View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

certificate

SEC0024 - L2L IPSec IKEv1 with Certificate on Router and ASA

The video walks you through configuring site-to-site (L2L) IPSec VPN tunnel between Cisco router and ASA firewall using certificate authentication. You will see that choosing the type of identity to send and match becomes very important as the certificate does not get exchanged until later in Phase 1 negotiation. Using aggressive mode allows the device identity contained in the certificate to be revealed sooner but at a risk of identity exposure. Aggressive mode will also be reviewed in this video.

Rating: 
0
No votes yet
Difficulty Level: 
3

SEC0022 - Router Remote Access IPSec VPN with Pre-Shared Key and Certificate

The video demonstrates configuration of remote access IPSec VPN with Windows software client on Cisco router. We will look at both simple pre-shared key authentication as well as using client certificate. The client is placed behind a NAT router to demonstrate the significance of NAT Transparency, and compare it to raw IPSec and cTCP (IPSec over TCP). The video finishes off by showing how client can be allowed access to local subnet when a non-split tunnel is used.

Rating: 
0
No votes yet
Difficulty Level: 
3

SEC0017 - ASA EZVPN with Pre-Shared Key & Certificate

The video walks you through configuration of Easy VPN (EZVPN) with Pre-shared key and certificate authentication on a Cisco headend ASA firewall. The hardware client router is running Client Mode and configured to automatically connect using a locally stored credential. This video is a counterpart of SEC0015 and SEC0016 with the headend router. Here we introduce the concept of 'group-policy' and 'tunnel-group' that are unique to the ASA, while most crypto command syntax is very similar to those on a router.

Rating: 
0
No votes yet
Difficulty Level: 
3

SEC0014 - Certificate Installation on Router and ASA

The video demonstrates how to install a SSL certificate on Cisco router and ASA firewall manually and via SCEP. Windows 2008 running Enterprise CA server is used in this lab to provide auto-enrollment. For manual enrollment, a Certificate Signing Request (CSR) is created on a network device and submitted to the CA through web enrollment. The issued certificate is then imported to the device. SCEP, on the other hand, automates the enrollment process into a single command through HTTP transaction given the CA is reachable to the devices.

Rating: 
0
No votes yet
Difficulty Level: 
2

SEC0011 - Windows 2008 CA SCEP Auto-Enrollment Options

The video presents you with various options to implement certificate Auto-Enrollment for network devices using SCEP. By default, a one-time challenge password needs to be generated and used per network device. This can be cumbersome and impractical in case the number of device is large. An alternative is to disable the use of challenge password entirely, but this could post security concern, although is potentially desirable in lab environment. An acceptable solution might be disabling auto-approval and have the CA admin approve certificate requests manually.

Rating: 
0
No votes yet
Difficulty Level: 
1

SEC0009 - Windows 2008 Enterprise CA SCEP Installation

The video walks you through an installation of Enterprise Certificate Authority (CA) and Network Device Enrollment Service (NDES) (aka SCEP) on a Windows 2008. We will test the server with a certificate request through web enrollment from a Windows client, as well as SCEP from a Cisco router. SCEP communication is captured and reviewed on Wireshark. At the end of the video, you should have a working CA server that you can use for certificate authentication in future labs.

Rating: 
0
No votes yet
Difficulty Level: 
2

Pages

Subscribe to RSS - certificate

Lab Minutes Classifieds