Skip to content

Cisco ASA – IPsec VPNs

This course provides mastery of the VPN Configuration on Cisco ASAx, ASA, and PIX platforms. The class is targeted around the IPsec Site-Site VPNs and their configuration and troubleshooting.

If you configure and troubleshoot IPsec VPNs on Cisco Firewalls, this is the class for you. Students will walk away knowing every command in the VPN template and its effects. Students will also have a very firm foundation for troubleshooting and validating the health of VPNs they configure.

Dates:
No scheduled public classes.
Contact us to schedule a private delivery.
Duration
1 day / 8 hours
Delivery Format:
Physical Classroom
Virtual – Live delivery
 Testimonials
Target Audience

Engineers who operate, deploy, and troubleshoot VPNs on any Cisco firewall platform

Pre-requisites

Students should have prior exposure to working with Cisco ASA, ASAx, or PIX firewalls.

Syllabus

Modules:

  • What is a VPN
    • Definition
    • Site-Site vs Client-Site
    • Cryptography Services
    • Policy Suites
    • Diffie-Hellman
    • Lifetime
    • IKE – Phase1 and Phase2
  • Configuring a VPN
    • Commands
    • Encryption Domain
      • Object-Groups
      • Mirroring
    • Phase 1
      • Policy Suite
      • Policy Suite Ordering
    • Phase 2
      • Crypto Map
      • Sequence Numbers
      • Transform Sets
      • Multiple VPNs on one Crypto Map
      • Perfect Forward Secrecy (PFS)
    • Tunnel-Groups
      • Peer Identity
      • Pre-Shared-Key
      • Custom Group-Policy
    • Enabling the VPN Tunnel
      • Enabling ISAKMP
      • Enabling IPsec
      • Applying Crypto Maps
  • VPN Show Commands
    • show isakmp sa
      • Verifying Phase 1
      • Troubleshooting Phase 1
    • show ipsec sa
      • Verifying Phase 2
      • Troubleshooting Phase 2
    • show vpn-sessiondb
      • Verifying general VPN Health
    • Debugging
      • debug crypto isakmp