CCSP Cisco Secure VPN Exam Certification Guide: CCSP Self-study

Front Cover
Cisco Press, 2003 - Computers - 562 pages

Official self-study test preparation guide for the Cisco 9E0-121 and 642-511 CSVPN exams

Coverage of the CSVPN topics enables you to identify and fill your knowledge gaps before the exam date. You'll learn about:

  • Configuring Cisco VPN 3000 concentrators and VPN 3002 Hardware Clients for remote access
  • Enabling secure VPNs using IPSec technologies
  • Peer authentication using preshared keys and digital certificates
  • Using Network Address Translation (NAT) and Port Address Translation (PAT) over VPNs
  • Administering and monitoring VPN concentrators in remote-access and LAN-to-LAN networks Utilizing IPSec protocols and features
  • Configuring VPN Client personal firewall support through the VPN concentrator
  • Integrated unit and interactive user authentication through the Cisco VPN 3002 Hardware Client

Becoming a CCSP distinguishes you as part of an exclusive group of experts, ready to take on today's most challenging security tasks. Installation and configuration of Cisco VPN 3000 Series concentrators and Cisco VPN 3002 Hardware Clients are critical tasks in today's network environments, especially as reliance on the public Internet as an extension of business networks increases. Whether you are seeking a Cisco VPN Specialist Certification or the full-fledged CCSP Certification, learning what you need to know to pass the CSVPN (Cisco Secure Virtual Private Networks) exam qualifies you to keep your company's network safe while meeting its business needs.

CCSP Cisco Secure VPN Exam Certification Guide is a comprehensive study tool that enables you to master the concepts and technologies required for success on the CSVPN exam. Each chapter of the CCSP Cisco Secure VPN Exam Certification Guide tests your knowledge of the exam subjects through sections that detail exam topics to master and areas that highlight essential subjects for quick reference and review. Challenging chapter-ending review questions and exercises test your knowledge of the subject matter, reinforce key concepts, and provide you with the opportunity to apply what you've learned in the chapter. In addition, a final chapter of scenarios pulls together concepts from all the chapters to ensure you can apply your knowledge in a real-world environment. The companion CD-ROM testing engine enables you to take practice exams that mimic the real testing environment, focus on particular topic areas, and refer to the electronic text for review.

This book is part of a recommended learning path from Cisco Systems that can include simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

Companion CD-ROM
This companion CD-ROM contains a test bank with more than 200 practice exam questions.

 

What people are saying - Write a review

We haven't found any reviews in the usual places.

Selected pages

Contents

All About the Cisco Certified Security Professional
3
How This Book Can Help You Pass the CCSP Cisco Secure VPN Exam
5
The Cisco Secure VPN Exam
6
Topics on the Cisco Secure VPN Exam
8
Recommended Training Path for the CCSP Certification
10
Using This Book to Pass the Exam
11
Overview of VPN and IPSec Technologies
15
Do I Know This Already? Quiz
16
Action
289
Configuring the Stateful Firewall
290
Firewall
291
Scenario 61
299
Monitoring and Administering the VPN 3000 Series Concentrator
303
Do I Know This Already? Quiz
304
Administering the Cisco VPN 3000 Series Concentrator
307
Administer Sessions
310

Foundation Topics Cisco VPN Product Line
21
Using Cisco VPN Products
26
An Overview of IPSec Protocols
36
The IPSec Protocols
39
Security Associations
46
Existing Protocols Used in the IPSec Process
47
Authenticating IPSec Peers and Forming Security Associations
54
Establishing VPNs with IPSec
57
Interesting Traffic Triggers IPSec Process
59
Authenticate Peers and Establish IKE SAs
61
Terminate VPN
62
Table of Protocols Used with IPSec
63
IPSec Preconfiguration Processes
65
Cisco VPN 3000 Concentrator Series Hardware Overview
79
Do I Know This Already? Quiz
80
Foundation Topics
85
Ease of Deployment and Use
87
Security
90
Fault Tolerance
94
Ease of Upgrades
99
Comparison and Features
100
Cisco VPN 3005 Concentrator
101
Cisco VPN 3015 Concentrator
102
Cisco VPN 3030 Concentrator
103
Cisco VPN 3060 Concentrator
104
Cisco VPN 3000 Concentrator Series LED Indicators
105
Cisco Secure VPN Client Features
108
Cisco VPN Client
109
Foundation Summary
111
Table of Cisco VPN 3000 Concentrator Capabilities
112
Configuring Cisco VPN 3000 for Remote Access Using Preshared Keys
125
Do I Know This Already? Quiz
126
Foundation Topics Using VPNs for Remote Access with Preshared Keys
132
Group Preshared Keys
133
VPN Concentrator Configuration
134
Cisco VPN 3000 Concentrator Configuration Requirements
135
Cisco VPN 3000 Concentrator Initial Configuration
136
Configuring IPSec with Preshared Keys Through the VPN 3000 Concentrator Series Manager
152
Advanced Configuration of the VPN Concentrator
169
Installing and Configuring the VPN Client
174
VPN Client Features
175
VPN Client Installation
177
Types of Preshared Keys
186
VPN 3000 Concentrator BrowserBased Manager Quick Configuration Steps
187
VPN Client Configuration Steps
188
Limits for Numher of Groups and Users
189
Complete Administration Table of Contents
192
Complete Monitoring Table of Contents
193
Scenario 41
207
Scenario 42
208
Scenario 41 Answers
210
Scenario 42 Answers
211
Configuring Cisco VPN 3000 for Remote Access Using Digital Certificates
215
How to Best Use This Chapter
216
Do I Know This Already? Quiz
217
Foundation Topics Digital Certificates and Certificate Authorities
221
Simple Certificate Enrollment Process Authentication Methods
228
CA Vendors and Products that Support Cisco VPN Products
231
Digital Certificate Support Through the VPN 3000 Concentrator Series Manager
232
Certificate Validation
237
IKE Configuration
239
Configuring the VPN Client for CA Support
241
PKCS 10 Certificate Request Fields
245
Types of Digital Certificates
246
InternetBased Certificate Authorities
247
Scenario 51
255
Scenario 51 Answers
256
Scenario 52 Answers
257
Configuring the Cisco VPN Client Firewall Feature
259
Do I Know This Already? Quiz
260
Cisco VPN Client Firewall Feature Overview
265
Firewall Configuration Overview
267
The Are You There Feature
269
Name Direction and Action
273
Source Address and Destination Address
274
ICMP Packet Type
276
Configuring the VPN Concentrator for Firewall Usage
277
Firewall Setting
278
Firewall
279
Firewall Policy
280
Monitoring VPN Client Firewall Statistics
281
Enabling Automatic Client Update Through the Cisco VPN 3000 Concentrator Series Manager
283
Cisco VPN Client Firewall Feature Overview
285
Stateful Firewall Always On Feature
287
Cisco Integrated Client
288
System Reboot
313
Ping
315
Access Rights
316
File Management
322
Certificate Manager
323
Monitoring the Cisco VPN 3000 Series Concentrator
324
Routing Table
326
System Status
327
Sessions
328
Statistics
330
Administering the Cisco VPN 3000 Series Concentrator
338
Administer Sessions
340
Software Update
341
Concentrator
342
System Reboot
343
Ping
344
Access Rights
345
Access Control List
346
Access Settings
347
Monitoring the Cisco VPN 3000 Series Concentrator
348
System Status
349
Top Ten Lists
350
Statistics
351
MIB II Statistics
352
Configuring Cisco 3002 Hardware Client for Remote Access
359
How to Best Use This Chapter
360
Do I Know This Already? Quiz
361
Foundation Topics Configure Preshared Keys
366
Verify IKE and IPSec Configuration
368
Setting debug Levels
369
Configuring VPN 3002 Hardware Client and LAN Extension Modes
371
Split Tunneling
374
Unit and User Authentication for the VPN 3002 Hardware Client
375
Configuring the HeadEnd VPN Concentrator
376
Configuring Unit and User Authentication
380
Interactive Hardware Client and Individual User Authentication
381
Configure Preshared Keys
386
Client and LAN Extension Modes
387
Configuring Individual User Authentication on the VPN 3000 Concentrator
388
Scenario 81
395
Scenario 82
396
Scenario 81 Answers
397
Configuring Scalability Features of the VPN 3002 Hardware Client
399
Do I Know This Already? Quiz
400
VPN 3002 Hardware Client Reverse Route Injection
407
Setting Up the VPN Concentrator Using OSPF
408
Configuring VPN 3002 Hardware Client Reverse Route Injection
409
VPN 3002 Hardware Client Backup Servers
412
VPN 3002 Hardware Client Load Balancing
414
Overview of Port Address Translation
416
IPSec on the VPN 3002 Hardware Client
418
UDP NAT Transparent IPSec IPSec Over UDP
419
Troubleshooting a VPN 3002 Hardware Client IPSec Connection
420
Configuring AutoUpdate for the VPN 3002 Hardware Client
423
Monitoring AutoUpdate Events
426
Table of RRI Configurations
429
Load Balancing
430
IPSec Over UDP
431
Scenario 91
440
Scenario 91 Answers
441
Cisco VPN 3000 LANtoLAN with Preshared Keys
443
How to Best Use This Chapter
444
Do I Know This Already? Quiz
445
Foundation Topics Overview of LANtoLAN VPN
449
Creating a Tunnel with the LANtoLAN Wizard
451
SCEP Overview
454
Root Certificate Installation via SCEP
455
Maximum Certificates
464
Scenarios
473
Site Descriptions
474
Richmond
475
IPSec Policy
476
Scenario 115Richmond
477
Scenario 111 Answers
478
IPSec Policy
479
Detroit VPN 3030 Concentrator for Portland
480
Portland VPN 3002 Hardware Client
481
Scenario 113 Answers
482
Scenario 114 Answers
483
Scenario 115 Answers
484
Detroit VPN 3030 Concentrator for Terry and Similar Users
485
Carol VPN Client and Browser
486
Answers to the Do I Know This Already? Quizzes and QA Sections
489
INDEX
551
Copyright

Other editions - View all

Common terms and phrases

About the author (2003)

John F. Roland, CCNP(r), CCDP(r), CSS-1, MCSE, is a security specialist working for Ajilon Consulting. John has worked in the IT field for more than 22 years, from COBOL programming on IBM mainframes, LAN/WAN design and implementation on U.S. military networks, and, more recently, to the development of Cisco and Microsoft certification training materials.

Mark J. Newcomb, CCNP, CCDP, is the owner and lead security engineer for Secure Networks in Spokane, Washington. Mark has more than 20 years of experience in the networking industry. The last six years have been devoted to designing security solutions for a wide variety of clients throughout the Pacific Northwest. He is the co-author of Cisco Secure Internet Security Solutions by Cisco Press, as well as two other networking books.

Bibliographic information