Virtual Private Networks

​

BASIC VPNs​

• LAN-to-LAN IPsec VPNS  ( Routers )

• LAN-to-LAN IPsec VPNS  [with NAT-T and without NAT-T]

• GRE

• GRE/IPSEC

• IPSEC/GRE

• IPSEC Tunnel vs Transport Mode

• Static-Virtual interface [S-VTI]

• mGRE

• Cheat sheet VPN

​

​

Advanced VPNs

• DMVPN

• DMVPN Phases and Redundancy

• GET VPN

• VRF Aware VPNs

• VPNs using Certificates with Router as a CA server

​

 

IKEv2 VPNs

• Using legacy Method

• Using S-VTI

​

 

FLEX VPN

• D-VTI/S-VTI based Site to Site VPN

• D-VTI/S-VTI based Spoke to Spoke using NHRP

​

​

Firewalls – ASA(9.x)

 

Basic Configuration

• Security Levels

• Management [Telnet/SSH]

• Routing [ RIPv2,EIGRP,OSPF ]

• NAT [Dynamic/Static NAT, Dynamic/Static PAT, Destination NAT, Manual NAT]

• Access Policies

​

Transparent firewall

• Initialization

• Accesspolicies

• Ethertype ACLs

 

Redundancy

• Redundant interfaces

• Port-channels

• Security Contexts

• Failover [ Active/standby & Active/Active]

• Clustering [Spanned mode / Individual mode]

 

Deep-packet Inspection using MPF

• Tuning the global policy

• Configuring custom L7 policy

 

VPNs

• Site to Site IPSec

• Remote Access [ IKEv2 & SSL ]

​

​

Firewalls - Firepower Threat Defense [FTD]

​

Basic Configuration

• FMC & FTD integration

• Interface configuration

• Routing [RIPv2, EIGRP, BGP]

• NAT [ Dynamic/Static NAT, Dynamic/Static PAT, Destination NAT, Manual NAT]

• Access Control Policies – Basic

• Access Control Policies – Advanced

• Site-to-Site VPN

 

Content Filtering using WSA & ESA

​

WSA

• Initialization

• Integration with Routers/Switches/Firewall using WCCP

• Configuring traffic policies

• Configuring custom categories

 

ESA

• Initialization

• Integration with E-mail servers and DNS

• Configuring Mail flow policies

• Configuring outgoing mail filters

• Configuring incoming mail filters

​

​

Basic Wireless LAN configuration

​

Configuring the base network

• Configure the switches for the base network

• Configuring DHCP server

 

WLC configuration

• Initialization of the WLC

• Configuring VLAN interfaces

• Configuring WLANs

​

Identity Management using ISE

​

Wired ISE

• Configuring the relationship between Switch & ISE

• Configuring Identity groups and users

• Configuring Dot1x authentication with VLAN assignment and DACL

• Configuring MAB for IP Phone with PC behind doing Dot1x authentication.

​

Wireless ISE

• Configuring the relationship between Switch & ISE

• Configuring Dot1x authentication with VLAN assignment and DACL

• Configuring SXP between ISE, WLC & Firewall to implement filtering using SGT

 

Device administration

• Router/Switch Authentication

• Router/Switch Exec & Command authorization

• Router/Switch Accounting

​

​

​

Router / Switch Security

​

Router Security

• NTP

• uRPF

• DHCP server /DHCP Relay Agent

• Syslog

 

Switch Security

• Port-Security

• DHCP snooping

• ARP inspection

• Source guard

• VLAN ACL

​

​

#networkwithme #VPN #firewall #DMVPN phases #GET VPN

#CCIE SECURITY version 5 |#VPN | #Cisco FTD | #Cisco FMC | #Cisco VPN | #Cisco Firewall | #IPSEC | #WSA | #ASA | #index # vrf VPN