1 |
How many versions of SSL are there, and which can be implemented on Cisco equipment? |
Answer: |
There are currently four different versions of SSL: SSLv1, SSLv2, SSLv3, and TLS 1.0 (TLS 1.1 is under development). SSLv3 and TLS can variously be configured on different types of Cisco equipment. |
2 |
What are some of the main advantages and disadvantages of SSL remote access VPNs? |
Answer: |
SSL remote access VPNs are relatively simple to deploy (only a web browser is necessary on client workstations for basic functionality); clientless SSL remote access VPNs (using a web browser) provide only a subset of the functionality provided by IPsec or L2TP/IPsec; functionality can be enhanced using the Cisco SSL VPN Client; SSL VPNs can impose a relatively high CPU overhead on a VPN gateway if there are a large number of remote access users; little or no configuration is required on firewalls to provide transit for SSL remote access VPN traffic; one major concern with SSL remote access VPNs is that the universal access they offer leads to vulnerabilities being introduced into a corporate network (some of these vulnerabilities can be addressed using the Cisco Secure Desktop). |
3 |
What type of protocol is SSL transported over? |
Answer: |
SSL is transported over a reliable protocol, which is almost always TCP. |
4 |
What protocols does SSL consist of? |
Answer: |
The record protocol, the handshake protocol, the alert protocol, the change cipher spec protocol, and the application data protocol. |
5 |
What are the functions of the record protocol? |
Answer: |
Fragmentation/reassembly, compression/decompression, application/verification of a MAC, and encryption/decryption. |
6 |
What software is required on client workstations for port forwarding to function? |
Answer: |
The Sun Java Runtime Environment (JRE) must be installed on the clients for port forwarding to function. |
7 |
What types of applications can be used with port forwarding? |
Answer: |
TCP-based applications. |
8 |
What is SSL VPN e-mail proxy? |
Answer: |
SSL VPN e-mail proxy is the process by which an SSL VPN gateway terminates POP3S, IMAP4S, and STMPS connections from remote access VPN clients and proxies those connections to internal e-mail servers. |
9 |
How is the Cisco SSL VPN Client installed on remote access users' workstations? |
Answer: |
The Cisco SSL VPN client is dynamically downloaded from the VPN gateway. |
10 |
How does the Cisco Secure Desktop assess the location of a remote access user's workstation? |
Answer: |
The Cisco Secure Desktop assesses the location of a workstation based on the presence of a file or registry entry, fields in a certificate, or the assignment of an IP address in a certain range to the workstation's NIC. |
Part I: Understanding VPN Technology
What Is a Virtual Private Network?
Part II: Site-to-Site VPNs
Designing and Deploying L2TPv3-Based Layer 2 VPNs
Designing and Implementing AToM-Based Layer 2 VPNs
Designing MPLS Layer 3 Site-to-Site VPNs
Advanced MPLS Layer 3 VPN Deployment Considerations
Deploying Site-to-Site IPsec VPNs
Scaling and Optimizing IPsec VPNs
Part III: Remote Access VPNs
Designing and Implementing L2TPv2 and L2TPv3 Remote Access VPNs
Designing and Deploying IPsec Remote Access and Teleworker VPNs
Designing and Building SSL Remote Access VPNs (WebVPN)
Part IV: Appendixes
Designing and Building SSL Remote Access VPNs (WebVPN)
Appendix B. Answers to Review Questions