Cisco SECURE 1.0: Deploying Scalable Authentication in Site-to-Site IPSec VPNs

Overview/Description
You can configure IP Security (IPSec) virtual private networks (VPNs) with various types of authentication, which often limit its scalability with regard to performance and configuration manageability. A simple method, such as using pre-shared keys (PSKs), requires you to share a secret between each pair of VPN peers. A more scalable authentication method incorporates the public key infrastructure (PKI) for authentication purposes. This course discusses the process of configuring an IPSec site-to-site VPN using PKI-facilitated peer authentication.

Target Audience
Network professionals responsible for securing and managing their network infrastructures who have CCNA certification, CCNA Security certification (IINS) and a working knowledge of Microsoft Windows operating systems

Expected Duration (hours)
2.5

Lesson Objectives

Cisco SECURE 1.0: Deploying Scalable Authentication in Site-to-Site IPSec VPNs

recognize how trusted introducer facilitates the secure exchange of public keys

describe how certificate authorities work

identify features of the X.509 standard for PKI data formats

recognize how to plan a PKI-enabled VPN

identify the features of Cisco IOS Software Certificate Server

configure Certificate Server prerequisites and database location

complete the Certificate Server configuration

recognize how to troubleshoot a basic Cisco IOS Software Certificate Server

configure a Cisco IOS Software PKI client

configure a router as a certificate server

enroll two VPN peers into a PKI

recognize how to troubleshoot a Cisco IOS Software VPN router in a PKI enrollment process

configure the integration of a Cisco IOS Software VPN router with supporting PKI entities

configure IKE using peer canonical name verification

recognize how to troubleshoot PKI-enabled IKE authentication

configure advanced PKI integration