Implementing Secure Converged Wide Area Networks
Course
Inhouse
Description
-
Type
Course
-
Methodology
Inhouse
-
Duration
5 Days
ISCW is an advanced instructorled course that focuses on WAN and remote access solutions. This 5day course includes cable modems and DSL with Network Address Translation (NAT), Multiprotocol Label Switching (MPLS) VPNs, IPsec VPNs. This course will teach you how to secure the network environment using Cisco IOS security features, and configure the three primary components of the Cisco IOS. Suitable for: This course provides indepth technical training for system engineers, network engineers, and field engineers who need to design, deploy, configure, and manage Cisco IOS routers and switches.
About this course
CCNA certification or equivalent knowledge and experience
Ability to complete the initial configuration of a Cisco IOS switch or router
Ability to create interswitch connections and run show commands on a Cisco IOS switch or router
Moderate knowledge of routing protocols
Basic knowledge of standard WAN technologies (Frame Relay, PPP, and HDLC)
Basic knowledge of standard and extended ACLs
Reviews
Course programme
ISCW is an advanced instructor-led course that focuses on WAN and remote access solutions. This 5-day course includes cable modems and DSL with Network Address Translation (NAT), Multiprotocol Label Switching (MPLS) VPNs, IPsec VPNs. This course will teach you how to secure the network environment using Cisco IOS security features, and configure the three primary components of the Cisco IOS Firewall feature set (firewall, IPS, and AAA).
Learning objectives
After you complete this course, you will be able to:
- Describe remote connectivity requirements for secured access
- Describe Cisco network architectures for remote connectivity
- Describe and implement teleworker broadband connectivity
- Implement and verify frame mode MPLS
- Describe and configure a site-to-site IPsec VPN
- Describe and configure Cisco device hardening
- Describe and configure IOS firewall features
Who should attend
This course provides in-depth technical training for system engineers, network engineers, and field engineers who need to design, deploy, configure, and manage Cisco IOS routers and switches.
Recommended prerequisites
- CCNA certification or equivalent knowledge and experience
- Ability to complete the initial configuration of a Cisco IOS switch or router
- Ability to create interswitch connections and run show commands on a Cisco IOS switch or router
- Moderate knowledge of routing protocols
- Basic knowledge of standard WAN technologies (Frame Relay, PPP, and HDLC)
- Basic knowledge of standard and extended ACLs
Course outline
Module 1: Network Connectivity Requirements
Lesson 1: Describing Network Requirements
- IIN and Cisco SONA Framework
- Cisco Network Models
- Remote Connection Requirements in a Converged Network
Lesson 1: Describing Topologies for Facilitating Remote Connections
- Remote Connection Topologies
- The Challenge of Connecting the Teleworker
- Cable Technology Terms
- Cable System Components
- Cable Features
- Digital Signals over RF Channels
- Data over Cable
- Cable Technology: Putting It All Together
- Provisioning a Cable Modem
- DSL Features
- DSL Types
- DSL Limitations
- ADSL
- ADSL and POTS Coexistence
- ADSL Channels and Encoding
- Data over ADSL: PPPoE
- Data over ADSL: PPPoA
- Configuration of a Cisco Router as the PPPoE Client
- Configuration of a PPPoE Client
- Configuration of the PPPoE DSL Dialer Interface
- Configuration of PAT
- Configuration of DHCP to Scale DSL
- Configuration of a Static Default Route
- Verifying a PPPoE Configuration
- Configuration of a PPPoA DSL Connection
- Configuration of the DSL ATM Interface
- Layer Troubleshooting
- Layer 1 Issues
- Administratively Down State for an ATM Interface
- Correct DSL Operating Mode?
- Layer 2 Issues
- Data Received from the ISP
- Proper PPP Negotiation
Lesson 1: Introducing MPLS Networks
- The MPLS Conceptual Model
- Router Switching Mechanisms
- MPLS Architecture
- MPLS Labels
- Label Switch Routers
- LSR Component Architecture
- Label Allocation in a Frame Mode MPLS Environment
- Label Distribution and Advertisement
- Populating the LFIB Table
- Packet Propagation Across an MPLS Network
- Penultimate Hop Popping
- The Procedure to Configure MPLS
- Configuring IP CEF
- Configuring MPLS on a Frame Mode Interface
- Configuring the MTU Size in Label Switching
- Defining MPLS VPN
- MPLS VPN Architecture
- Propagation of Routing Information Across the P-Network
- End-to-End Routing Information Flow
- MPLS VPNs and Packet Forwarding
Lesson 1: Understanding IPsec Components and IPsec VPN Features
- IPsec Overview
- Internet Key Exchange
- IKE: Other Functions
- ESP and AH
- Message Authentication and Integrity Check
- Symmetric and Asymmetric Encryption Algorithms
- PKI Environment
- Site-to-Site IPsec VPN Operations
- Configuring IPsec
- Site-to-Site IPsec Configuration: Phase 1
- Site-to-Site IPsec Configuration: Phase 2
- Site-to-Site IPsec Configuration: Apply VPN Configuration
- Site-to-Site IPsec Configuration: Interface ACL
- Introducing the SDM VPN Wizard Interface
- Site-to-Site VPN Components
- Launching the Site-to-Site VPN Wizard
- Connection Settings
- IKE Proposals
- Transform Set
- Defining What Traffic to Protect
- Completing the Configuration
- Generic Routing Encapsulation
- Introducing Secure GRE Tunnels
- Configuring GRE over IPsec Site-to-Site Tunnel Using SDM
- Backup GRE Tunnel Information
- VPN Authentication Information
- IKE Proposals
- Transform Set
- Routing Information
- Completing the Configuration
- High Availability for IOS IPsec VPNs
- IPsec Backup Peer
- Hot Standby Routing Protocol
- IPsec Stateful Failover
- Backing Up a WAN Connection with an IPsec VPN
- Introducing Cisco Easy VPN
- Describe Easy VPN Server and Easy VPN Remote
- Cisco Easy VPN Server Configuration Tasks
- Configuring Easy VPN Server
- IKE Proposals
- Transform Set
- Group Policy Configuration Location
- User Authentication
- Local Group Policies
- Completing the Configuration
- Cisco VPN Client Configuration Tasks
- Use the Cisco VPN Client to Establish a VPN Connection and Verify the Connection Status
Lesson 1: Mitigating Network Attacks
- Cisco Self-Defending Network
- Types of Network Attacks
- Reconnaissance Attacks and Mitigation
- Access Attacks and Mitigation
- DoS Attacks and Mitigation
- Worm, Virus, and Trojan Horse Attacks and Mitigation
- Application Layer Attacks and Mitigation
- Management Protocols and Vulnerabilities
- Determining Vulnerabilities and Threats
- Vulnerable Router Services and Interfaces
- Locking Down Routers with AutoSecure
- AutoSecure Process Overview
- Locking Down Routers with the SDM
- Configuring Router Passwords
- Setting a Login Failure Rate
- Setting Timeouts
- Setting Multiple Privilege Levels
- Configuring Banner Messages
- Configuring Role-Based CLI
- Secure Configuration Files
- Cisco ACLs
- Applying ACLs to Router Interfaces
- Using Traffic Filtering with ACLs
- Filtering Network Traffic to Mitigate Threats
- Mitigating Distributed DoS with ACLs
- Combining Access Functions
- Caveats
- Secure Management and Reporting Planning Considerations
- Secure Management and Reporting Architecture
- Configuring an SSH Server for Secure Management and Reporting
- Using Syslog Logging for Network Security
- Configuring Syslog Logging
- SNMP Version 3
- Configuring an SNMP Managed Node
- Configuring NTP Client
- Configuring NTP Server
- Introduction to AAA
- Router Access Modes
- AAA Protocols: RADIUS and TACACS+
- Configure AAA Login Authentication on Cisco Routers Using CLI
- Configure AAA Login Authentication on Cisco Routers Using SDM
- Troubleshoot AAA Login Authentication on Cisco Routers
- AAA Authorization Commands
- AAA Accounting Commands
Lesson 1: Introducing the Cisco IOS Firewall
- Layered Defense Strategy
- Firewall Technologies
- Stateful Firewall Operation
- Introducing the Cisco IOS Firewall Feature Set
- Cisco IOS Firewall Functions
- Cisco IOS Firewall Process
- Configuring Cisco IOS Firewall from the CLI
- Basic and Advanced Firewall Wizards
- Configuring a Basic Firewall
- Configuring Interfaces on an Advanced Firewall
- Configuring a DMZ on an Advanced Firewall
- Advanced Firewall Security Configuration
- Complete the Configuration
- Viewing Firewall Activity
- Introducing Cisco IOS IDS and IPS
- Types of IDS and IPS Systems
- IDS and IPS Signatures
- Cisco IOS IPS Alarms
- Configuring Cisco IOS IPS
- Cisco IOS IPS SDM Tasks
- Selecting Interfaces and Configuring SDF Locations
- Viewing the IPS Policy Summary and Delivering the Configuration to the Router
- Configuring IPS Policies and Global Settings
- Viewing SDEE Messages
- Tuning Signatures
Lab 2-1: Configuring DSL
Lab 3-1: Configuring Frame Mode MPLS
Lab 4-1: Configuring Site-to-Site IPsec VPNs
Lab 4-2: Configuring GRE Tunnels over IPsec Using SDM
Lab 4-3: Configuring IPsec VPN to Back Up a WAN Connection
Lab 4-4: Configuring Cisco Easy VPN Server Using SDM
Lab 5-1: Securing Cisco Routers
Lab 5-2: Securing Cisco Router Management
Lab 5-3: Configuring AAA Login Authentication and Exec Authorization on Cisco Routers
Lab 6-1: Configuring a Cisco IOS Firewall
Lab 6-2: Configuring Cisco IOS IPS
Lab 6-3: Troubleshooting Security
Implementing Secure Converged Wide Area Networks