1

What are some of the main benefits and drawbacks of IPsec remote access VPNs?

Answer:

IPsec can provide strong security for VPN traffic; IPsec extensions that provide additional functionality for remote access VPNs such as Xauth and Mode Config are not industry standards and are not implemented on all operating systems; the Cisco VPN Client must be installed on each client workstation; IPsec remote access VPNs offer a level of functionality similar to that users would experience if they were at their office or central site; the Cisco VPN Client includes features such as enforcement of firewall type, antivirus software type and level, and operating system service pack level on certain client workstation operating systems.

2

What are the two main types of issue with regard to IKEv1 an IPsec remote access VPN environment?

Answer:

Issues relating to user authentication and issues relating to negotiation of parameters including IP addresses and DNS/WINS server addresses.

3

What are the three main methods by which a VPN gateway can authenticate remote access VPN users when using IKEv1?

Answer:

Xauth, Hybrid Authentication, and CRACK.

4

What sort of functionality can Mode Config provide?

Answer:

Assignment of configuration attributes such as IP addresses and DNS/WINS server addresses.

   
5

What information does the debug crypto isakmp sa command display?

Answer:

It shows detailed information relating to IKE negotiation.

6

What methods do the VPN 3000 concentrator and Cisco ASA 5500 provide to overcome issues with NAT/PAT and IPsec remote access VPNs?

Answer:

NAT transparency using TCP on an administrator-defined port; NAT transparency using UDP on an administrator-defined port; NAT transparency using IETF standard NAT Traversal (NAT-T, UDP port 4500).

7

When a hardware client (Cisco IOS router) is configured for EZVPN, how does a remote access user authenticate him/herself?

Answer:

The router prompts the user for an Xauth username and password at the command line during IKE negotiation.

8

What are the three basic ways to configure high availability for IPsec remote access VPNs?

Answer:

Load balancing of IPsec remote access VPN connections over two or more VPN gateways at the same site; failover between VPN gateways at the same site using VRRP; the configuration of geographically dispersed backup VPN gateways.

9

To allow IPsec remote access VPN connections through a firewall, which ports may have to be opened on the firewall?

Answer:

UDP port 500 (ISAKMP), IP protocol 50 (ESP), IP protocol 51 (AH), administrator-defined UDP or TCP ports used for NAT transparency, UDP port 4500 (NAT-T).

10

What file can be modified to provide auto-initiation of Cisco VPN Client connections with wireless VPNs?

Answer:

The Cisco VPN Client can be configured to auto-initiate a VPN connection to a VPN gateway by modifying the vpnclient.ini file.


Part I: Understanding VPN Technology

What Is a Virtual Private Network?

Part II: Site-to-Site VPNs

Designing and Deploying L2TPv3-Based Layer 2 VPNs

Designing and Implementing AToM-Based Layer 2 VPNs

Designing MPLS Layer 3 Site-to-Site VPNs

Advanced MPLS Layer 3 VPN Deployment Considerations

Deploying Site-to-Site IPsec VPNs

Scaling and Optimizing IPsec VPNs

Part III: Remote Access VPNs

Designing and Implementing L2TPv2 and L2TPv3 Remote Access VPNs

Designing and Deploying IPsec Remote Access and Teleworker VPNs

Designing and Building SSL Remote Access VPNs (WebVPN)

Part IV: Appendixes

Designing and Building SSL Remote Access VPNs (WebVPN)

Appendix B. Answers to Review Questions



Comparing, Designing, and Deploying VPHs
Comparing, Designing, and Deploying VPNs
ISBN: 1587051796
EAN: 2147483647
Year: 2007
Pages: 124
Authors: Mark Lewis

Similar book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net