SIMOS
Implementing Cisco Secure Mobility Solutions
Instructor: Graham Tuthill
Location: Wokingham
Start Time 9:30
Please check you have access to the electronic course material,details of which would have been emailed to you directly formCisco Check your SPAM folder
Course Times:Monday 9:30 to 4:30Tuesday 9:00 to 4:30Wednesday 9:00 to 4:30Thursday 9:00 to 4:30Friday 9:00 to ?
Breaks:Coffee am 10:45/15 minsLunch 12:30/35 minsCoffee pm 2:45/15 mins
My Websitedefaultgateway.co.uk
Wireless key323-010-323
Local Admin PCPassword =Pa$$w0rd
Here are you license codes for the course material
Monza
ConfidentialityEncryption
Symetric &Asymetric(keys)
Symetricencryption
Alice Bob
DES3DESAESTKIPRC4CAST/SWORDFISH
DES
64Clear Text
Alice Bob
32 32
xor
32!6 Rounds
Cipher Text
Encrypted
Clear Text
56 Key
3DES
56
56
56
Data Intergrity
101
eve
101
SHA/MD5
111111
SHA_HMAC
+ Authentication
Amazon
https://
Public Key
VerisignPubPvt
RC4
Nick/AndreasRalf/Colin
Graham/PaulPhil/Mohamed
AndrejIan
Paul
PerRadoslaw
Internet
London
Wokingham
Lunch to 1:15
IPSEC
AH ESPAuthenticationHeader
Encapsulatingsecurity Payload
Data IntergrityData AuthenticationAnti Replay Data Confidentiality
Data IntergrityData AuthenticationAnti Replay
AES/DES/3DESetc
SHA_HMAC
Sequencenumbers
IPSEC-ESP
IP
Tunnel
Transport
PubPVT PVT
Hashed
Encrypted
ESP
SPI#
Seq #Padding
HASH
IKE V1 & V2(isakmp)
IPSEC/ESP
Diffie Hellman
Auhenticate
DHValue DH
Value
PSKs/Certs
UDP/500
SADs
ESP-DESESP-SHA
1234
POLICY
DES/3DES/AES
Main Mode
Aggresive Mode
Quick Mode
Policy #
Transform set (name)
Complete Lab 2-1 by 9:00 am tomorrow
We will start the theory at 9:00
IKE V1
Phase 1
Phase 2
IKE V2
All in one phase
Child SA mainSA
Policy # (Low is best)
Transform Set (Name) x
DH GroupDES/3DESPSK/CertsLifetimeHashing (HAGLE)
ESP - AESESP -SHA_HMACDefault (Tunnel mode) PFS DH Group #
IOS/ASA
Crypto-Map 10 (name)
Peer IP AddressCrypto ACLTransform-set (name)
Ge0/0
ASAstill uses crypto maps
IPSEC
IOSOld way crypto maps
New way VTIs and or DVTIs
Ge0/0 Tunnel 0 IPSEC
VTI VTI
DVTI
TEMPLATE
DVTI
VTI VTI
DMVPNsSpoke to Spoke (Dymanically)Spoke to Hub is ManualThere are no VTIs or DVTIsGRE & NHRP
192.168.3.0/24 N/H = 10.1.1.3
OSPFOSPF
NHR Request
NHR Response
192.168.2.0/24 N/H = 10.1.1.2
IPSEC
IKEv1
Ph1
Ph2
Policy
D/H
Authc
IkeV2
Complete Lab 3-1 by 12:00 am (maybe :-))
Complete Lab 3-1 by 1:10 pm including a Lunch Break
At 1:10 I will complete the FlexVPN Theory about 20minutes
There will still be 2 labs left 3-2 and 3-3 however wehave to stop and move onto the Remote Access VPNpart of the course.
You can return to the remaining FlexVPNs labs at anytime between now and Friday afternoon as theirconfigration and operation or non operation :-) willhave no impact on any of the labs we will be doing forremote access.
ISPSSL/TLS
WWW
Web Portal
Bookmarks-URL Hyperlinks
HttphttpsFTPCIFS
PLUGINS
RDPVNCCITRIXSSH
Cisco.com & downloadInstall
Smart Tunnels Broker Applet
RDPNatively
TCP (Basic)
ISP
ASA
Clientless SSLSSL IPSEC(IKEV2)
Clients
Server
Connection ProfileAKA Tunnel Groups
Tunnel Groups = CLIConnection Prof = ASDM
A method ofAuthentication
AB Group Policy
DfltGrpPolicy
Hours of Access = 9 - 5
Manchester office/CP
Hours Access 6 - 6
IT Admins 6-12
London 9 - 4/CP
Man Manachester 24
Complete Lab 4-1 by 9:15 Thursday morning
Then straight into the next theory
Lab approx 45/60 minutes
Complete Lab 4-2 by 11:00 am including coffee
Complete Lab 4-3 advanced Clientless Config (Authc/Authz)
Should take you about 30 minutes. With about a 40 Minute Lunchbreak.
I am going to start Module 5 Client SSL & IPSEC VPNs Theory at1:15.
The rest of today will be a mixture of SSL/IPSEC Client theory andlabs. I anticipate completing 2 more labs today 5-1 & 5-2.
This will leave lab 5-3 for tomorrow (IPSEC Client VPN IKEv2)
Tomorrow morning I will start module 6 (DAP) and have the theoryand lab for this module complete around 1:30.
If you then wish to return to Lab 3-2/3-3 you have the rest of thetomorrow afternoon to do this.
ISPPvt Pvt
SSL
Complete Lab 5-1 by 3:00pm including coffee
Complete Lab 5-2 Advanced SSL Client by 9:00 am Friday
Please check the time on the ISE & AD they have to be within5 minutes of each other, show time in the ISE CLI.
If they are not then delete the NTP Server from ISE in the CLIand Add again, this will solve your problem.
To access the ISE CLI click on the icon in the diagram.
The ISE cli is nearly the same as IOS.
Lab 5-3 Completed by 10:35 including coffee
DAP Policy
ActionRich set
AAA Criteria(Local/Remote)
Host Scan
Complete Lab 6-1 (3-2 & 3-3) by 4:00 pm FridayLab 6-1 should only take you about 45 minutes
I will post these drawings to my website now
My email is [email protected]
Have a good weekend
Please read the Lab tips for Lab 6-1