Chapter 20

Previous page
Table of content
Next page

1:

Why is the AH protocol considered less secure than ESP?

A1:

AH does not provide data confidentiality.

2:

Which part of the ESP packet is not protected?

A2:

ESP does not protect the new IP header.

3:

What is a one-to-many NAT or PAT?

A3:

A one-to-many NAT or PAT consists of one external address being mapped to many internal addresses.

4:

What is split tunneling?

A4:

Split tunneling is a feature that allows clients to simultaneously send and receive data across a VPN tunnel, while also communicating directly with resources on the Internet.

5:

Name the three main types of firewalls.

A5:

Packet filter, proxy, and stateful inspection firewalls.

6:

Describe how to calculate the session load on the VPN concentrator.

A6:

The session load per concentrator is the total number of active connections divided by the maximum number of sessions configured on the concentrator.

7:

What does VRRP stand for?

A7:

VRRP is Virtual Router Redundancy Protocol (VRRP), which is a standard proposed by IETF that provides IP routing redundancy. It is designed to provide transparent fail-over at the first hop IP router.

8:

What is Reverse Route Injection?

A8:

Reverse Route Injection is when the concentrator is configured to advertise routes on the private interface by using OSPF or RIP.

9:

What is the Group Lock configuration in a VPN concentrator?

A9:

Group Lock allows users to be authenticated only if they are members of a particular group.

10:

Name the two mandatory settings on your VPN client.

A10:

Host name or IP address of remote server and authentication parameters.

11:

Define the network extension mode for the VPN 3002 Client.

A11:

Network Extension mode is when the private interface is configured with an IP address that is routable in the network connected to the concentrator that is terminating the VPN tunnel.

12:

For the Router-EzVPN, type the IOS command to start the XAUTH login sentence .

A12: 

 Router-EzVPN#  crypto ipsec client ezvpn xauth

13:

When typing IOS command show crypto ipsec client ezvpn, how do you find out if IPSec is up and running?

A13:

Check for the line IPSEC_ACTIVE in the output.

14:

In PIX 501, how do you check if you are running Client mode, or Network Extension mode?

A14:

Type PIX#show vpnclient and look for a line that starts with vpnclient mode.



Previous page
Table of content
Next page
Troubleshooting Remote Access Networks CCIE Professional Development
Troubleshooting Remote Access Networks (CCIE Professional Development)
ISBN: 1587050765
EAN: 2147483647
Year: 2002
Pages: 235
Authors: Plamen Nedeltchev
BUY ON AMAZON
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
C++ How to Program (5th Edition)
Competency-Based Human Resource Management
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy