Implementing Cisco Secure Mobility Solutions (SIMOS) v1.0 is a newly created five-day instructor-led training (vILT) course that is part of the curriculum path leading to the Cisco Certified Network Professional Security (CCNP Security) certification. This course is designed to prepare network security engineers with the knowledge and skills they need to protect data traversing a public or shared infrastructure such as the Internet by implementing and maintaining Cisco VPN solutions. Students of this course will gain hands-on experience with configuring and troubleshooting remote access and site-to-site VPN solutions, using Cisco ASA adaptive security appliances and Cisco IOS routers.

• Channel Partner / Reseller
• Customer
• Employee

Upon completing this course, the learner will be able to meet these overall objectives:

• Describe the various VPN technologies and deployments as well as the cryptographic algorithms and protocols that provide VPN security.
• Implement and maintain Cisco site-to-site VPN solutions.
• Implement and maintain Cisco FlexVPN in point-to-point, hub-and-spoke, and spoke-to-spoke IPsec VPNs.
• Implement and maintain Cisco clientless SSL VPNs.
• Implement and maintain Cisco AnyConnect SSL and IPsec VPNs.
• Implement and maintain endpoint security and dynamic access policies (DAP).

• CCNA Security or valid CCSP.
• or any CCIE certification can act as a prerequisite

Module1.0 Secure Communications

1.1 Site-to-site VPNs on routers and firewalls

            1.1.a Describe GETVPN

1.1.b Implement IPsec (with IKEv1 and IKEv2for both IPV4 & IPV6)

1.1.c Implement DMVPN (hub-Spoke and spoke-spoke on both IPV4 & IPV6)

1.1.d Implement FlexVPN (hub-Spoke on both IPV4 & IPV6) using local AAA

1.2Implement remote access VPNs

1.2.a Implement AnyConnect IKEv2 VPNs on ASA and routers

1.2.b Implement AnyConnect SSLVPN on ASA and routers

1.2.c Implement clientless SSLVPN on ASA and routers

1.2.d Implement FLEX VPN on routers

Module2.0: Troubleshooting, Monitoring and Reporting Tools

2.1 Troubleshoot VPN using ASDM & CLI

2.1.a Troubleshoot IPsec

2.1.b Troubleshoot DMVPN

2.1.c Troubleshoot FlexVPN

2.1.d Troubleshoot AnyConnect IKEv2 and SSLVPNs on ASA and routers

2.1.e Troubleshoot clientless SSLVPN on ASA and routers

Module3.0: Secure Communications Architectures

3.1 Design site-to-site VPN solutions

3.1.a Identify functional components of GETVPN, FlexVPN, DMVPN, and IPsec

3.1.b VPN technology considerations based onfunctional requirements

3.1.c High availability considerations

3.1.d Identify VPN technology based onconfiguration output

3.2 Design remote access VPN solutions

3.2.a Identify functional components of FlexVPN, IPsec, and Clientless SSL

3.2.b VPN technology considerations based on functional requirements

3.2.c High availability considerations

3.2.d Identify VPN technology based on configuration output

3.2.e Identify AnyConnect client requirements

3.2.f Clientless SSL browser and client considerations/requirements

3.2.g Identify split tunneling requirements

3.3 Describe encryption, hashing, and Next Generation Encryption (NGE)

3.3.a Compare and contrast Symmetric and asymmetric key algorithms

3.3.b Identify and describe the cryptographic process in VPNs – Diffie-Hellman, IPsec – ESP, AH, IKEv1, IKEv2,

hashing algorithms MD5 and SHA, and authentication methods

3.3.c Describe PKI components and protection methods

3.3.d Describe Elliptic Curve Cryptography(ECC)

3.3.e Compare and contrast SSL, DTLS, and TLS