Chapter 9. Products in the Edge

Terms you'll need to understand:

  • RFC 2827 filtering

  • Unicast RPF

  • NAT

  • PAT

  • overload

  • IKE

  • ISAKMP

  • DH group

Techniques you'll need to master:

  • Configuring VPN termination and NAT on a router

  • Configuring VPN termination and NAT on a PIX

  • Configuring a VPN concentrator from the VMS

  • Configuring a VPN client from the VMS

Because the edge is the part (or parts ) of your network that faces the outside world, security here is both more complex and more rigorous . Although most attacks actually come from insiders (at least, according to some statistics), you have a considerable degree of control over what protocols and applications are inside the campus. In the outside world, however, with which your edge modules interconnect, there can be anything and (probably) everything. The security job in the edge is bigger and harder.

Products used in the edge include routers, switches, NIDS and HIDS, routers with a software firewall (the IOS Firewall feature set), dedicated firewall appliances (such as the PIX firewall), and VPN devices: the VPN concentrators and VPN clients (at the remote locations). We covered most of what you need to know about the first four items (routers, switches, NIDS, and HIDS) in Chapter 8, "Products in the Campus." A few additional items need to be configured on routers in the edge, so we start with that. From there, we cover the firewall capability in the IOS Firewall feature set, the PIX firewall, the VPN concentrator series, the VPN clients , and how the VPN devices are managed via the VMS.

We specifically address how to secure your communications at the edge on various devices, including a router, a PIX, a VPN concentrator, and a VPN client. You will set these up in pairs so that you can see the same VPN from two product perspectives at once. In the case of the router and PIX, it is done via the CLI. In the case of the VPN concentrator and VPN client, it is a matter of setting complementary parameters in the VMSthe CiscoWorks VPN/Security Management Solution, a GUI-based manager.



CSI Exam Cram 2 (Exam 642-541)
CCSP CSI Exam Cram 2 (Exam Cram 642-541)
ISBN: 0789730243
EAN: 2147483647
Year: 2002
Pages: 177
Authors: Annlee Hines

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net