| 1: | Why is the AH protocol considered less secure than ESP? |
| A1: | AH does not provide data confidentiality. |
| 2: | Which part of the ESP packet is not protected? |
| A2: | ESP does not protect the new IP header. |
| 3: | What is a one-to-many NAT or PAT? |
| A3: | A one-to-many NAT or PAT consists of one external address being mapped to many internal addresses. |
| 4: | What is split tunneling? |
| A4: | Split tunneling is a feature that allows clients to simultaneously send and receive data across a VPN tunnel, while also communicating directly with resources on the Internet. |
| 5: | Name the three main types of firewalls. |
| A5: | Packet filter, proxy, and stateful inspection firewalls. |
| 6: | Describe how to calculate the session load on the VPN concentrator. |
| A6: | The session load per concentrator is the total number of active connections divided by the maximum number of sessions configured on the concentrator. |
| 7: | What does VRRP stand for? |
| A7: | VRRP is Virtual Router Redundancy Protocol (VRRP), which is a standard proposed by IETF that provides IP routing redundancy. It is designed to provide transparent fail-over at the first hop IP router. |
| 8: | What is Reverse Route Injection? |
| A8: | Reverse Route Injection is when the concentrator is configured to advertise routes on the private interface by using OSPF or RIP. |
| 9: | What is the Group Lock configuration in a VPN concentrator? |
| A9: | Group Lock allows users to be authenticated only if they are members of a particular group. |
| 10: | Name the two mandatory settings on your VPN client. |
| A10: | Host name or IP address of remote server and authentication parameters. |
| 11: | Define the network extension mode for the VPN 3002 Client. |
| A11: | Network Extension mode is when the private interface is configured with an IP address that is routable in the network connected to the concentrator that is terminating the VPN tunnel. |
| 12: | For the Router-EzVPN, type the IOS command to start the XAUTH login sentence . |
| A12: | Router-EzVPN# crypto ipsec client ezvpn xauth
|
| 13: | When typing IOS command show crypto ipsec client ezvpn, how do you find out if IPSec is up and running? |
| A13: | Check for the line IPSEC_ACTIVE in the output. |
| 14: | In PIX 501, how do you check if you are running Client mode, or Network Extension mode? |
| A14: | Type PIX#show vpnclient and look for a line that starts with vpnclient mode. |
