CCIE Security IOS/ASA PKI Quick Overview

    In the attached 33 pages will try to explain what is PKI and how to create PKI in Cisco IOS & ASA networks.


    • Why we need certificates?  PKI vs PSK
    • What is PKI ?
    • What is digital certificate (such as identity certificate) ?
    • What are the components of Digital Certificate?
    • What is (CA) Certificate Authority?
    • CA Types
    • How CA client ask CA server for issuing a certificate ?
    • Notes about using PKI as Authentication method in IPsec VPN connection
    • What is CRL certificate revocation list?
    • How we get certificate (enrollment) ?
    • Enrollment Protocols
    • Consideration when implementing PKI environment
    • Does Cisco IOS support ECDS?
    • Steps to configure IOS Router as CA Server (will issue certificate)
    • Steps to configure IOS Router CA Client (will get certificate)
    • Lab 1 Configuring IOS Router as CA Server & enroll IOS CA Client Router
    • Lab 2 IPsec  crypto map Site to Site VPN using PKI
    • Lab 3 IOS Router as CA (more advance settings)
    • Lab 4 IOS CA & IOS RA
    • Lab 5 Site to Site VPN ASA-ASA with PKI
    • ASA enrollment methods
    • ASA as CA Server ( aka Local CA)
    • Adding and Enrolling Users


    Good Luck

    Yasser Auda