CCNP ISCW Official Exam Certification Guide

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

CCNP ISCW Official Exam Certification Guide* Master all 642-825 exam topics with the official study guide* Assess your knowledge with chapter-opening quizzes* Review key concepts with foundation summaries* Practice with hundreds of exam questions on the CD-ROM CCNP ISCW Official Exam Certification Guide is a best of breed CiscoR exam study guide that focuses specifically on the objectives for the Implementing Secure Converged Wide Area Networks exam (642-825 ISCW). Successfully passing the ISCW 642-825 exam certifies that you have the knowledge and skills necessary to secure and expand the reach of an enterprise network to teleworkers and remote sites with focus on securing remote access and VPN client configuration.CCNP ISCW Official Exam Certification Guide follows a logical organization of the CCNPR ISCW exam objectives. Material is presented in a concise manner, focusing on increasing your retention and recall of exam topics. You can organize your exam preparation through the use of the consistent features in these chapters. "Do I Know This Already?" quizzes open each chapter and allow you to decide how much time you need to spend on each section. Exam topic lists and concise Foundation Summary information make referencing easy and giveyou a quick refresher whenever you need it. Challenging chapter-ending review questions help you assess your knowledge and reinforce key concepts.The companion CD-ROM contains a powerful testing engine that allows you to focus on individual topic areas or take complete, timed exams. The assessment engine also tracks your performance and provides feedback on a topic-by-topic basis, presenting question-by-question remediation to the text. Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this book helps you master the concepts and techniques that can enable you to succeed on the exam the first time.

Author(s): Brian Morgan, Neil Lovering
Edition: 3rd ed
Publisher: Cisco Press
Year: 2007

Language: English
Pages: 683
City: Indianapolis, Ind
Tags: Библиотека;Компьютерная литература;Cisco;

CCNP ISCW Official Exam Certification Guide......Page 1
About the Authors......Page 5
Acknowledgments......Page 7
Contents at a Glance......Page 9
Contents......Page 10
Introduction......Page 24
Part I: Remote Connectivity Best Practices......Page 36
“Do I Know This Already?” Quiz......Page 38
Intelligent Information Network......Page 42
SONA......Page 44
Interactive Services Layer......Page 46
Cisco Network Models......Page 48
Cisco Hierarchical Network Model......Page 49
Campus Network Architecture......Page 50
Branch Network Architecture......Page 52
Data Center Architecture......Page 54
Enterprise Edge Architecture......Page 56
Teleworker Architecture......Page 57
WAN/MAN Architecture......Page 58
Branch Office......Page 60
Integrated Services for Secure Remote Access......Page 61
Foundation Summary......Page 63
Q&A......Page 64
Exam Topic List......Page 65
“Do I Know This Already?” Quiz......Page 66
IIN and the Teleworker......Page 69
Enterprise Architecture Framework......Page 70
Traditional Layer 2 Connections......Page 71
Site-to-Site VPN over Public Internet......Page 72
Challenges of Connecting Teleworkers......Page 73
Infrastructure Options......Page 74
Infrastructure Services......Page 75
Teleworker Components......Page 76
Traditional Teleworker versus Business-Ready Teleworker......Page 78
Foundation Summary......Page 79
Q&A......Page 80
Exam Topic List......Page 81
“Do I Know This Already?” Quiz......Page 82
Cable Technology Terminology......Page 87
Cable System Components......Page 89
Cable Features......Page 91
Radio Frequency Signals......Page 92
Digital Signals over RF Channels......Page 94
Data over Cable......Page 95
Hybrid Fiber-Coaxial Networks......Page 96
Data Transmission......Page 97
Cable Technology Issues......Page 99
Provisioning Cable Modems......Page 100
Foundation Summary......Page 103
Q&A......Page 105
Exam Topic List......Page 107
“Do I Know This Already?” Quiz......Page 108
DSL Features......Page 114
POTS Coexistence......Page 116
DSL Limitations......Page 118
Asymmetric DSL Types......Page 120
Symmetric DSL Types......Page 121
ADSL Modulation......Page 122
CAP......Page 123
DMT......Page 124
Data Transmission over ADSL......Page 126
RFC 1483/2684 Bridging......Page 127
PPP Background......Page 128
PPP over Ethernet......Page 129
Discovery Phase......Page 130
PPPoE Session Variables......Page 132
Optimizing PPPoE MTU......Page 133
PPP over ATM......Page 134
Foundation Summary......Page 137
Q&A......Page 139
Exam Topic List......Page 141
“Do I Know This Already?” Quiz......Page 142
Configure a Cisco Router as a PPPoE Client......Page 146
Configure an Ethernet/ATM Interface for PPPoE......Page 147
Configure the PPPoE DSL Dialer Interface......Page 148
Configure Port Address Translation......Page 149
Configure DHCP for DSL Router Users......Page 151
Configure Static Default Route on a DSL Router......Page 152
The Overall CPE Router Configuration......Page 153
Foundation Summary......Page 156
Q&A......Page 157
Exam Topic List......Page 159
“Do I Know This Already?” Quiz......Page 160
Configure a Cisco Router as a PPPoA Client......Page 163
PPP over AAL5 Connections......Page 164
LLC Encapsulated PPP over AAL5......Page 165
Configure an ATM Interface for PPPoA......Page 167
Configure the PPPoA DSL Dialer and Virtual-Template Interfaces......Page 168
The Overall CPE Router Configuration......Page 169
Foundation Summary......Page 174
Q&A......Page 175
Exam Topic List......Page 177
“Do I Know This Already?” Quiz......Page 178
Layers of Trouble to Shoot......Page 182
Isolating Physical Layer Issues......Page 183
ADSL Physical Connectivity......Page 184
Where to Begin......Page 185
Keeping the Head on Straight......Page 187
DSL Operating Mode......Page 188
Isolating Data Link Layer Issues......Page 189
PPP Negotiation......Page 190
Foundation Summary......Page 194
Q&A......Page 195
Part II: Implementing Frame Mode MPLS......Page 198
“Do I Know This Already?” Quiz......Page 200
Traditional WAN Connections......Page 203
MPLS WAN Connectivity......Page 207
MPLS Terminology......Page 208
MPLS Features......Page 209
MPLS Concepts......Page 210
Standard IP Switching......Page 212
CEF Switching......Page 213
Foundation Summary......Page 214
Q&A......Page 215
Exam Topic List......Page 217
“Do I Know This Already?” Quiz......Page 218
MPLS Components......Page 222
MPLS Labels......Page 223
Label Stacks......Page 225
Frame Mode MPLS......Page 226
Label Switching Routers......Page 227
LIB, LFIB, and FIB......Page 228
Label Distribution......Page 232
Packet Propagation......Page 233
Further Label Allocation......Page 234
Foundation Summary......Page 236
Q&A......Page 237
Exam Topic List......Page 239
“Do I Know This Already?” Quiz......Page 240
Foundation Topics......Page 243
Configuring CEF......Page 244
Configuring MPLS on a Frame Mode Interface......Page 247
Configuring MTU Size......Page 250
Foundation Summary......Page 254
Q&A......Page 255
Exam Topic List......Page 257
“Do I Know This Already?” Quiz......Page 258
MPLS VPN Architecture......Page 262
Layer 1 Overlay......Page 263
Layer 2 Overlay......Page 264
Peer-to-Peer VPNs......Page 265
VPN Drawbacks......Page 267
MPLS VPNs......Page 269
CE Router Architecture......Page 270
PE Router Architecture......Page 271
Route Distinguishers......Page 272
End-to-End Routing Update Flow......Page 275
MPLS VPN Packet Forwarding......Page 276
MPLS VPN PHP......Page 277
Foundation Summary......Page 278
Q&A......Page 279
Part III: IPsec VPNs......Page 282
”Do I Know This Already?” Quiz......Page 284
IPsec......Page 289
IPsec Features......Page 290
ESP......Page 291
IPsec Modes......Page 292
IPsec Headers......Page 294
Peer Authentication......Page 295
IKE Phases......Page 296
IKE Aggressive Mode......Page 297
Other IKE Functions......Page 298
Encryption Algorithms......Page 299
Asymmetric Encryption......Page 300
Public Key Infrastructure......Page 303
Foundation Summary......Page 305
Q&A......Page 306
Exam Topic List......Page 307
“Do I Know This Already?” Quiz......Page 308
Site-to-Site VPN Overview......Page 315
Creating a Site-to-Site IPsec VPN......Page 316
Step 2: IKE Phase 1......Page 317
IKE Transform Sets......Page 319
Diffie-Hellman Key Exchange......Page 320
Step 3: IKE Phase 2......Page 321
IPsec Transform Sets......Page 322
Security Associations......Page 324
Step 5: IPsec Tunnel Termination......Page 325
Step 1: Configure the ISAKMP Policy......Page 326
Step 2: Configure the IPsec Transform Sets......Page 328
Step 4: Configure the Crypto Map......Page 330
Step 5: Apply the Crypto Map to the Interface......Page 331
Step 6: Configure the Interface ACL......Page 332
Security Device Manager Features and Interface......Page 333
Configuring a Site-to-Site VPN in SDM......Page 336
Site-to-Site VPN Wizard......Page 338
Quick Setup......Page 339
Step-by-Step Setup......Page 340
Monitoring the IPsec VPN Tunnel......Page 347
Foundation Summary......Page 350
Q&A......Page 356
Exam Topic List......Page 359
“Do I Know This Already?” Quiz......Page 360
GRE Characteristics......Page 365
GRE Header......Page 366
Basic GRE Configuration......Page 368
Secure GRE Tunnels......Page 369
Launch the GRE over IPsec Wizard......Page 372
Step 1: Create the GRE Tunnel......Page 373
Step 2: Create a Backup GRE Tunnel......Page 374
Steps 3–5: IPsec VPN Information......Page 375
Step 6: Routing Information......Page 376
Step 7: Validate the GRE over IPsec Configuration......Page 379
Foundation Summary......Page 380
Q&A......Page 383
Exam Topic List......Page 385
“Do I Know This Already?” Quiz......Page 386
Failure Mitigation......Page 391
Failover Strategies......Page 392
Dead Peer Detection......Page 393
IGP Within a GRE over IPsec Tunnel......Page 395
HSRP......Page 396
IPsec Stateful Failover......Page 399
WAN Backed Up by an IPsec VPN......Page 401
Foundation Summary......Page 403
Q&A......Page 406
Exam Topic List......Page 407
“Do I Know This Already?” Quiz......Page 408
Easy VPN Remote......Page 412
Easy VPN Server Requirements......Page 414
Easy VPN Connection Establishment......Page 415
IKE Phase 1......Page 416
Easy VPN User Authentication......Page 417
Easy VPN Server Configuration......Page 418
User Configuration......Page 421
Easy VPN Server Wizard......Page 422
Monitoring the Easy VPN Server......Page 429
Troubleshooting the Easy VPN Server......Page 431
Foundation Summary......Page 440
Q&A......Page 441
Exam Topic List......Page 443
“Do I Know This Already?” Quiz......Page 444
Cisco VPN Client Installation......Page 447
Cisco VPN Client Configuration......Page 451
Authentication Tab......Page 452
Transport Tab......Page 453
Dial-Up Tab......Page 455
Finish the Connection Configuration......Page 456
Foundation Summary......Page 458
Q&A......Page 459
Part IV: Device Hardening......Page 462
“Do I Know This Already?” Quiz......Page 464
Router Vulnerability......Page 468
Unnecessary Services and Interfaces......Page 469
Common Management Services......Page 471
Probes and Scans......Page 472
Gratuitous and Proxy ARP......Page 473
Using AutoSecure to Secure a Router......Page 474
Using SDM to Secure a Router......Page 476
SDM Security Audit Wizard......Page 477
SDM One-Step Lockdown Wizard......Page 480
AutoSecure Default Configurations......Page 481
SDM One-Step Lockdown Default Configurations......Page 483
Foundation Summary......Page 485
Q&A......Page 489
Exam Topic List......Page 491
“Do I Know This Already?” Quiz......Page 492
Router Access......Page 499
Password Considerations......Page 500
Set Login Limitations......Page 501
Setup Mode......Page 504
CLI Passwords......Page 505
Additional Line Protections......Page 506
Password Length Restrictions......Page 507
Password Encryption......Page 508
Create Banners......Page 509
Provide Individual Logins......Page 510
Create Multiple Privilege Levels......Page 511
Role-Based CLI......Page 513
Prevent Physical Router Compromise......Page 516
Foundation Summary......Page 518
Q&A......Page 521
Exam Topic List......Page 523
“Do I Know This Already?” Quiz......Page 524
AAA Access Modes......Page 528
UDP Versus TCP......Page 529
Router Management......Page 530
RADIUS Configuration......Page 531
radius-server host Command......Page 532
tacacs-server host Command......Page 533
aaa authentication ppp Command......Page 534
aaa authorization Command......Page 535
aaa accounting Command......Page 536
Configuring AAA Using SDM......Page 537
Using Debugging for AAA......Page 543
debug aaa authorization Command......Page 544
debug radius Command......Page 545
debug tacacs Command......Page 546
Foundation Summary......Page 547
Q&A......Page 549
Exam Topic List......Page 551
“Do I Know This Already?” Quiz......Page 552
Layered Device Structure......Page 556
Firewall Technology Basics......Page 557
Packet Filtering......Page 558
Stateful Packet Filtering......Page 559
Cisco IOS Firewall......Page 561
Cisco IOS Firewall Operation......Page 562
Cisco IOS Firewall Packet Inspection and Proxy Firewalls......Page 563
Foundation Summary......Page 565
Q&A......Page 567
Exam Topic List......Page 569
“Do I Know This Already?” Quiz......Page 570
Step 1: Choose an Interface and Packet Direction to Inspect......Page 573
Step 3: Define the Inspection Rules......Page 574
Step 4: Apply the Inspection Rules and the ACL to the Interface......Page 575
Step 5: Verify the Configuration......Page 576
Configure a Basic Firewall Using SDM......Page 577
Configure an Advanced Firewall Using SDM......Page 580
Foundation Summary......Page 590
Q&A......Page 593
Exam Topic List......Page 595
“Do I Know This Already?” Quiz......Page 596
IDS and IPS Functions and Operations......Page 600
Categories of IDS and IPS......Page 601
IDS and IPS Signatures......Page 603
Cisco IOS IPS Configuration......Page 604
SDM Configuration......Page 609
Foundation Summary......Page 616
Q&A......Page 620
Q&A......Page 622
“Do I Know This Already?”......Page 623
Q&A......Page 624
“Do I Know This Already?”......Page 625
Q&A......Page 626
“Do I Know This Already?”......Page 629
Q&A......Page 630
Q&A......Page 631
Q&A......Page 633
Q&A......Page 634
Q&A......Page 636
“Do I Know This Already?”......Page 637
Q&A......Page 638
Q&A......Page 640
“Do I Know This Already?”......Page 641
Q&A......Page 642
Q&A......Page 643
“Do I Know This Already?”......Page 645
Q&A......Page 646
Q&A......Page 647
“Do I Know This Already?”......Page 648
“Do I Know This Already?”......Page 649
Q&A......Page 650
Q&A......Page 652
“Do I Know This Already?”......Page 653
“Do I Know This Already?”......Page 654
Q&A......Page 655
“Do I Know This Already?”......Page 656
Q&A......Page 657
Q&A......Page 658
“Do I Know This Already?”......Page 659
“Do I Know This Already?”......Page 660
Q&A......Page 661
Index......Page 663