FLEXVPN 

LAB GUIDE/HANDBOOK


  The Definitive Guide to learn new VPN 

 Technologies






"Future of VPN technologies lies in a Unified VPN model i.e FLEXVPN "

 FLEXVPN Features

FlexVPN also known as 'Unified Overlay VPN' is Cisco's implementation of the IKEv2 standard featuring a unified paradigm and CLI that combines site to site, remote access, hub and spoke topologies and partial meshes (spoke to spoke direct).FlexVPN offers a simple but modular framework that extensively uses the tunnel interface paradigm while remaining compatible with legacy VPN implementations using crypto maps.


Flex is a way to combine multiple frameworks (crypto maps, ezvpn, DMVPN) into single, comprehensible set of CLI and bind it together with something offering more flexibility and means to extend functionality in future.
 

   FlexVPN

PRODUCTS INCLUDED

    Cisco Integrated Services Routers 15.2T code
  Cisco Adaptive Security Appliance (ASA) 8.4
  Cisco Identity Services Engine (ISE) 1.1.2
  Cisco Secure Access Control System (ACS5.4)
  Cisco AnyConnect Secure Mobility Client v3.x


Table Of Contents :


Check Understanding FLEXVPN (Unified Overlay VPN)
Check  Understanding IKEv2 constructs & IKEv2 Smart Defaults
Check  Configuring Site to Site VPN tunnels between different endpoints i.e. Cisco ASA firewalls , Cisco Integrated Services Routers (ISR) et.
Check Configuring Lan to Lan Tunnels using IPv4 as well as IPv6 & using dynamic routing protocols for reachability 
Check  Understanding Configuring VPNs using both IKEv2/Crypto Maps &  Static  Virtual Tunnel Interfaces 
Check  Understanding configurating between different RADIUS-based servers for  Remote Access Clients/Site to Site VPN tunnels
Check  Understanding Components of Cisco IOS Certificate Authority (CA) & need for Extended Key Usage (EKU) in Certificates
Check

 Configuring Hybrid/Asymmetric authentication methods i.e. Using PreShared Keys on HUB/Certificates on SPOKES etc

Check Understand & Configuring Configuration Exchange & IKEv2 Routing methodologies 
Check

 Configuring Direct Spoke to Spoke tunnels for Per-Peer features i.e. Per-Peer Config & Per-Peer QoS application

Check  Understanding need for FLEXVPN Resiliency & configuring backup/secondary peers for failure scenarios
Check

Using  Extensible Authenticaiton Protocol (EAP) instead of X-AUTH 

Check

Configuring Remote Access VPN Users (Cisco AnyConnect Secure Mobility Clents v3) via EAP authentication/ Certificate Based Authentication

Check

Configuring/Demonstrating Remote Access VPN authentication /authorization via both Cisco Secure ACS 5.X & Cisco Identity Services Engine (ISE) 1.1.X

Check  Configuring Authorization Profiles/End Users/Authorization Rules & Performing Live Authentication on Cisco Secure ACS 5.X & Cisco Identity Services Engine (ISE) 1.1.X
Check  Configuring Cisco IOS Certificate Authority to support Extended Key Usage (EKU)

  "FLEXVPN Lab Guide/HandBook" 

                            

2CheckOut.com Inc. (Ohio, USA) is an authorized retailer for goods provided by PacketWisdom.Com

  • Scenarios/Technology based Detailed Labs :


    Check  FlexVPN – a Unified Overlay VPN Introduction
    Check  Understanding IKEv2 Constructs & IKEv2 Smart Defaults
    Check  Site to Site VPN tunnels using Smart Defaults
    Check  Site to Site VPN using IKEv2 Custom Configuration
    Check  Site to Site VPN using IPv6 routing
    Check  
    Site to Site VPN between Cisco Adaptive Security Appliance (ASA) & Cisco VPN Gateway(IOS) using IKEv2/Crypto Maps

    Check
    Site to Site VPN between Cisco Adaptive Security Appliance (ASA) & Cisco VPN Gateway(IOS)using Static Virtual Tunnel Interface(SVTI)
                      
    Check

    Site to Site VPN  using Virtual Templates

    Check Setting up Certificate Authority (CA) & authenticating/enrolling PKI clients to it
                       
    Check

    Site to Site VPN using RSA-Signatures (Certificate Based Authentication)
                       

    Check  Basic HUB & SPOKE TOPOLOGY (PSK Based Authentication)
                       
    Check

     Advanced HUB & SPOKE (Using Hybrid/Asymmetric Authentication)

                       *     Certificate on HUB, PSK on SPOKES
    Check

     Advanced HUB & SPOKE (IKEv2 Routing with LOCAL Authorization)

                       *     Certificate on HUB, PSK on SPOKES             
    Check

     Advanced HUB & SPOKE (IKEv2 Routing with RADIUS Authorization                        *     Certificate on HUB, PSK on SPOKES               

    Check

     Advanced HUB & SPOKE (Direct Spoke to Spoke Tunnel)

                       *     Using Virtual Access Interface/Static Tunnel Interface
    Check

       FLEX VPN RESILIENCY Scenarios

                        *     Primary HUB/Secondary HUB
                       
    *     Backup Peers
    Check

     Extensible Authentication Protocol (EAP) Introduction/basics
                       

    Check

    FlexVPN Remote Access VPN using EAP Authentication via Cisco Secure ACS 5X

    Check FlexVPN Remote Access VPN using EAP Authentication via Cisco Identity Services Engine (ISE) 1.1.X 
    Check  & Many MORE !!!

    "FLEXVPN LAB GUIDE/HANDBOOK"

       To Preview Sample of product or for any queries ,please send an email to Support

    support@packetwisdom.com

    Here are the screenshots :

    ScreenCaps



    flexvpn1
    flexvpn2


    flexvpn3



    flexvpn4



    flexvpn5


    flexvpn6


    flexvpn7


    flexvpn8

    flexvpn9




    "FLEXVPN LAB GUIDE/HANDBOOK"


  • flexvpn10



    flexvpn11


    flexvpn12


    flexvpn13


    flexvpn14


    flexvpn15


    flexvpn16



    flexvpn17


    flexvpn18


    flexvpn19





    "FLEXVPN LAB GUIDE/HANDBOOK"



    flexvpn20


    flexvpn21


    flexvpn22

    flexvpn23


  • flexvpn24
    flexvpn25
    flexvpn26

    flexvpn27

    flexvpn28


            "FLEXVPN LAB GUIDE/HANDBOOK"


  • $99



    2CheckOut.com Inc. (Ohio, USA) is an authorized retailer for goods provided by PacketWisdom.Com

    COPYRIGHT © 2013 PacketWisdom.Com

    This product deployment guide was developed by Tariq Ahmad. All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the author. In doing so all future updates are forfeited. Cisco®, Cisco® Systems, and CCIE (Cisco® Certified Internetwork Expert) are registered trademarks of Cisco® Systems, Inc. and or its affiliates in the U.S. and other countries.

     
    DISCLAIMER:
    This publication, FlexVPN Lab Guide/Handbook is designed to provide technical information and assist candidates in the preparation for CISCO Systems CCNA Security, CCNP Security as well as CCIE Security Lab Exam. The information may also assist any networking engineer in his or her day-to-day duties. While every effort has been made to ensure this book is complete and as accurate as possible, the enclosed information is provided on an 'as is' basis. The author, and PacketWisdom.Com, shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book. The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc. This book is NOT sponsored by, endorsed by or affiliated with Cisco Systems, Inc. Any personal information received will only be used to fill your order. We will not sell or redistribute your information to anyone. Refunds will not be considered once the purchase is complete. The Book will be personalized using watermarks & printing will be restricted. The right is reserved to refuse the sale of the  FlexVPN Lab Guide/Handbook to any individual linked to, listed as a member of, or associated with dump, group-buys and/or illegal sharing sites!