Network Security Implementing and Configuring Cisco Identity Services Engine

Implementing and Configuring Cisco Identity Services Engine

Location:

Date of Class:

Instructor:

Last Day To Enroll:

3695.00 3,695.00
$3,695.00
PRICE PER USER
$
X
USERS


=
SUBTOTAL
$
  • Course Delivery: Virtual Classroom

Chat Live | Contact Us | Toll Free: (888) 360-8764

 

Description

The Implementing and Configuring the Cisco Identity Services Engine course provides security and consulting system engineers and administrators an intensive hands-on experience in setting up, deploying and managing the Cisco Identity Services Engine (ISE) version 1.3 to support authentication, authorization, accounting and policy-based networking for devices and users. You will walk through a complete install, configure the network and devices, and use ISE as a policy engine to protect the network. Hands-on labs include:

  • Installing Cisco ISE v1.3
  • Certificate Operations
  • Cisco ISE Node Deployment
  • Configure and Add Network Access Devices to Cisco ISE
  • Implementing ISE to support BYOD
  • Configuring Multiple Cisco ISE Policies
  • Configuring Cisco ISE Guest Services
  • Guest Services Self-Registration
  • Configuring Cisco ISE for Profiling
  • Configuring Cisco ISE for Posture Assessment
  • Cisco ISE Reporting
  • Working with Cisco ISE Monitoring and Troubleshooting

Who should attend

  • Cisco Channel Partner SEs and FEs that are seeking to meet the education requirements to attain ATP authorization to sell Cisco ISE.
  • Field engineers, network administrators, and consulting systems engineers who implement and maintain the Cisco ISE in enterprise networks.
  • Security architects, design engineers, network designers and others seeking hands-on experience with the Cisco ISE.
 

Course Objectives

Course Objectives

  • Install Cisco ISE 1.3.
  • Understand the concepts of policy enforcement in a Cisco Network.
  • Configure Cisco ISE 1.3 for Guest Access, BYOD and MDM and Cisco ISE Compliance and Posture.
  • Understand the concepts of designing and implementation along with Cisco recognized best practices.

Follow On Courses

  • Implementing Cisco IP Routing v2.0 (ROUTE)
  • Implementing Cisco Edge Network Security Solutions (SENSS)
  • Implementing Cisco Secure Mobility Solutions (SIMOS)
  • Implementing Cisco Secure Access Solutions (SISAS)
  • Implementing Cisco Threat Control Solutions (SITCS)
 

Topics Covered

Detailed Course Outline

Module 1: Introducing the Cisco Secure Access Solution and ISE Platform Architecture

Lesson1: The Cisco Secure Access Solution

  • Standard Access Solution
  • Components of a Secure Access Solution
  • High-level client access, identifying the previously defined components—802.1X, MAB,
  • Web Authentication and VPN

Lesson 2: Cisco ISE as a Network Access Policy Engine

  • Components of an ISE deployment
  • ISE Functions (Access Policy, Guest Lifecycle Management, Profiling, Posture, BYOD, pxGrid, and so on.)

Lesson 3: Cisco ISE Policy Security Mechanisms

  • Context and Flexible Authentication
  • RADIUS CoA
  • Access Point ACLs—dACLs, wACLs, and NAD Filters (Switch and VPN)
  • TrustSec
  • Mobile Device Management (MDM)

Lesson 4: Cisco TrustSec

  • The standard Network Security Policy model
  • Security Policy
  • The TrustSec security model
  • MACsec 802.1AE

Lesson 5: Installing Cisco ISE

  • Installation pre-requisites—DNS, NTP, VM, DISK I/O, and so on
  • Completing the setup process
  • Certificates used in ISE—client Auth/ Web portals: admin, sponsor and client

Lesson 6: Cisco ISE GUI Orientation

  • Navigate the top-level areas of the Cisco ISE GUI
  • Use navigation features of Cisco ISE GUI, such as hover, drill down, and pop-ups

Module 2: Cisco ISE Policy Enforcement

Lesson 1: 802.1X and MAB Access – Wired and Wireless

  • 802.1X access and it’s components
  • MAC Authentication Bypass
  • NAD Configuration
  • ISE Configuration for 802.1X and MAB
  • 802.1X and MAB connections

Lesson 2: Identity Management

  • Identity
  • Internal Identity Sources
  • External Identity Sources
  • Multi-AD Overview and Configuration
  • Identity Source Sequences (ISSs)

Lesson 3: Cisco ISE Policy Overview

  • Authentication and Authorization parts of the process
  • Dictionaries, Identity Sources, and ISSs
  • Authentication and its components
  • Authorization and its components
  • Exception policies and policy sets

Lesson 4: Cisco ISE Policy Sets

  • Configure, enable, and use Policy Sets
  • Global versus local exception processing

Module 3: Web Authentication

Lesson 1: Web Access with Cisco ISE

  • Different Web Access Portals in ISE
  • Guest Access, BYOD, WebAuth use cases
  • Web Access components and configuration

Lesson 2: WebAuth Configuration

  • ISE and NADs Configuration for WebAuth
  • Wired, Wireless, Converged Access requirements
  • WebAuth configuration

Module 4: Cisco ISE Guest Services

Lesson 1: Cisco ISE Guest Access Components

  • Guest Access Services
  • Guest Flow for Hotspot Access
  • Guest Flow for Self-Registered Access
  • Guest Flow for Self-Registered Access with Approval
  • Guest Flow for Sponsored Access
  • Multiple Guest Portals
  • ISE 1.3 Guest Enhancement

Lesson 2: Guest Access Settings

  • Guest Access Settings
  • Guest Account Purge Policy
  • Custom Fields
  • Guest Email Settings
  • Guest Locations and SSIDs
  • •Guest Password and Username Policy
  • SMS Gateway Settings
  • Guest Types

Lesson 3: Sponsors and Sponsor Portals

  • Sponsor Groups Overview and Settings
  • Sponsor Portal Customization
  • Guest Account via Desktop Sponsor Portal
  • Guest Account via Mobile Sponsor Portal
  • Manage Guest Account

Lesson 4: Cisco ISE Guest Portal Overview

  • Guest Portals
  • Hotspot Guest Portals
  • Self-Registration Guest Portals
  • Sponsored Guest Portal
  • Customize Guest Portals
  • Assign Portal in AuthZ Profiles

Lesson 5: Cisco ISE Guest Operations and Reports

  • New Monitoring Reports
  • New Guest Access Reports
  • New Guest Logging Messages
  • Home Page Guest Reports
  • Enhanced Debug Logs
  • Endpoint Purging

Module 5: Cisco ISE Profiler

Lesson 1: Introduction to Profiling

  • Information Sources
  • How Profiling Probes access the data
  • Profiling Probes
  • NADs for Profiling
  • Endpoint Identity Information

Lesson 2: Profiling Configuration on Cisco ISE

  • Profiler on Cisco ISE
  • Profiler Policies and Conditions
  • Profiler Configuration

Module 6: Cisco ISE BYOD and MDM

Lesson 1: Cisco ISE BYOD Process Overview

  • BYOD Components
  • BYOD Enhancements
  • BYOD Design

Lesson 2: BYOD Portal Selection

  • BYOD Portal Selection Process
  • Single-SSID BYOD Configuration
  • Dual-SSID BYOD Configuration

Lesson 3: My Devices Portal Settings

  • My Devices Portal Configuration
  • My Devices Portal End-user Experience

Lesson 4: Certificates in BYOD Scenarios

  • Local ISE CA Server and Local Certificates
  • Certificate Templates
  • Certificates Operations

Lesson 5: Describe MDM and ISE

  • MDM

Module 7: Cisco ISE Endpoint Compliance Services

Lesson 1: Endpoint Compliance – Posture Service Overview

  • Endpoint Compliance and Access
  • Compliance Components
  • Compliance MDM, AnyConnect, and NAC agents

Lesson 2: Client Provisioning in Cisco ISE

  • Client Provisioning Flows
  • Client Provisioning Settings
  • Client Provisioning Policy

Lesson 3: Mobile Client Provisioning in Cisco ISE

  • MDM
  • Cisco ISE integration with MDM servers
  • Mobile device agent provisioning

Lesson 4: Configuring Cisco ISE for Posture Compliance

  • Configuration of Posture Services
  • Authorization Policy Adjustments for Posture
  • Posture Reports

Module 8: Using Cisco ISE for VPN-based Services

Lesson 1: VPN Access Overview

  • AAA – External Authentication
  • Access Flows with Cisco ISE and ASA 9.2+
  • Access Flows with Cisco ISE and ASA Pre9.2

Lesson 2: Configuring Cisco ASA v9.2+ for VPN Access

  • ASA for VPN authentication via ISE
  • Add ASA as new NAD on ISE
  • Cisco ISE for Posture services
  • ASA v9.2+ for Posture services
  • Posture configuration on ASA and ISE

Lesson 3: Using Inline Posture Node for NADs without CoA Support

  • Inline Posture Node
  • Inline Posture processing flow
  • Routed and bridged modes of Inline Posture Node

Module 9: Cisco TrustSec

Lesson 1: Cisco TrustSec

  • SGA Overview
  • SXP and SGACLs Overview
  • SGFW Enforcement

Module 10: Cisco ISE Design

Lesson 1: Node Capabilities

  • Cisco ISE Deployment Types
  • Node Communications

Lesson 2: Failover and High Availability

  • Failover and High Availability Options
  • Network Infrastructure Requirements

Module 11: Cisco ISE Best Practices

Lesson 1: Best Practices

  • Deployment Best Practices
  • Certificates Best Practices
  • Profiling Best Practices
  • CWA Best Practices
  • Logging and Troubleshooting

Labs

  • Initial Configuration of Cisco ISE
  • Cisco ISE GUI Setup
  • Integrate Cisco ISE with Active Directory
  • Integrating Cisco ISE with a second Microsoft Active
  • Basic Policy Configuration
  • Conversion to Policy Sets
  • Configure Guest Access
  • Guest Access Operations
  • Guest Reports
  • Configuring Profiling
  • Customizing the Cisco ISE Profiling Configuration
  • ISE Profiling Reports
  • BYOD Configuration
  • Device Blacklisting
  • Compliance
  • Configuring Client Provisioning
  • Configuring Posture Policies
  • Testing and Monitoring Compliance-Based Access
  • Compliance Policy Testing
  • MDM Integration with Cisco ISE
  • MDM Access and Configuration
  • Client Access with MDM
  • Using Cisco ISE for VPN Access
 

Prerequisites

  • CCNA or equivalent level of experience with Cisco infrastructures. The Course Interconnecting Cisco Network Devices Part 2, Version 2.0 (ICND2) provides the prerequisite knowledge
  • CCNA Security or equivalent level of experience with Cisco infrastructures. The course Implementing Cisco Network Security v3.0 (IINS) provides the prerequisite knowledge
  • Familiarity with Microsoft Windows and Microsoft Active Directory. Courses Active Directory Services with Windows Server (10969) and Administering Windows Server 2012 (20411) will provide the prerequisite knowledge. http://www.fastlaneus.com/course/microsoft-20411 Administering Windows Server 2012 (20411)
  • Familiarity with 802.1X. The course Introduction to 802.1X Operations for Cisco Security Professionals (802.1X) provides the prerequisite knowledge
 

Subject Matter Expert

NA

Got questions? Contact us below or call 877-881-2235

Why Choose 360training.com?

  • Fast and easy courses completion
  • Get an education faster than at traditional colleges!
  • 100% online - No classroom attendance required.
  • Unlimited 24x7 online customer support
  • Over 500,000+ certified nationwide.