What are the two modes of operation for L2TP remote access VPNs?


L2TP remote access VPNs can operate in either voluntary/client-initiated tunnel mode or compulsory/NAS-initiated tunnel mode.


What are some of the main advantages and disadvantages of L2TP VPNs?


L2TP can be used to transport multiprotocol traffic; PPP (tunneled over L2TP) offers flexible negotiation of user authentication protocols, compression, and assignment of IP addresses; Windows 2000, Windows XP, and MacOS X include a built-in L2TP/IPsec client; L2TP can be used to transport multicast traffic; L2TP allows service providers to back haul large numbers of remote access users' PPP connections across networks; L2TP's native security is relatively weak; L2TP/IPsec can add considerable overhead to encapsulated PPP packets.


How can security be configured for voluntary tunnel mode L2TP remote access VPNs?


L2TP with PPP user authentication (without IPsec protection) and L2TP over IPSec (L2TP/IPsec) with PPP user authentication.


What is the purpose of the accept-dialin command?


The accept-dialin command configures an L2TP VPN gateway to accept L2TP tunnel/session setup from remote access VPN clients/LACs.


What is split tunneling, and why is it a potential security risk?


Split tunneling is a situation in which a remote user can directly access both the Internet and the corporate network via a VPN tunnel at the same time. This situation can be a security risk because an attacker on the Internet may gain control of the remote user's workstation and thereby gain access to the corporate network over the VPN tunnel.


IPsec can be used to secure L2TP tunnels, and digital certificates can be used to authenticate IPsec peers. On the VPN 3000 concentrator, what are the two basic methods of enrolling and obtaining digital certificates from a CA?


It is possible to enroll and obtain digital certificates manually or using the Simple Certificate Enrollment Protocol (SCEP).


When deploying Cisco IOS L2TP client-initiated tunneling (voluntary tunnel mode), what is the main advantage of L2TPv3 over L2TPv2?


The main advantage is the lower overhead (assuming that L2TPv3 uses an IP encapsulation [protocol 115] rather than a UDP/IP encapsulation).


How can you debug IKE negotiation packet by packet on a Windows 2000/XP client (examining packet detail)?


You can enable Oakley logging on a Windows XP/2000 remote access VPN client.


In compulsory tunnel mode, how is PPP authentication typically performed on the LAC?


Partial PPP authentication is performed on the LAC. During partial PPP authentication, the LAC obtains the username of the remote access client and uses this username to assign the PPP connection to the appropriate L2TP tunnel.


What are the two methods of configuring tunnel definitions on a RADIUS server?


Using IETF standard (RFC2868) tunnel attributes and using Cisco attribute-value (AV) pairs.

Part I: Understanding VPN Technology

What Is a Virtual Private Network?

Part II: Site-to-Site VPNs

Designing and Deploying L2TPv3-Based Layer 2 VPNs

Designing and Implementing AToM-Based Layer 2 VPNs

Designing MPLS Layer 3 Site-to-Site VPNs

Advanced MPLS Layer 3 VPN Deployment Considerations

Deploying Site-to-Site IPsec VPNs

Scaling and Optimizing IPsec VPNs

Part III: Remote Access VPNs

Designing and Implementing L2TPv2 and L2TPv3 Remote Access VPNs

Designing and Deploying IPsec Remote Access and Teleworker VPNs

Designing and Building SSL Remote Access VPNs (WebVPN)

Part IV: Appendixes

Designing and Building SSL Remote Access VPNs (WebVPN)

Appendix B. Answers to Review Questions

Comparing, Designing, and Deploying VPHs
Comparing, Designing, and Deploying VPNs
ISBN: 1587051796
EAN: 2147483647
Year: 2007
Pages: 124
Authors: Mark Lewis

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net