Enterprise VPN. Design, Build & Operate.

“Enterprise VPN. Design, Build, Operate.” guides the students through DMVPN and GETVPN technologies and in deep. Taking this course, students will be able to understand WAN Enterprise connection methods, applications, configuration, and troubleshooting. Course will help in designing redundant Enterprise class WAN solution using overlays.

Enterprise VPN training agenda:

1) About the course

• Course organization
• Theory and Hands on labs approach
• 14 main LAB topics and 3 Troubleshooting

2) DMVPN Overview

• Dynamic Multipoint VPN Applications
• Dynamic Multipoint VPN Architecture – 3 pillars and phases
• Pillar 1: Next Hop Resolution Protocol
• Pillar 2: Multipoint GRE (mGRE)
• Pillar 3: IPSec tunnels
• DMVPN Phase 1: configuration specifics, Hub & Spoke behavior
• DMVPN Phase 2: configuration specifics, Hub & Spoke and Spoke to Spoke behavior
• DMVPN Phase 3: configuration specifics, shortcuts and redirects
• Overlay Routing: OSPF vs EIGRP in DMVPN – design challenges
• Configuration explained

3) Lab Topology overview

• Physical and logical topology description

4) Basic topology setup – Day 1 Labs

• LAB0: Sites addressing, interfaces setup – warm up excersise
• LAB1: Site to Site IPSec VPN configuration – warm up excersise
• LAB2: DMVPN Hubs and spokes basic configuration
• LAB3: Prefix exchange and connectivity
  • Tunnels
  • NHRP
  • IPSec (PSK vs. X.509 authentication)
• LAB4: Overlay routing configuration (OSPF)

5) DMVPN – High availability and policy tuning

• Working with dual hub scenario
• LAB5: Ensuring HA architecture
• Switching between DMVPN Phases
• LAB6: Reconfiguring DMVPN deployment for different phases
• Underlying and overlay routing dependencies and tuning
• LAB7: Building anti-loop topology. DMVPN stability.
• Quality of Service (QoS) in DMVPN
• LAB8: Implementing QoS for DMVPN traffic

6) Troubleshooting in DMVPN – approach

• Testing and troubleshooting exercises
• Q&A and session summary

7) GETVPN Overview

• Group Encrypted Transport VPN Application and architecture
• Transport mode vs Header preservation and GDOI protocol
• GETVPN Key Server (KS) role, authentication methods, key management, policies
• GETVPN Group Member (GM) role, key management, policies
• High Availability architecture in GETVPN, Cooperative Key Server (COOP)
• Configuration Explained

8) GETVPN topology setup – Day 2 and 3 Labs

• GETVPN topology overview
• LAB9: Sites addressing, interfaces setup
• LAB10: GETVPN KS and GM provisioning
• LAB11: Underlying network and GETVPN routing
• LAB12: Quality of Service

9) VPN Remote Access

• Topology overview
• Remote Access VPN challenge – SSL or IPSec IKEv1 or IPSec IKEv2 ?
• Cisco Anyconnect Secure Mobility Client with Cisco ASA solution
• Working with Group Policies and Tunnel Groups
• Setting up pools, restrictions, AD and Cisco ISE integrations
• LAB13: Building solution

10) Q&A and course summary

• Q&A session
• Course summary

You can check the basic reference configs in our design & configure kb section.