CCSP Cisco Secure VPN P2

VPNs are typically deployed to provide improved access to corporate resources while providingtighter control over security at a reduced cost for WAN infrastructure services.
Nội dung trích xuất từ tài liệu:
CCSP Cisco Secure VPN P218 Chapter 2: Overview of VPN and IPSec Technologies 6 What are the two modes of operation for AH and ESP? 7 How many Security Associations (SAs) does it take to establish bidirectional IPSec communications between two peers? 8 What is a message digest? 9 Which current RFCs define the IPSec protocols? 10 What message integrity protocols does IPSec use? 11 What is the triplet of information that uniquely identifies a security association? “Do I Know This Already?” Quiz 1912 You can select to use both authentication and encryption when using the ESP protocol. Which is performed first when you do this?13 What five parameters are required by IKE Phase 1?14 What is the difference between the deny keyword in a crypto Access Control List (ACL) and the deny keyword in an access ACL?15 What transform set would allow SHA-1 authentication of both AH and ESP packets and would also provide Triple Data Encryption Standard (3DES) encryption for ESP?16 What are the five steps of the IPSec process?20 Chapter 2: Overview of VPN and IPSec Technologies The answers to this quiz are listed in Appendix A, “Answers to the “Do I Know This Already?” Quizzes and Q&A Sections.” The suggestions for your next steps, based on quiz results, are as follows: • 2 or less score on any quizlet—Review the appropriate portions of the “Foundation Topics” section of this chapter, based on Table 2-1. Proceed to the “Foundation Summary” section and the “Q&A” section. • 8 or less overall score—Read the entire chapter, including the “Foundation Topics,” “Foundation Summary” sections, and the “Q&A” section. • 9 to 12 overall score—Read the “Foundation Summary” section and the “Q&A” section. If you are having difficulty with a particular subject area, read the appropriate portion of the “Foundation Topics” section. • 13 or more overall score—If you feel that you need more review on these topics, go to the “Foundation Summary” section, then to the “Q&A” section. Otherwise, skip this chapter and go to the next chapter. Enabling VPN Applications Through Cisco Products 21 Foundation TopicsCisco VPN Product Line 1 Cisco products enable a secure VPN VPNs are typically deployed to provide improved access to corporate resources while providing tighter control over security at a reduced cost for WAN infrastructure services. Telecommuters, mobile users, remote offices, business partners, clients, and customers all benefit because corporations see VPNs as a secure and affordable method of opening access to corporate information. Surveys have shown that most corporations implementing VPNs do so to provide access for telecommuters to access the corporate network from home. They cite security and reduced cost as the primary reasons for choosing VPN technology and single out monthly service charges as the cost justification for the decision. VPN technology was developed to provide private communication wherever and whenever needed, securely, while behaving as much like a traditional private WAN connection as possible. Cisco offers a variety of platforms and applications that are designed to implement VPNs. The next section looks at these various products and Cisco’s recommended usage in the deployment of VPNs.Enabling VPN Applications Through Cisco Products Through product development and acquisitions, Cisco has a variety of hardware and software components available that enable businesses of all sizes to quickly and easily implement secure VPNs using IPSec or other protocols. The types of hardware and software components you choose to deploy depend on the infrastructure you already have in place and on the types of applications that you are planning to use across the VPN. This section covers the following topics: • Typical VPN applications • Using Cisco VPN productsTypical VPN Applications The business applications that you choose to run on your VPNs go hand in hand with the type of VPN that you need to deploy. Remote access and extranet users can use interactive applica- tions such as e-mail, web browsers, or client/server programs. Intranet VPN deployments are designed to support data streams between business locations.22 Chapter 2: Overview of VPN and IPSec Technologies The ...