Start with 7 free days of training.

Gain instant access to our entire IT training library, free for your first week.
Train anytime on your desktop, tablet, or mobile devices.

Deploying Cisco ASA VPN Solutions VPN v2.0

This Cisco video training course with Keith Barker covers securing virtual private networks, including topics such as VPN profiles and policies, Cisco Secure Desktop, GNS3, and more. It also prepares learners to take Cisco's 642-648 certification exam....
This Cisco video training course with Keith Barker covers securing virtual private networks, including topics such as VPN profiles and policies, Cisco Secure Desktop, GNS3, and more. It also prepares learners to take Cisco's 642-648 certification exam.

Related area of expertise:
  • Cisco security

Virtual Private Networks (VPNs) allow millions of remote users to safely and securely access corporate resources. Learn to design, implement and troubleshoot ASA-based SSL and IPsec VPN solutions.

From clientless SSL VPNs to high availability, including troubleshooting, Keith guides you through each topic on the 642-648 exam. Plus, he shows you how to get crucial hands-on practice of every VPN for real-world implementation.

If you’re working towards a CCNP, this course is for you. Keith maps his training to all objectives of the 642-648 exam, which goes towards CCNP Security, ASA Specialist and IPS Specialist certifications. Network pros who support VPN users will also find significant value in this course, which is packed with content that directly applies to real-world implementation of VPNs. To take full advantage of this course, the learner should be familiar with the fundamentals of the ASA, which is available in CBT Nuggets' CCNP Security Firewall course.
 show less
1. Welcome to Virtual Private Networks (VPNs): Getting the Most from this Course (11 min)
2. ASA VPN Options (41 min)
3. VPN Profiles and Policies (35 min)
4. Implementing Clientless SSL VPNs (44 min)
5. SSL and IPsec Technologies (30 min)
6. Plugging into the PKI (25 min)
7. AnyConnect SSL VPNs (40 min)
8. Smart Tunnels and Plugins (25 min)
9. IPsec RA VPNs (41 min)
10. Digital Certificates with IPsec Clients (28 min)
11. Site to Site IPsec VPNs (56 min)
12. AAA VPN Authentication (24 min)
13. Troubleshooting Clientless SSL VPNs (24 min)
14. Troubleshooting AnyConnect Client SSL VPNs (21 min)
15. Troubleshooting IPsec Client VPNs (31 min)
16. Troubleshooting IPsec Site-to-Site VPNs (21 min)
17. Cisco Secure Desktop and DAP (30 min)
18. High Availability VPNs (33 min)
19. VPN Pieces and Parts (32 min)
20. GNS3 and the ASA (31 min)

Welcome to Virtual Private Networks (VPNs): Getting the Most from this Course


Virtual private networks on the ASA. On behalf of the entire CBT Nugget family, I'd like to welcome you to the VPN series. Let's begin. I'd like you to visualize that you and I are coming back in from a fantastic lunch, and we go into our office, we're settling down, and the boss comes and talks to us.


And he says, hey, can you hep me? Or like, yeah, what do you need? He says, we need to implement some virtual private networks. Can you help us? Let's pause the story right there. The objective of this video series is to give you and I the skills and the tools that we need to not only say, yes, we can help you design and pick out the right type of virtual private network, but also to implement it correctly and to troubleshoot if necessary.


That's the entire objective of this video series, so that we have those skills. So that at the end of the day, when somebody has an issue, or a problem, or a question regarding virtual private networks, regardless of its remote access or site to site, regardless of if its SSL or IPsec, we are the people that they come to.


That's a simple objective. Let me walk you through exactly how we're going to get there. Oftentimes, when an individual goes on a trip, or they travel, sometimes they'll pick up trinkets, or souvenirs, or mementos of their journey. Well for you and I, on this journey together, through the world of virtual private networks on the ASA, we too, when we're done, are going to pick up some souvenirs and some trinkets.


However, they are represented by this. They're not going to be useless little things that we can put on a desk to remind us of something, but it's going to be the knowledge and understanding of how the ASA and these virtual private networks, how they operate, how to implement them, and how to troubleshoot them.


Our next question that we get the answer is, hey, who exactly is this video series for, the VPN 2.0? And the answer to that one is really, really simple. It's you. I created every single Nugget in this series for you, as if you and I were sitting right next to each other, we have our gear racked and stacked, ready to go.


And we have some computers, and we're simply designing, implementing, verifying, and troubleshooting when necessary all of the VPN technologies that are relevant for the ASA. One thing I've noticed is that many of us have different backgrounds and different levels of experience, so I wanted to talk to that just for a moment.


What do you do when you have all this knowledge about VPNs that you're about to get? Well, there's a couple options. Number one, you can simply be the smartest person in the room. You can be the go-to guy when the boss needs something or there's a problem, which is fantastic.


However, you also could take that knowledge, and you could apply it to certification. So that's another option as well. My first objective for us is to make sure that we understand the material, we have comfort levels with how it's done, how to implement, and how troubleshoot it.


And then secondly, for those individuals who want to pursue certification, you can directly take those skills and apply it to a certification exam if you desire to. So in that light, let me show you where that fits in the framework of Cisco's certifications.


Cisco has something called an ASA specialist. Now to get to be an ASA specialist, here's what you have to do. You have to be a current CCNA Route/Switch. And then from that, you have to be a CCNA security, because these are prerequisites for each other.


Then you take the firewall exam, which talks about all of the basics of the ASA, the network address translation, the attitude of the ASA, how it works, access control lists, modular policy frameworks, all that stuff. That's all covered in the firewall 2.0.


And then if you take this exam, 642- 648, which is the VPNs on the ASA, Cisco will award you. If you have everything below this, they'll award you the ASA specialist. And then, if you have ASA Specialist and the Firewall Specialist by taking secure, you can take one more exam, the IPS.


And that will get you a CCNP security. So I wanted to give you a clear picture of where this fits in. So I just also wanted to reinforce that, if that is one of your objectives, a side product, perhaps, you want the knowledge, you want the expertise on the VPNs, but you also want the certification, this video series does an excellent job of preparing you, as well, to pass a certification exam, if that's one of your objectives.


I'd like you to imagine that you're eating a candy bar. Just imagine your favorite candy bar, whatever it is, or your favorite treat. And it's almost gone, and you're finishing it. And I want to ask you a question. Are you going to finish the whole thing?


The answer is yes. The very little crumbs at the edge and stuff, they're going to get all in you. Well, I want to share with you some techniques that you can use in that same light to get every last drop of juice out of this training series. There are some specific steps, and they are, first of, all making the time.


It has been scientifically proven that you're not going to learn from a video that you don't watch. So schedule time to make sure you can watch the videos. And also, you might want to schedule some time for a repetition. Repetition is the mother of learning.


It also happens to be a great way to reinforce concepts that you want see again and again. So you might want to go through the videos a couple of times just to reinforce the concepts, or specific Nuggets that are of specific interest to you. The other thing that I learned over the years is taking notes is amazing.


You think, well, Keith, why would I want to take notes? And let me be frank with you. When I go to seminars, or workshops, and classes, I take detailed notes of everything I hear as fast as I can, or the critical pieces. And why do I do that? Well, the reality is, I may never go back to my notes.


However, if I write it down as I'm hearing it, my brain absorbs it better. This technique works. So here's what I want you to do. As we go through this video series together, as I'm talking, you can pause me any time you want to know. What I'd encourage you to do is, I'm talking, I say something, pause me, jot it down in your own handwriting, and that way it'll help you remember it that much better.


Even if you never go back to your notes, your understanding and the interpretation of what I'm saying will be that much more efficient. So if you're all about efficiency, please, please, please take notes. I'd like you to visualize that the help desk has called us and said, hey, we have a VPN user.


He's using the AnyConnect Client. He's not able to access the VPN or get it up and working. Can you help? Now I want you to think about what that feels like right now. If we haven't been in the interface, if we haven't actually gone through the steps of checking the connection profile, and the user, and the group policy, and we know where to look, it's very daunting, very frustrating, very scary, because we haven't had that practice.


So here's what I want you to commit to me right now. I want you to commit that you are going to practice everything that we do in the Nugget series together. Everything. If we're doing SSL implementation, I want you to do it yourself. If we're doing AnyConnect Client, I want you to do it yourself.


If we're doing IPsec site to site, I want you to do it yourself. By doing that, you can take those skills-- check this out-- take those skills that you've practiced with. You can turn and apply them directly to a production environment for troubleshooting, or implementing, or designing the VPNs.


So how do you do that? The way to do that, to get the practices either, have live gear that you can change, and practice with, and not mess with the production environment, or you can build a lab in GNS3. So guess what? In this video series, I've got a Nugget all about how to implement a virtualized ASA environment that supports VPNs.


That way, you can practice everything. You can practice up to 30,000 feet when you're flying. You can practice at the home office. You can practice at the corporate office without ever having to bother the live production gear. So make that commitment to me that you're going to practice everything that we do in the Nugget series together.


You'll thank me later, because again, you'll be able to directly apply those skills to your production environment. Another technique that I personally find very, very useful is to teach the topic to somebody else. Maybe we've just covered the plug-ins for the client list SSL VPN, which are pretty amazing.


And you have your notes. Maybe go find a friend, a coworker, a loved one, a child, a spouse, what have you, and tell them about it. Now in my family, here's what I've told my wife and my children upfront. I said, if I want to share information with you about something technical, you don't have to really get it, but I would appreciate if you just like look at me, not occasionally and say, oh, once in a while.


And they're great at it. I didn't expect them to be able to memorize or learn it, but sometimes, when working on a new topic, or a new concept, or I'm learning something myself, sharing it with others, verbalizing it, helps to clarify that idea in my own mind as well.


So I would encourage you to do the exact same thing. Teach others, and that will assist you even more. The other thing I'd like to offer is, let me know how you're doing. There's Facebook. There's also Twitter. And here's the information for both of those.


Well, let me know. If you have questions regarding some of the content, or some idea, or some topic, let me know. Let me know how you're doing. I'd be more than happy to offer support, make clarifications. Anything that I can do to assist you in your journey of being the person that people go to for VPNs, I'm all for it.


And that's my last piece right here, is that for many of you, it's not a bad idea to be the smartest person in the room on a given topic. I mean think about how that feels. You're in a room. There's a bunch a technical people there. And there's an issue, a problem, or someone needs guidance.


If it's VPN-related, take this Nugget series as the opportunity, as a stepping stone, to becoming the best in the room. The smartest person in the room regarding VPNs. It's very possible to do. I am super excited about joining you on this journey through the world of virtual private networks on the ASA, both as being your friend and your coach in this process.


And one of the observations that I'd like you to be aware of as it happens is that as you practice each and every concept that we discussed together in the Nuggets, your skills are going to dramatically increase. And those skills are directly applicable to the workplace as well.


So here's my request, if you would. As you become that person that people turn to as the expert on VPNs, and as you're designing, or troubleshooting, or implementing new flavors of VPNs for your network, I would like you to take one person-- every time you're working on a project, just grab one person and educate them.


Share what you know with that person. Find somebody. Maybe they're an entry level technician, or somebody that doesn't have the VPN knowledge, but would like it, and take them under your arm, and walk them through the steps that you're doing, and share the knowledge.


This goes right back to teaching someone else, because even after you've mastered the content, as you still continue to share that information with others, as the tide rises, all boats rise. And your life will be benefitted as a result as well. If you are ready, I am to.


In our very next Nugget, we're going take a look at the options available to us for implementing VPNs to meet a specific business need. I hope this has been informative for you. And I'd like to thank you for viewing.

ASA VPN Options

VPN Profiles and Policies

Implementing Clientless SSL VPNs

SSL and IPsec Technologies

Plugging into the PKI

AnyConnect SSL VPNs

Smart Tunnels and Plugins


Digital Certificates with IPsec Clients

Site to Site IPsec VPNs

AAA VPN Authentication

Troubleshooting Clientless SSL VPNs

Troubleshooting AnyConnect Client SSL VPNs

Troubleshooting IPsec Client VPNs

Troubleshooting IPsec Site-to-Site VPNs

Cisco Secure Desktop and DAP

High Availability VPNs

VPN Pieces and Parts

GNS3 and the ASA

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
Intermediate 11 hrs 20 videos


Training Features

Practice Exams
These practice tests help you review your knowledge and prepare you for exams.

Virtual Lab
Use a virtual environment to reinforce what you are learning and get hands-on experience.

Offline Training
Our iOS and Android mobile apps offer the ability to download videos and train anytime, anywhere offline.

Accountability Coaching
Develop and maintain a study plan with one-to-one assistance from coaches.

Supplemental Files
Files/materials that supplement the video training.

Speed Control
Play videos at a faster or slower pace.

Included in this course
Pick up where you left off watching a video.

Included in this course
Jot down information to refer back to at a later time.

Closed Captions
Follow what the trainers are saying with ease.
Keith Barker
Nugget trainer since 2012