Security

The video walks you through configuration NAT64, NAT46, and DNS64 on Cisco ASA using Object NAT to connect IPv6 to IPv4 network. We will look at both Stateless and Stateful NAT64 and NAT46, and highlight their pros and cons, and suggest when you should use one over the other. For Stateful NAT64, we will configure static, dynamic NAT, and PAT. We will also go over how DNS64 can help translating IP embedded in DNS packet as it crosses the v4-v6 network boundary. Packet analysis on Wireshark will be performed to help us gain better understanding of the IP address translation.

The video walks you through configuration NAT64, NAT46, and DNS64 on Cisco ASA using Object NAT to connect IPv6 to IPv4 network. We will look at both Stateless and Stateful NAT64 and NAT46, and highlight their pros and cons, and suggest when you should use one over the other. For Stateful NAT64, we will configure static, dynamic NAT, and PAT. We will also go over how DNS64 can help translating IP embedded in DNS packet as it crosses the v4-v6 network boundary. Packet analysis on Wireshark will be performed to help us gain better understanding of the IP address translation.

The video walks you through the process of installing and removing software patch on Cisco ACS 5.4 in a distributed deployment.  

The video walks you through the process of Backup and Restore on Cisco ACS 5.4 in a distributed deployment. We will simulate a failure on primary ACS and attempt to restore the server from a previous backup file.

The video demonstrates the process of setting up a distributed deployment on Cisco ACS 5.4. We will go through a secondary ACS registration, moving log collector role to a secondary ACS, failover testing, and promoting a secondary ACS to be a primary. Along the process, we will also verify MAR cache distribution that was configured in the previous labs, and note the caveat in the feature.

The video demonstrates file operation feature on Cisco ACS 5.4. We will go through Export, Add, Update, and Delete operations to manage our Network Device and User Identity database using Object Template and Export file. This feature will become very essential when you need to manipulate an object database in a large-scale deployment.  

The video demonstrates User Custom Attribute and Active Directory Attribute features on Cisco ACS 5.4. We will leverage these two features to enforce per-user VPN access as well as static IP assignment. Please note that this lab is built on top of configuration on the previous lab video (SEC0096).

The video walks you through configuration of VPN RADIUS authentication on Cisco ACS 5.4 with AnyConnect Client SSL VPN. We will try to solve the problem of users having to select a VPN group at login by dynamically assigning them to a group-policy via Class RADIUS attribute. We will also attempt to enforce per-user ACL via the Downloadable ACL on the ACS.

The video shows you how to configure wireless 802.1X on Cisco ACS 5.4 using PEAP and EAP-TLS. We will perform both machine and user authentications, and enforce successful machine authentication using Machine Access Restriction (MAR). We will introduces MAR Cache distribution, which is a feature introduced in ACS 5.4. For authentication, we will attempt both using AD login credential (PEAP) and client-based certificate (EAP-TLS).

Part 1 of the video focuses on configuration on the ACS.