for:
Attendant Call Transfer
Vendor dependent constraints
SIP & Network Adress Translation (NAT) problems
Type and structure of NATs
STUN (Simple Traversal of UDP Through NATs)
Quality of VoIP calls – troubleshooting
Call connected – missing media
Key QoS factors
Delay, jitter, play buffer size
VoIP quality metrics
RTCP – delay and jitter
MOS according to ITU-T G.107 E-model
VoIP quality monitoring tools (Voipmonitor)
Cloud based IP telephony
Wrap up and addressing SIP and VoIP related issues submitted by participants
PLC Ladder Programming
Passionates who would like to create their own intelligent home etc.PLC Basics and overview of applications with PLC
Overview of PLC programming languages (Ladder, SFC, C)
Simple Ladder programming
Coils, Inputs, Outputs
Working with memory
Sample programming - exercises
PLC and Networking
One Day Workshop for AAA of Cisco Devices using a Windows-based TACACS+ Server
Suitable for network planners, engineers or anyone interested in TACACS+ operation with Cisco IOS devices.
Course is almost entirely practical if one day. If extended to 2 days due to lack of pre-reqs it will be around 50% practical.
Review the operation of TACACS+ AAA process.
Configure Cisco IOS devices to use TACACS+ for access to the management software.
Configure Windows users/groups to authorise the TACACS+ requests.
Configure TACACS+ server files for proper operation.
Test successful operation of TACACS+.
Equipment used in Practical Sessions:
Cisco routers and/or switches running v12 of IOS. Windows 2008 R2 server running TACACS.net software.
Cisco CCNA Syllabus in 5 Days
A 5 day practical networking course designed to familiarise students with Cisco IOS (version 12). The course details the key commands used to configure and secure Cisco routers and switches, and covers the CCNA syllabus - including wired and wireless LAN access.
Students will inter-connect networks by implementing static routes, distance-vector and link-state based dynamic routing protocols.
The devices will be configured to route traffic across LAN/VLAN//WAN boundaries, by encapsulating datagrams across serial data links using various WAN protocols, such as HDLC, Frame Relay, ISDN and PPP (with CHAP authentication). VLAN encapsulation/tagging will be via IEEE802.1Q/P.
Standard and Extended Access Control Lists will be configured and applied to router interfaces to filter traffic based on IP address and/or traffic type.
Students will configure static and dynamic NAT to route between private and public networks and cover the theory of Virtual Private Networks (VPN's)
Students will copy router configurations and IOS images to/from a TFTP Server. Privileged commands will be used to debug TCP/IP protocols to ensure proper operation of the routers. Students will also perform password recovery operations.
The course is primarily aimed at IP v4 but does give an overview of IP v6 addressing and covers migration from an IP v4 to an IP v6 network. Other protocols and technologies (VPN's / Wireless) may be demonstrated if time permits.
Course can be customised to precise requirements of customer.
This course is suitable for anyone looking for a basic understanding of internetworking with Cisco devices and covers the CCNA syllabus.
Course is approximately 50% practical
At the end of this course the student will be able to configure Cisco routers to:
Inter-connect networks using static routes
Inter-connect networks using RIP, OSPF and EIGRP.
Route between VLAN's.
Encapsulate datagrams using PPP
Apply Standard and Extended Access Control Lists
Encapsulate datagrams using HDLC
Encapsulate datagrams using Frame Relay
Configure Frame Relay Switching.
Support ISDN dial backup.
Route between public and private networks using NAT.
At the end of this course the student will be able to configure Cisco switches to:
Run Spanning Tree Protocol.
Connect switches via VLAN Trunks.
Lab Exercise 1: Connectivity and Testing
Lab Exercise 2: Checking ARP Cache
Lab Exercise 3: Traceroute
Lab Exercise 4: Telnet into a Router
Lab Exercise 5: Configuring routers using TFTP
Lab Exercise 6: Configuration and Connectivity using RIP
Lab Exercise 7: Network Failure
Lab Exercise 8: Running other Routing Protocols
Lab Exercise 9: Spanning Tree Protocol
Lab Exercise 10: VLAN Exercise
Lab Exercise 11: Inter-VLAN Routing.
Lab Exercise 12: Classful & Classless Routing - Subnetting at Byte Boundaries
Lab Exercise 13: Access Lists
Lab Exercise 14: PPP Encapsulation
Lab Exercise 15: Frame Relay Encapsulation and ISDN dial backup.
Lab Exercise 16: Static and Dynamic NAT Configuration.
Understanding IPSec VPNs
This 2 day course investigates the theory and technology associated with IPSec VPN’s.VPN’s are setup using Cisco IOS Routers and ASA Firewalls using the web interface. The workings of the protocols are examined using debug commands and protocol analyser traces of relevant negotiations.
Suitable for network planners, engineers or anyone interested in IPSec VPNs
Course is approximately 40% practical
Review TCP/IP and the fields in the IP Header.
Describe the fields and headers in the ISAKMP Protocol.
Describe Main Mode negotiation to set up Phase 1 of a VPN
Describe Aggressive Mode negotiation to set up Phase 1 of a VPN.
Describe Quick Mode negotiation to set up Phase 2 of a VPN.
Compare IKEv1 and IKEv2 protocols.
Describe Symmetric and Public/Private Key encryption.
Describe ISAKMP Security Associations.
Describe IPSec Security Associations.
Describe IPSec AH Protocol.
Describe IPSec ESP Protocol.
Describe and Explain Diffie-Hellman Key Exchange.
Describe prime and primitive root of a prime number.
Describe, explain and configure site to site VPN’s using Cisco Routers and/or ASA Firewalls.
Describe Remote Access VPN’s using ADSL and Dial-up.
Use debug commands in Cisco CLI and wireshark to demonstrate and troubleshoot VPN negotiation.
Lab Exercise 1: IPSec using manual, symmetric encryption keys.
Lab Exercise 2: IPSec using IKE and shared secret
Lab Exercise 3: IPSec using IKE and certificate authentication.
Practical Voice and Video over IP
A 3 day practical course covering the fundamentals of the various voice protocols used to carry voice (and video) over a packet switched network. This course is a mixture of theory and practice (utilising Wireshark where appropriate for explanation and troubleshooting) with practical VoIP configured using IP telephones, softphones and voice capable Cisco routers. This is primarily a ‘generic’ VoIP course – but uses Cisco equipment to provide an IP backbone and voice gateways. We can also provide Cisco specific voice training courses. The course also covers call setup between circuit switched and packet switched networks.
The course is approximately 40% practical.
Explain the operation of circuit switched networks.
Contrast the differences between circuit switched and packet switched networks.
Explain the fields and flags within the IP header – including the new DSCP field.
Explain and quantify the need for voice compression and delay in an IP network.
Identify the CODEC’s used in voice and video compression – e.g. G711, G729 and H261/3/4.
Identify and explain the fields of the Real Time Transport Protocol and Real Time Control Protocol – including carrying DTMF tones.
Calculate bandwidth requirements for various voice compression algorithms.
Explain and demonstrate the need for security and encryption within VoIP.
Describe and explain the H.323 protocol stack.
Describe and explain call setup and signalling (H.225).
Describe and explain H.245, fast start and tunnelling of H245.
Describe and explain SIP call setup.
Describe and explain SIP Servers.
Describe and explain SDP.
Describe and explain Soft Switching – including MGCP and H248.
Describe and explain the use of SCTP in backhauling signalling messages.
Describe and explain the importance of network delay and the need for QoS in the network.
Describe and explain the differences between reservation and prioritisation QoS in an IP Network.
Describe the use of IntServ and RSVP in QoS.
Describe the use of TOS and DiffServ in QoS.
Describe and explain the need for multiple queues and intelligent scheduling of packets at router/switch interfaces.
Describe the use of MPLS to deliver QoS in the WAN environment.
Describe the use of VLAN’s to deliver QoS in the LAN environment.
Lab Exercise 1: Practical VoIP in the LAN.
Lab Exercise 2: Build IP network, make calls and examine RTP packets using Wireshark.
Lab Exercise 3: Make calls and examine SIP Packets using Wireshark.
Lab Exercise 4: Make calls and examine H323 Packets using Wireshark.
Lab Exercise 5: Calls between PSTN and IP Networks.
Lab Exercise 6: Configure QoS and make calls to examine effects.
Lab Exercise 7: Security and VoIP.
Equipment used in Practical Sessions:
Cisco 2600 series and 2800 series voice capable routers and Cisco ASA 5505 Firewalls. IP Telephones, softphones and analogue telephones as required. SIP client and server software as required.
Implementing Cisco Unified Wireless Networking Essentials
This course enables a network administrator to deploy a wireless LAN (WLAN) enterprise solution through the identification and successful implementation of site-appropriate hardware and software features in a Cisco Unified Wireless Network.
Anyone involved in the deployment of a wireless LAN solution.
After you complete this course you will be able to:
Identify how the Cisco Unified Wireless Network solution meets the challenges of successful WLAN deployments
Select and properly install the Cisco Unified Wireless Network hardware appropriate to site and use requirements
Administer the WLAN, 802.11 security policies, and QoS appropriately to protect and optimize performance on the wireless network
Configure and implement the key Cisco Unified Wireless Network security features to mitigate WLAN security threats
Utilize a recommended troubleshooting methodology and the various tools available to gather and assess system data to isolate equipment failures and security threats
Cisco WLAN Solutions
Characterizing Cisco Enterprise WLANs
Identifying Hardware Models
Describing WLC Terms and Protocols
Cisco Unified Wireless Network Installation and Configuration
Installing Hardware Components
Configuring the Cisco WLC Setup
Configuring Cisco WLC Settings
Describing AP Operational Modes
Configuring 802.11 Protocols, Performance Optimization, and Auto RF
Implementing Cisco CleanAir
Cisco Unified Wireless Network Administration
Associating an AP to a WLC
Configuring Mobility Groups and Roaming
Administering Individual WLANs and AP Groups
Performing General Administration
Service Provider Enhancements
Cisco Unified Wireless Network Security
Describing 802.11 Weak Security Policy
Configuring Security Parameters
Configuring a Cisco Unified Wireless Network to Support 802.1X Authentication
Cisco Unified Wireless Network Maintenance and Troubleshooting
Troubleshooting Cisco Unified Wireless Network
Gathering VLAN Traffic and Other Data
Configuring Policies and Management
Loading Device Code and Managing Configuration Data
Lab 2-1: CLI Setup and Web Setup
Lab 2-2: Controller Web Interface
Lab 3-1: AP Association Options, Configurations, and Cisco CleanAir
Lab 3-2: Interface Group Configuration
Lab 3-3: VideoStream
Lab 4-1: Web Authentication
Lab 4-2: WPA or WPA2 PEAP-MS-CHAPv2 Authentication
Lab 4-3: WPA or WPA2 EAP-FAST Local EAP Authentication
Lab 5-1: Pre-Image Download
This 4 day course involves a mixture of expository based (utilising protocol analyser traces where appropriate) and practical experiments to test and verify the operation of TCP/IP networks. The major aspects of the TCP/IP protocol stack are covered, including subnetting, supernetting and running dynamic routing protocols. TCP and UDP will be compared and contrasted, covering the end-to-end reliability and congestion avoidance capabilities of the TCP/IP stack. Some application layer protocols (HTTP, TLS, DNS, DHCP etc) will be investigated during the course. Network security in the form of TLS will be covered both from a theoretical and practical standpoint. The practical exercises are designed to augment the theory and enhance both the understanding of the underlying protocols and also the problem solving abilities of the delegates.
Suitable for anyone looking for an understanding of TCP/IP.
Course is approximately 50% practical.
Describe encapsulation, de-encapsulation and modularity within the TCP/IP protocol stack.
Describe, identify and explain the fields and flags within the IP header.
Describe, identify and explain IP address classes A, B and C.
Use subnet mask to identify network portion of IP address.
Describe differences between classful and classless IP addressing.
Describe the operation of an IP router and the use of static and dynamic routing.
Describe and compare distance vector (RIP) and link-state (OSPF) routing protocols.
Describe and explain IP subnetworking.
Describe and explain supernetting, VLSM and CIDR.
Describe ICMP and use ping and traceroute as a network connectivity tool.
Describe use of DHCP in dynamic IP addressing.
Describe and use ARP to relate IP address to MAC address.
Describe and explain the use of DNS in TCP/IP networks.
Describe, identify and explain the fields and flags in the TCP and UDP headers.
Describe and explain how TCP gives end to end reliability in an unreliable IP network.
Describe and explain the operation of congestion avoidance in TCP/IP networks.
Describe and explain Transport Layer Security (TLS).
Lab Exercise 1: Connectivity and Testing.
Lab Exercise 2: DHCP and DNS.
Lab Exercise 3: Checking ARP cache.
Lab Exercise 4: Fragmentation.
Lab Exercise 5: Traceroute.
Lab Exercise 6: Routing.
Lab Exercise 7: Subnetting.
Lab Exercise 8: TCP Options.
Lab Exercise 9: TLS.
A 2 day theoretical course (with some practical demonstrations) covering the fundamentals of Internet Protocol v6 – including addressing, protocol formats, ICMP v6, discovery processes and IP v6 routing.
Network Planners, Designers, and Engineers requiring an understanding of IP v6. Those requiring a comprehensive overview of IP v6 and the migration process from an IP v4 environment.
Explain the benefits of migrating from IP v4 to IP v6
Describe and explain the IP v6 fixed header format
Describe and explain the IP v6 optional header formats
Describe and explain global IP v6 unicast addresses and aggregation
Describe and explain link-local IP v6 unicast addresses
Describe and explain multicast IP v6 addresses
Describe and explain anycast IP v6 addresses
Describe and explain IP v6 special addresses
Describe IP v4 to IP v6 compatibility and mapped addresses
Describe and explain ICMP v6 messages
Describe and explain path MTU discovery
Describe and explain neighbour discovery process
Describe and explain router discovery process
Describe and explain multicast listener discovery process
Describe and explain stateful and stateless auto-configuration
Describe and explain IP v6 and DNS
Describe IP v6 routing protocols – RIP, OSPF, ISIS and BGP v4
Describe IP v4 to IP v6 migration strategies.
Demonstrate IP v6 addressing and local link communication.
Demonstrate IP v6 routing processes.
Practical SIP Telephony
A 3 day practical course covering the messages and call flows of the Session Initiation Protocol (SIP) and its use in voice networks. This course is a mixture of theory and practice (utilising protocol analyser traces where appropriate for explanation and troubleshooting) with practical VoIP configured using IP telephones, softphones, voice capable Cisco routers and SIP IP PBX,s (e.g. Trixbox).
Network Planners, Designers, and Engineers requiring an understanding of SIP.
The course is around 40% practical.
Describe call signalling and setup in the voice network
Describe carrying of voice media and bandwidth requirements for VoIP calls
Describe SIP standards, services, messages and return codes
Describe basic call setup using SIP
Describe SIP flows and SDP
Describe registration process and making calls with a SIP Server
Describe IP PBX and Call Conferences
Describe SRV records and DNS
Describe uri/url/urn, ENUM and NAPTR Records
Describe mapping of services to an address
Describe SIP-T and SIP-I
Describe SIP early media and SIP trunks
Describe call flows between PSTN and IP using SIP
Describe Secure SIP, Secure RTP and Secure RTCP
Describe typical Secure SIP implementations
Lab Exercise 1: Practical SIP in the LAN with Xlite
Lab Exercise 2: Examine SIP Packets using Wireshark
Lab Exercise 3: SDP, Presence and IM
Lab Exercise 4: Call Flows with SIP Server
Lab Exercise 5a: SIP Registration with DNS
Lab Exercise 5b: Call Flows with DNS
Lab Exercise 6: SIP Trunks
Lab Exercise 7: Security with IPSec
Lab Exercise 8: Security with Secure SIP
Practical RADIUS and TACACS+
A 2 day practical course that covers the theory of RADIUS and TACACS+ protocols. Network Policy Server (NPS) on Windows 2008 Server will be used to implement Connection Request and Network Policies to allow users access to network resources. A windows based TACACS+ server will be used to investigate the operation of this protocol to provide authentication, authorisation and accounting for users accessing network resources.
There is an option for an additional one day workshop to configure and test IEEE802.1x authentication using Windows 7 client as the supplicant, a Cisco switch as the authenticator and an NPS server to provide the authentication. Delegates will configure the Cisco switch and NPS server to use the Extensible Authentication Protocol (EAP).
Network Planners, Designers, and Engineers requiring an understanding of RADIUS and TACACS+ operation
Course is approximately 40% practical.
Describe and explain RADIUS protocol.
Describe and explain RADIUS messages and attributes.
Describe and explain the differences between clients and users.
Describe and explain the TACACS+ protocol.
Compare the operation of RADIUS and TACACS+ protocols.
Describe and explain operation of Network Policy Server (NPS) in Windows Server 2008.
Describe and explain Connectiion Request and Network Policies.
Use Windows Server 2008 logs to troubleshoot RADIUS operation.
Use NTRADping test utility to test RADIUS operation.
Describe and explain TACACS+ message format and operation.
Configure Cisco switch/router as a RADIUS client and test operation.
Explain and configure standard and vendor specific attributes on NPS Server.
Configure Cisco switch/router as a TACACS+ client and test operation.
Describe configure and test RADIUS and TACACS+ accounting.
Describe and explain RADIUS Proxy operation.
Configure and test RADIUS proxy and load balancing using NPS.
Lab Exercise 1: Configure and test RADIUS.
Lab Exercise 2: RADIUS Authentication/Authorisation.
Lab Exercise 3: TACACS+ Authentication/Authorisation.
Lab Exercise 4: RADIUS Accounting.
Lab Exercise 5: TACACS+ Accounting.
Lab Exercise 6: Proxy RADIUS
Lab Exercise 7:Load Sharing RADIUS Requests
Cisco ASA/Pix Operation
A 4 day instructor-led practical course designed to familiarise delegates with the Cisco ASA Firewall CLI and ASDM. The course details the key commands used to configure and secure networks using the ASA Firewall with v8 of the operating system and version 6 of the ASDM.
Delegates will configure the ASA using the console port, TFTP server, telnet and SSH using local and RADIUS authentication. The device will be configured to utilise Syslog and SNMP.
ASA Firewalls will also be configured to use Access-Lists, Network Address Translation and VPN's utilising IPSec protocols. The course will cover the theory of Public/Private Keys, shared secret keys and their use in forming Site to site VPN's between ASA Firewalls using IKE and IPSec. Students will configure the units to create site to site VPN's, remote access VPN's using the Cisco Secure VPN Client and Web VPN's. The course will cover the theory of failover and delegates will configure Active/Standby failover on the ASA.
Privileged commands and protocol analyser traces will be used, where necessary, to debug protocols and ensure proper operation of the ASA Firewall. Students will also perform password recovery operations.
This course will involve interfacing the ASA with other network equipment, such as routers and switches, as would be expected in a network environment.
Course is suitable for anyone involved in ASA firewall configuration and network security
Course is approximately 50% practical
At the end of this course the student will be able to configure ASA Firewalls to:
Allow configuration via console port, telnet and SSH
Copy configurations and upgrade OS image.
Authenticate users using RADIUS and local authentication.
Act as a DHCP Server, Client and Relay.
Operate as a Routed or Transparent Firewall.
Operate in Failover mode.
Run routing protocols (OSPF and RIP) and exchange routing information with Cisco routers.
Support Access Control Lists and content filtering.
Support Object Grouping.
Establish Internet connections using NAT and PAT.
Setup site to site VPN's using IKE and IPSec.
Setup Remote Access VPN's using Cisco secure VPN client.
Setup Web VPN's
Log access-list activity using a syslog server.
Send traps to an SNMP Server.
Lab Exercise 1: Basic Configuration of Cisco ASA.
Lab Exercise 2: Configure support for VLANs on ASA.
Lab Exercise 3: Connectivity via Telnet and Local/RADIUS authentication.
Lab Exercise 4: Configure Static and Dynamic routing on ASA.
Lab Exercise 5: Filter traffic using Access Control Lists.
Lab Exercise 6: Configure NAT on ASA.
Lab Exercise 7: Configure VPN's on ASA.
Lab Exercise 8: Configure Active/Standby Failover on ASA/Pix.
Lab Exercise 9: Password Recovery on Cisco ASA.
Equipment Used in Practical Exercises:
4 Cisco ASA 5505 Firewalls running v8 of the CLI and capable of Active/Standby Failover. Pix 515E firewalls running v8 of the CLI, Cisco routers, switches and hubs as required.
One Day Workshop for AAA of Cisco Devices using Windows 2008 NPS RADIUS
This one day workshop covers the configuration and operation of the RADIUS protocol in the authentication, authorisation and accounting of accessing the management software of Cisco IOS devices. The RADIUS server is Network Policy Server (NPS) in Windows 2008 R2.
Suitable for network planners, engineers or anyone interested in RADIUS operation with Cisco IOS Devices and NPS.
Workshop is almost all practical. If extended to 2 days it will be approximately 50% practical.
Review the operation of RADIUS AAA process.
Configure Cisco IOS devices to use RADIUS for access to the management software.
Configure connection request and network policies on NPS.
Configure Windows users/groups to authorise the RADIUS requests.
Test successful operation of RADIUS using NPS.
Equipment used in Practical Sessions:
Cisco routers and/or switches running v12 of IOS. Windows 2008 R2 server running Network Policy Server (NPS).