CCSP Cisco Secure VPN Exam Certification GuideOfficial self-study test preparation guide for the Cisco 9E0-121 and 642-511 CSVPN exams Coverage of the CSVPN topics enables you to identify and fill your knowledge gaps before the exam date. You'll learn about:
Becoming a CCSP distinguishes you as part of an exclusive group of experts, ready to take on today's most challenging security tasks. Installation and configuration of Cisco VPN 3000 Series concentrators and Cisco VPN 3002 Hardware Clients are critical tasks in today's network environments, especially as reliance on the public Internet as an extension of business networks increases. Whether you are seeking a Cisco VPN Specialist Certification or the full-fledged CCSP Certification, learning what you need to know to pass the CSVPN (Cisco Secure Virtual Private Networks) exam qualifies you to keep your company's network safe while meeting its business needs. CCSP Cisco Secure VPN Exam Certification Guide is a comprehensive study tool that enables you to master the concepts and technologies required for success on the CSVPN exam. Each chapter of the CCSP Cisco Secure VPN Exam Certification Guide tests your knowledge of the exam subjects through sections that detail exam topics to master and areas that highlight essential subjects for quick reference and review. Challenging chapter-ending review questions and exercises test your knowledge of the subject matter, reinforce key concepts, and provide you with the opportunity to apply what you've learned in the chapter. In addition, a final chapter of scenarios pulls together concepts from all the chapters to ensure you can apply your knowledge in a real-world environment. The companion CD-ROM testing engine enables you to take practice exams that mimic the real testing environment, focus on particular topic areas, and refer to the electronic text for review. This book is part of a recommended learning path from Cisco Systems that can include simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining. Companion CD-ROM |
Contents
All About the Cisco Certified Security Professional | 3 |
How This Book Can Help You Pass the CCSP Cisco Secure VPN Exam | 5 |
The Cisco Secure VPN Exam | 6 |
Topics on the Cisco Secure VPN Exam | 8 |
Recommended Training Path for the CCSP Certification | 10 |
Using This Book to Pass the Exam | 11 |
Overview of VPN and IPSec Technologies | 15 |
Do I Know This Already? Quiz | 16 |
Action | 289 |
Configuring the Stateful Firewall | 290 |
Firewall | 291 |
Scenario 61 | 299 |
Monitoring and Administering the VPN 3000 Series Concentrator | 303 |
Do I Know This Already? Quiz | 304 |
Administering the Cisco VPN 3000 Series Concentrator | 307 |
Administer Sessions | 310 |
Foundation Topics Cisco VPN Product Line | 21 |
Using Cisco VPN Products | 26 |
An Overview of IPSec Protocols | 36 |
The IPSec Protocols | 39 |
Security Associations | 46 |
Existing Protocols Used in the IPSec Process | 47 |
Authenticating IPSec Peers and Forming Security Associations | 54 |
Establishing VPNs with IPSec | 57 |
Interesting Traffic Triggers IPSec Process | 59 |
Authenticate Peers and Establish IKE SAs | 61 |
Terminate VPN | 62 |
Table of Protocols Used with IPSec | 63 |
IPSec Preconfiguration Processes | 65 |
Cisco VPN 3000 Concentrator Series Hardware Overview | 79 |
Do I Know This Already? Quiz | 80 |
Foundation Topics | 85 |
Ease of Deployment and Use | 87 |
Security | 90 |
Fault Tolerance | 94 |
Ease of Upgrades | 99 |
Comparison and Features | 100 |
Cisco VPN 3005 Concentrator | 101 |
Cisco VPN 3015 Concentrator | 102 |
Cisco VPN 3030 Concentrator | 103 |
Cisco VPN 3060 Concentrator | 104 |
Cisco VPN 3000 Concentrator Series LED Indicators | 105 |
Cisco Secure VPN Client Features | 108 |
Cisco VPN Client | 109 |
Foundation Summary | 111 |
Table of Cisco VPN 3000 Concentrator Capabilities | 112 |
Configuring Cisco VPN 3000 for Remote Access Using Preshared Keys | 125 |
Do I Know This Already? Quiz | 126 |
Foundation Topics Using VPNs for Remote Access with Preshared Keys | 132 |
Group Preshared Keys | 133 |
VPN Concentrator Configuration | 134 |
Cisco VPN 3000 Concentrator Configuration Requirements | 135 |
Cisco VPN 3000 Concentrator Initial Configuration | 136 |
Configuring IPSec with Preshared Keys Through the VPN 3000 Concentrator Series Manager | 152 |
Advanced Configuration of the VPN Concentrator | 169 |
Installing and Configuring the VPN Client | 174 |
VPN Client Features | 175 |
VPN Client Installation | 177 |
Types of Preshared Keys | 186 |
VPN 3000 Concentrator BrowserBased Manager Quick Configuration Steps | 187 |
VPN Client Configuration Steps | 188 |
Limits for Numher of Groups and Users | 189 |
Complete Administration Table of Contents | 192 |
Complete Monitoring Table of Contents | 193 |
Scenario 41 | 207 |
Scenario 42 | 208 |
Scenario 41 Answers | 210 |
Scenario 42 Answers | 211 |
Configuring Cisco VPN 3000 for Remote Access Using Digital Certificates | 215 |
How to Best Use This Chapter | 216 |
Do I Know This Already? Quiz | 217 |
Foundation Topics Digital Certificates and Certificate Authorities | 221 |
Simple Certificate Enrollment Process Authentication Methods | 228 |
CA Vendors and Products that Support Cisco VPN Products | 231 |
Digital Certificate Support Through the VPN 3000 Concentrator Series Manager | 232 |
Certificate Validation | 237 |
IKE Configuration | 239 |
Configuring the VPN Client for CA Support | 241 |
PKCS 10 Certificate Request Fields | 245 |
Types of Digital Certificates | 246 |
InternetBased Certificate Authorities | 247 |
Scenario 51 | 255 |
Scenario 51 Answers | 256 |
Scenario 52 Answers | 257 |
Configuring the Cisco VPN Client Firewall Feature | 259 |
Do I Know This Already? Quiz | 260 |
Cisco VPN Client Firewall Feature Overview | 265 |
Firewall Configuration Overview | 267 |
The Are You There Feature | 269 |
Name Direction and Action | 273 |
Source Address and Destination Address | 274 |
ICMP Packet Type | 276 |
Configuring the VPN Concentrator for Firewall Usage | 277 |
Firewall Setting | 278 |
Firewall | 279 |
Firewall Policy | 280 |
Monitoring VPN Client Firewall Statistics | 281 |
Enabling Automatic Client Update Through the Cisco VPN 3000 Concentrator Series Manager | 283 |
Cisco VPN Client Firewall Feature Overview | 285 |
Stateful Firewall Always On Feature | 287 |
Cisco Integrated Client | 288 |
System Reboot | 313 |
Ping | 315 |
Access Rights | 316 |
File Management | 322 |
Certificate Manager | 323 |
Monitoring the Cisco VPN 3000 Series Concentrator | 324 |
Routing Table | 326 |
System Status | 327 |
Sessions | 328 |
Statistics | 330 |
Administering the Cisco VPN 3000 Series Concentrator | 338 |
Administer Sessions | 340 |
Software Update | 341 |
Concentrator | 342 |
System Reboot | 343 |
Ping | 344 |
Access Rights | 345 |
Access Control List | 346 |
Access Settings | 347 |
Monitoring the Cisco VPN 3000 Series Concentrator | 348 |
System Status | 349 |
Top Ten Lists | 350 |
Statistics | 351 |
MIB II Statistics | 352 |
Configuring Cisco 3002 Hardware Client for Remote Access | 359 |
How to Best Use This Chapter | 360 |
Do I Know This Already? Quiz | 361 |
Foundation Topics Configure Preshared Keys | 366 |
Verify IKE and IPSec Configuration | 368 |
Setting debug Levels | 369 |
Configuring VPN 3002 Hardware Client and LAN Extension Modes | 371 |
Split Tunneling | 374 |
Unit and User Authentication for the VPN 3002 Hardware Client | 375 |
Configuring the HeadEnd VPN Concentrator | 376 |
Configuring Unit and User Authentication | 380 |
Interactive Hardware Client and Individual User Authentication | 381 |
Configure Preshared Keys | 386 |
Client and LAN Extension Modes | 387 |
Configuring Individual User Authentication on the VPN 3000 Concentrator | 388 |
Scenario 81 | 395 |
Scenario 82 | 396 |
Scenario 81 Answers | 397 |
Configuring Scalability Features of the VPN 3002 Hardware Client | 399 |
Do I Know This Already? Quiz | 400 |
VPN 3002 Hardware Client Reverse Route Injection | 407 |
Setting Up the VPN Concentrator Using OSPF | 408 |
Configuring VPN 3002 Hardware Client Reverse Route Injection | 409 |
VPN 3002 Hardware Client Backup Servers | 412 |
VPN 3002 Hardware Client Load Balancing | 414 |
Overview of Port Address Translation | 416 |
IPSec on the VPN 3002 Hardware Client | 418 |
UDP NAT Transparent IPSec IPSec Over UDP | 419 |
Troubleshooting a VPN 3002 Hardware Client IPSec Connection | 420 |
Configuring AutoUpdate for the VPN 3002 Hardware Client | 423 |
Monitoring AutoUpdate Events | 426 |
Table of RRI Configurations | 429 |
Load Balancing | 430 |
IPSec Over UDP | 431 |
Scenario 91 | 440 |
Scenario 91 Answers | 441 |
Cisco VPN 3000 LANtoLAN with Preshared Keys | 443 |
How to Best Use This Chapter | 444 |
Do I Know This Already? Quiz | 445 |
Foundation Topics Overview of LANtoLAN VPN | 449 |
Creating a Tunnel with the LANtoLAN Wizard | 451 |
SCEP Overview | 454 |
Root Certificate Installation via SCEP | 455 |
Maximum Certificates | 464 |
Scenarios | 473 |
Site Descriptions | 474 |
Richmond | 475 |
IPSec Policy | 476 |
Scenario 115Richmond | 477 |
Scenario 111 Answers | 478 |
IPSec Policy | 479 |
Detroit VPN 3030 Concentrator for Portland | 480 |
Portland VPN 3002 Hardware Client | 481 |
Scenario 113 Answers | 482 |
Scenario 114 Answers | 483 |
Scenario 115 Answers | 484 |
Detroit VPN 3030 Concentrator for Terry and Similar Users | 485 |
Carol VPN Client and Browser | 486 |
Answers to the Do I Know This Already? Quizzes and QA Sections | 489 |
551 | |