IT Certification and Career Paths

642-648 VPN

Hierarchical Navigation

Deploying Cisco ASA VPN Solutions (VPN)

Exam Number 642-648 VPN
Associated Certifications CCNP Security
Cisco ASA Specialist
Cisco IPS Specialist
Cisco VPN Security Specialist
Duration 90 minutes (65-75 questions)
Available Languages English, Japanese
Register Pearson VUE
Exam Policies Read current policies and requirements
Exam Tutorial Review type of exam questions

Deploying Cisco ASA VPN Solutions (VPN) exam is associated with the CCSP, CCNP Security, Cisco ASA Specialist and Cisco IPS Specialist certifications. This exam tests a candidate's knowledge and skills needed to deploy Cisco ASA-based VPN solutions. Successful candidates will be able to reduce risk to the IT infrastructure and applications using Cisco ASA VPN features, and provide detailed operations support for the Cisco ASA. Candidates can prepare for this exam by taking the Deploying Cisco ASA VPN Solutions (VPN) course.

Exam Topics

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam.

Common Cisco ASA adaptive security appliance VPN Configurations Components

  • Identify ASA VPN licensing requirements
  • Identify the components and features of AnyConnect 3.0 Mobility (VPN, NAM, Web Sec (ScanSafe), an Telemetry)
  • Implement ASA VPN connection profiles, group policies, and user policies
  • Implement Simple Certificate Enrollment Protocol (SCEP) proxy operations using Cisco Adaptive Security Device Manager (ASDM)
  • Implement local and external VPN authorization using ASDM
  • Implement VPN session accounting using ASDM
  • Implement Cisco Secure Desktop and Independent Host Scan operations using ASDM
  • Implement DAP operations using ASDM
  • Implement LOCAL CA operations for Secure Sockets Layer (SSL) VPNs using ASDM
  • Implement certificate maps using ASDM
  • Identify the ASA IPv6 VPN capabilities
  • Monitor and verify the resulting CLI commands resulting from the various VPN configurations on the ASA

ASA IP SEC S2S VPN

  • Implement a security high-level design according to policy and environmental requirements by identifying Cisco ASA IPSec S2S VPN features and supporting technologies
  • Implement basic IPSEC S2S VPN operations with PSK and digital certificates using ASDM
  • Implement basic IKEv2 based IPSEC S2S VPN operations using ASDM
  • Troubleshoot the initial provisioning IPSec S2S VPN applications due to misconfiguration

ASA EZVPN

  • Implement a security high level design according to policy and environmental requirements by identifying Cisco ASA VPN client features and supporting technologies
  • Implement basic EZVPN server operations on the ASA using ASDM

Basic EZVPN remote operations on the ASA 5505 using ASDM

  • Implement AnyConnect 3.0 IKEv2 RA VPN operations
  • Implement Client Services Server (CSS) feature
  • Troubleshoot the initial provisioning IPSec RA VPN applications due to misconfiguration

ASA AnyConnect SSL VPNs

  • Implement a security high-level design according to policy and environmental requirements by identifying Cisco ASA AnyConnect client features and supporting technologies
  • Implement DTLS operations using ASDM
  • Implement basic AnyConnect 3.0 full tunnel SSL VPN operations
  • Troubleshoot AnyConnect SSL VPN operations using DART
  • Implement AnyConnect Profiles using ASDM
  • Implement advanced authentication in AnyConnect Full Tunnel SSL VPNs (certificate and multi-authentication) using ASDM
  • Troubleshoot the initial provisioning client-based SSL VPN applications due to misconfiguration

ASA Clientless SSL VPNs

  • Implement a security high level design according to policy and environmental requirements by identifying Cisco ASA clientless SSL VPN features and supporting technologies
  • Implement basic Clientless SSL VPN operations using ASDM
  • Implement advanced applications access using ASDM
  • Implement the SSO features on the ASA in a clientless SSL VPN environment
  • Implement advanced authentication in clientless SSL VPNs (certificate and multi-authentication) using ASDM
  • Manage the clientless SSL VPN user interface and portal using ASDM
  • Implement basic portal customization
  • Troubleshoot the initial provisioning of Clientless SSL VPN applications due to misconfiguration

SSL VPN High Availability

  • Implement SSL and IPSEC VPN high availability features

The following course is the recommended training for this exam.

  • Deploying Cisco ASA VPN Solutions (VPN)

Courses listed are offered by Cisco Learning Partners-the only authorized source for Cisco IT training delivered exclusively by Certified Cisco Instructors. Check the List of Learning Partners for a Cisco Learning Partner nearest you

A variety of Cisco Press titles may be available for this exam. These titles can be purchased through the Cisco Marketplace Bookstore, directly from Cisco Press.
      Register at Pearson VUE      

Cisco Learning Network

Get valuable IT training resources for all Cisco certifications. Access study tools, CCNA practice tests, IT salaries, and find IT jobs.

Go Now

Cisco Training Tools

Use the following tools to assist in your certification journey.

Global Learning Locator Self Assessment Tool Certification Tracker Certifications & Communities Online Support

Cisco Learning Labs

Get hands-on routing / switching lab experience using Cisco IOS on UNIX.

Learn More