US Region

Grandmetric LLC
Brookfield Place Office
200 Vesey Street
New York, NY 10281
EIN: 98-1615498
Phone: +1 302 691 94 10

EMEA Region

ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43

Enterprise VPN. Design, Build & Operate.

Enterprise VPN. Design, Build & Operate.

“Enterprise VPN. Design, Build, Operate.” guides the students through DMVPN and GETVPN technologies and in deep. Taking this course, students will be able to understand WAN Enterprise connection methods, applications, configuration, and troubleshooting. Course will help in designing redundant Enterprise class WAN solution using overlays.


Enterprise VPN training agenda:

1) About the course

  • Course organization
  • Theory and Hands on labs approach
  • 14 main LAB topics and 3 Troubleshooting


2) DMVPN Overview

  • Dynamic Multipoint VPN Applications
  • Dynamic Multipoint VPN Architecture – 3 pillars and phases
  • Pillar 1: Next Hop Resolution Protocol
  • Pillar 2: Multipoint GRE (mGRE)
  • Pillar 3: IPSec tunnels
  • DMVPN Phase 1: configuration specifics, Hub & Spoke behavior
  • DMVPN Phase 2: configuration specifics, Hub & Spoke and Spoke to Spoke behavior
  • DMVPN Phase 3: configuration specifics, shortcuts and redirects
  • Overlay Routing: OSPF vs EIGRP in DMVPN – design challenges
  • Configuration explained


3) Lab Topology overview

  • Physical and logical topology description


4) Basic topology setup – Day 1 Labs

  • LAB0: Sites addressing, interfaces setup – warm up excersise
  • LAB1: Site to Site IPSec VPN configuration – warm up excersise
  • LAB2: DMVPN Hubs and spokes basic configuration
  • LAB3: Prefix exchange and connectivity
    • Tunnels
    • NHRP
    • IPSec (PSK vs. X.509 authentication)
  • LAB4: Overlay routing configuration (OSPF)


5) DMVPN – High availability and policy tuning

  • Working with dual hub scenario
  • LAB5: Ensuring HA architecture
  • Switching between DMVPN Phases
  • LAB6: Reconfiguring DMVPN deployment for different phases
  • Underlying and overlay routing dependencies and tuning
  • LAB7: Building anti-loop topology. DMVPN stability.
  • Quality of Service (QoS) in DMVPN
  • LAB8: Implementing QoS for DMVPN traffic


6) Troubleshooting in DMVPN – approach

  • Testing and troubleshooting exercises
  • Q&A and session summary


7) GETVPN Overview

  • Group Encrypted Transport VPN Application and architecture
  • Transport mode vs Header preservation and GDOI protocol
  • GETVPN Key Server (KS) role, authentication methods, key management, policies
  • GETVPN Group Member (GM) role, key management, policies
  • High Availability architecture in GETVPN, Cooperative Key Server (COOP)
  • Configuration Explained


8) GETVPN topology setup – Day 2 and 3 Labs

  • GETVPN topology overview
  • LAB9: Sites addressing, interfaces setup
  • LAB10: GETVPN KS and GM provisioning
  • LAB11: Underlying network and GETVPN routing
  • LAB12: Quality of Service


9) VPN Remote Access

  • Topology overview
  • Remote Access VPN challenge – SSL or IPSec IKEv1 or IPSec IKEv2 ?
  • Cisco Anyconnect Secure Mobility Client with Cisco ASA solution
  • Working with Group Policies and Tunnel Groups
  • Setting up pools, restrictions, AD and Cisco ISE integrations
  • LAB13: Building solution


10) Q&A and course summary

  • Q&A session
  • Course summary


You can check the basic reference configs in our design & configure kb section.

Contact with us

Do not hesitate to ask for more info about this course.

See also

Technology : WAN & Internet Edge

Level : Intermediate

Type : On site

Technology : Security, NG Firewalls

Level : Intermediate

Type : On site, Online

Technology : ISE 2.X & ISE 3.0

Level : Intermediate

Type : On site

Technology : IP, Routng, Switching, WiFi, Security, Data Center

Level : Entry

Type : On site, Online