1: | Why is the AH protocol considered less secure than ESP? |
A1: | AH does not provide data confidentiality. |
2: | Which part of the ESP packet is not protected? |
A2: | ESP does not protect the new IP header. |
3: | What is a one-to-many NAT or PAT? |
A3: | A one-to-many NAT or PAT consists of one external address being mapped to many internal addresses. |
4: | What is split tunneling? |
A4: | Split tunneling is a feature that allows clients to simultaneously send and receive data across a VPN tunnel, while also communicating directly with resources on the Internet. |
5: | Name the three main types of firewalls. |
A5: | Packet filter, proxy, and stateful inspection firewalls. |
6: | Describe how to calculate the session load on the VPN concentrator. |
A6: | The session load per concentrator is the total number of active connections divided by the maximum number of sessions configured on the concentrator. |
7: | What does VRRP stand for? |
A7: | VRRP is Virtual Router Redundancy Protocol (VRRP), which is a standard proposed by IETF that provides IP routing redundancy. It is designed to provide transparent fail-over at the first hop IP router. |
8: | What is Reverse Route Injection? |
A8: | Reverse Route Injection is when the concentrator is configured to advertise routes on the private interface by using OSPF or RIP. |
9: | What is the Group Lock configuration in a VPN concentrator? |
A9: | Group Lock allows users to be authenticated only if they are members of a particular group. |
10: | Name the two mandatory settings on your VPN client. |
A10: | Host name or IP address of remote server and authentication parameters. |
11: | Define the network extension mode for the VPN 3002 Client. |
A11: | Network Extension mode is when the private interface is configured with an IP address that is routable in the network connected to the concentrator that is terminating the VPN tunnel. |
12: | For the Router-EzVPN, type the IOS command to start the XAUTH login sentence . |
A12: | Router-EzVPN# crypto ipsec client ezvpn xauth |
13: | When typing IOS command show crypto ipsec client ezvpn, how do you find out if IPSec is up and running? |
A13: | Check for the line IPSEC_ACTIVE in the output. |
14: | In PIX 501, how do you check if you are running Client mode, or Network Extension mode? |
A14: | Type PIX#show vpnclient and look for a line that starts with vpnclient mode. |