CCNP ISCW Official Exam Certification Guide

Description

CCNP ISCW Official Exam Certification Guide

 

• Master all 642-825 exam topics with the official study guide
• Assess your knowledge with chapter-opening quizzes
• Review key concepts with foundation summaries
• Practice with hundreds of exam questions on the CD-ROM

 

Brian Morgan, CCIE® No. 4865

Neil Lovering, CCIE No. 1772

 

CCNP ISCW Official Exam Certification Guide is a best of breed Cisco® exam study guide that focuses specifically on the objectives for the Implementing Secure Converged Wide Area Networks exam (642-825 ISCW). Successfully passing the ISCW 642-825 exam certifies that you have the knowledge and skills necessary to secure and expand the reach of an enterprise network to teleworkers and remote sites with focus on securing remote access and VPN client configuration.

 

CCNP ISCW Official Exam Certification Guide follows a logical organization of the CCNP® ISCW exam objectives. Material is presented in a concise manner, focusing on increasing your retention and recall of exam topics. You can organize your exam preparation through the use of the consistent features in these chapters. “Do I Know This Already?” quizzes open each chapter and allow you to decide how much time you need to spend on each section. Exam topic lists and concise Foundation Summary information make referencing easy and give you a quick refresher whenever you need it. Challenging chapter-ending review questions help you assess your knowledge and reinforce key concepts.

 

The companion CD-ROM contains a powerful testing engine that allows you to focus on individual topic areas or take complete, timed exams. The assessment engine also tracks your performance and provides feedback on a topic-by-topic basis, presenting question-by-question remediation to the text. Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this book helps you master the concepts and techniques that can enable you to succeed on the exam the first time.

 

Brian Morgan, CCIE® No. 4865, is a consulting systems engineer for Cisco, specializing in Unified Communications technologies. He services a number of Fortune 500 companies in architectural, design, and support roles. With more than 15 years in the networking industry, he served as director of engineering for a large telecommunications company, is a certified Cisco instructor teaching at all levels, from basic routing and switching to CCIE lab preparation, and spent a number of years with IBM Network Services serving many of IBM’s largest clients. He is a former member of the ATM Forum and a long-time member of the IEEE.

 

Neil Lovering, CCIE No. 1772, works as a design consultant for Cisco. Neil has been with Cisco for more than three years and works on large-scale government networking solutions projects. Prior to Cisco, Neil was a network consultant and instructor for more than eight years and worked on various routing, switching, dialup, and security projects for many customers all over North America.

 

This official study guide helps you master all the topics on the CCNP ISCW exam, including

• The Cisco hierarchical network model as it pertains to the WAN

• Teleworker configuration and access with broadband technologies
• Frame mode MPLS
• IPsec VPN implementations
• Cisco device hardening
• Cisco IOS® Firewall features
• Cisco IOS Intrusion Prevention System (IPS) features

 

Companion CD-ROM

The CD-ROM contains an electronic copy of the book and more than 200 practice questions for the ISCW exam, which are all available in study mode, test mode, and flash card format.

 

This volume is part of the Exam Certification Guide Series from Cisco Press®. Books in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco Career Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as exam day nears.

 

Table of Contents

CCNP ISCW Official Exam Certification Guide

Part I Remote Connectivity Best Practices

Chapter 1 Describing Network Requirements

"Do I Know This Already?" Quiz 5

Foundation Topics 9

Describing Network Requirements 9

Intelligent Information Network 9

SONA

    Networked Infrastructure Layer

    Interactive Services Layer

    Application Layer

Cisco Network Models

    Cisco Hierarchical Network Model

    Campus Network Architecture

    Branch Network Architecture

    Data Center Architecture

    Enterprise Edge Architecture

    Teleworker Architecture

    WAN/MAN Architecture

Remote Connection Requirements in a Converged Network

    Central Site

    Branch Office

    SOHO Site

    Integrated Services for Secure Remote Access

Foundation Summary

Q&A

Chapter 2 Topologies for Teleworker Connectivity

"Do I Know This Already?" Quiz

Foundation Topics

Facilitating Remote Connections

    IIN and the Teleworker

    Enterprise Architecture Framework

    Remote Connection Options

Challenges of Connecting Teleworkers

    Infrastructure Options

    Infrastructure Services

    Teleworker Components

    Traditional Teleworker versus Business-Ready Teleworker

Foundation Summary

Q&A

Chapter 3 Using Cable to Connect to a Central Site

"Do I Know This Already?" Quiz

Foundation Topics

Cable Access Technologies

    Cable Technology Terminology

    Cable System Standards

    Cable System Components

    Cable Features

    Cable System Benefits

Radio Frequency Signals

    Digital Signals over RF Channels

Data over Cable

    Hybrid Fiber-Coaxial Networks

    Data Transmission

Cable Technology Issues

Provisioning Cable Modems

Foundation Summary

Q&A

Chapter 4 Using DSL to Connect to a Central Site

"Do I Know This Already?" Quiz

Foundation Topics

DSL Features

    POTS Coexistence

DSL Limitations

DSL Variants

    Asymmetric DSL Types

    Symmetric DSL Types

ADSL Basics

ADSL Modulation

    CAP

    DMT

Data Transmission over ADSL

    RFC 1483/2684 Bridging

    PPP Background

PPP over Ethernet

    Discovery Phase

    PPP Session Phase

    Optimizing PPPoE MTU

PPP over ATM

Foundation Summary

Q&A

Chapter 5 Configuring DSL Access with PPPoE

"Do I Know This Already?" Quiz

Foundation Topics

Configure a Cisco Router as a PPPoE Client

Configure an Ethernet/ATM Interface for PPPoE

Configure the PPPoE DSL Dialer Interface

Configure Port Address Translation

Configure DHCP for DSL Router Users

Configure Static Default Route on a DSL Router

The Overall CPE Router Configuration

Foundation Summary

Q&A

Chapter 6 Configuring DSL Access with PPPoA

"Do I Know This Already?" Quiz

Foundation Topics

Configure a Cisco Router as a PPPoA Client

    PPP over AAL5 Connections

Configure an ATM Interface for PPPoA

Configure the PPPoA DSL Dialer and Virtual-Template Interfaces

Configure Additional PPPoA Elements

The Overall CPE Router Configuration

Foundation Summary

Q&A

Chapter 7 Verifying and Troubleshooting ADSL Configurations

"Do I Know This Already?" Quiz

Foundation Topics

DSL Connection Troubleshooting

    Layers of Trouble to Shoot

Isolating Physical Layer Issues

    Layer 1 Anatomy

    ADSL Physical Connectivity

    Where to Begin

    Playing with Colors

    Tangled Wires

    Keeping the Head on Straight

    DSL Operating Mode

Isolating Data Link Layer Issues

    PPP Negotiation

Foundation Summary

Q&A

Part II Implementing Frame Mode MPLS

Chapter 8 The MPLS Conceptual Model

"Do I Know This Already?" Quiz

Foundation Topics

Introducing MPLS Networks

    Traditional WAN Connections

    MPLS WAN Connectivity

Router Switching Mechanisms

    Standard IP Switching

    CEF Switching

Foundation Summary

Q&A

Chapter 9 MPLS Architecture

"Do I Know This Already?" Quiz

Foundation Topics

MPLS Components

MPLS Labels

    Label Stacks

    Frame Mode MPLS

Label Switching Routers

Label Allocation in Frame Mode MPLS Networks

    LIB, LFIB, and FIB

Label Distribution

    Packet Propagation

    Interim Packet Propagation

    Further Label Allocation

Foundation Summary

Q&A

Chapter 10 Configuring Frame Mode MPLS

"Do I Know This Already?" Quiz

Foundation Topics

Configuring CEF

Configuring MPLS on a Frame Mode Interface

Configuring MTU Size

Foundation Summary

Q&A

Chapter 11 MPLS VPN Technologies

"Do I Know This Already?" Quiz

Foundation Topics

MPLS VPN Architecture

Traditional VPNs

    Layer 1 Overlay

    Layer 2 Overlay

    Layer 3 Overlay

Peer-to-Peer VPNs

    VPN Benefits

    VPN Drawbacks

MPLS VPNs

    MPLS VPN Terminology

    CE Router Architecture

    PE Router Architecture

    P Router Architecture

    Route Distinguishers

    Route Targets

    End-to-End Routing Update Flow

    MPLS VPN Packet Forwarding

    MPLS VPN PHP

Foundation Summary

Q&A

Part III IPsec VPNs

Chapter 12 IPsec Overview

"Do I Know This Already?" Quiz

Foundation Topics

IPsec

    IPsec Features

    IPsec Protocols

    IPsec Modes

    IPsec Headers

    Peer Authentication

Internet Key Exchange (IKE)

    IKE Protocols

    IKE Phases

IKE Modes

    Other IKE Functions

Encryption Algorithms

    Symmetric Encryption

    Asymmetric Encryption

Public Key Infrastructure

Foundation Summary

Q&A

Chapter 13 Site-to-Site VPN Operations

"Do I Know This Already?" Quiz

Foundation Topics

Site-to-Site VPN Overview

Creating a Site-to-Site IPsec VPN

    Step 1: Specify Interesting Traffic

    Step 2: IKE Phase 1

    Step 3: IKE Phase 2

    Step 4: Secure Data Transfer

    Step 5: IPsec Tunnel Termination

Site-to-Site IPsec Configuration Steps

    Step 1: Configure the ISAKMP Policy

    Step 2: Configure the IPsec Transform Sets

    Step 3: Configure the Crypto ACL

    Step 4: Configure the Crypto Map

    Step 5: Apply the Crypto Map to the Interface

    Step 6: Configure the Interface ACL

Security Device Manager Features and Interface

Configuring a Site-to-Site VPN in SDM

    Site-to-Site VPN Wizard

    Testing the IPsec VPN Tunnel

Monitoring the IPsec VPN Tunnel

Foundation Summary

Q&A

Chapter 14 GRE Tunneling over IPsec

"Do I Know This Already?" Quiz

Foundation Topics

GRE Characteristics

GRE Header

Basic GRE Configuration

Secure GRE Tunnels

Configure GRE over IPsec Using SDM

    Launch the GRE over IPsec Wizard

    Step 1: Create the GRE Tunnel

    Step 2: Create a Backup GRE Tunnel

    Steps 3–5: IPsec VPN Information

    Step 6: Routing Information

    Step 7: Validate the GRE over IPsec Configuration

Foundation Summary

Q&A

Chapter 15 IPsec High Availability Options

"Do I Know This Already?" Quiz

Foundation Topics

Sources of Failures

Failure Mitigation

Failover Strategies

    IPsec Stateless Failover

    IPsec Stateful Failover

WAN Backed Up by an IPsec VPN

Foundation Summary

Q&A

Chapter 16 Configuring Cisco Easy VPN

"Do I Know This Already?" Quiz

Foundation Topics

Cisco Easy VPN Components

    Easy VPN Remote

    Easy VPN Server Requirements

Easy VPN Connection Establishment

    IKE Phase 1

    Establishing an ISAKMP SA

    SA Proposal Acceptance

    Easy VPN User Authentication

    Mode Configuration

    Reverse Route Injection

    IPsec Quick Mode

Easy VPN Server Configuration

    User Configuration

    Easy VPN Server Wizard

Monitoring the Easy VPN Server

Troubleshooting the Easy VPN Server

Foundation Summary

Q&A

Chapter 17 Implementing the Cisco VPN Client

"Do I Know This Already?" Quiz

Foundation Topics

Cisco VPN Client Installation and Configuration Overview

Cisco VPN Client Installation

Cisco VPN Client Configuration

    Connection Entries

    Authentication Tab

    Transport Tab

    Backup Servers Tab

    Dial-Up Tab

    Finish the Connection Configuration

Foundation Summary

Q&A

Part IV Device Hardening

Chapter 18 Cisco Device Hardening

"Do I Know This Already?" Quiz

Foundation Topics

Router Vulnerability

    Vulnerable Router Services

    Unnecessary Services and Interfaces

    Common Management Services

    Path Integrity Mechanisms

    Probes and Scans

    Terminal Access Security

    Gratuitous and Proxy ARP

Using AutoSecure to Secure a Router

Using SDM to Secure a Router

    SDM Security Audit Wizard

    SDM One-Step Lockdown Wizard

    AutoSecure Default Configurations

    SDM One-Step Lockdown Default Configurations

Foundation Summary

Q&A

Chapter 19 Securing Administrative Access

"Do I Know This Already?" Quiz

Foundation Topics

Router Access

Password Considerations

Set Login Limitations

Setup Mode

CLI Passwords

Additional Line Protections

Password Length Restrictions

Password Encryption

Create Banners

Provide Individual Logins

Create Multiple Privilege Levels

Role-Based CLI

Prevent Physical Router Compromise

Foundation Summary

Q&A

Chapter 20 Using AAA to Scale Access Control

"Do I Know This Already?" Quiz

Foundation Topics

AAA Components

AAA Access Modes

Understanding the TACACS+ and RADIUS Protocols

    UDP Versus TCP

    Packet Encryption

    Authentication and Authorization

    Multiprotocol Support

    Router Management

    Interoperability

Configuring AAA Using the CLI

    RADIUS Configuration

    TACACS+ Configuration

    AAA-Related Commands

Configuring AAA Using SDM

Using Debugging for AAA

    debug aaa authentication Command

    debug aaa authorization Command

    debug aaa accounting Command

    debug radius Command

    debug tacacs Command

Foundation Summary

Q&A

Chapter 21 Cisco IOS Threat Defense Features

"Do I Know This Already?" Quiz

Foundation Topics

Layered Device Structure

Firewall Technology Basics

    Packet Filtering

    Application Layer Gateway

    Stateful Packet Filtering

Cisco IOS Firewall Feature Set

Cisco IOS Firewall

    Authentication Proxy

    Cisco IOS IPS

Cisco IOS Firewall Operation

Cisco IOS Firewall Packet Inspection and Proxy Firewalls

Foundation Summary

Q&A

Chapter 22 Implementing Cisco IOS Firewalls

"Do I Know This Already?" Quiz

Foundation Topics

Configure a Cisco IOS Firewall Using the CLI

    Step 1: Choose an Interface and Packet Direction to Inspect

    Step 2: Configure an IP ACL for the Interface

    Step 3: Define the Inspection Rules

    Step 4: Apply the Inspection Rules and the ACL to the Interface

    Step 5: Verify the Configuration

Configure a Basic Firewall Using SDM

Configure an Advanced Firewall Using SDM

Foundation Summary

Q&A

Chapter 23 Implementing Cisco IDS and IPS

"Do I Know This Already?" Quiz

Foundation Topics

IDS and IPS Functions and Operations

Categories of IDS and IPS

IDS and IPS Signatures

Signature Reaction

Cisco IOS IPS Configuration

SDM Configuration

Foundation Summary

Q&A

Appendix A Answers to the "Do I Know This Already?" Quizzes and Q&A Sections

 

158720150x   TOC   6/18/2007