CCNP ISCW Official Exam Certification Guide (CCNP ISCW 官方考試認證指南)

Brian Morgan, Neil Lovering

  • 出版商: Cisco Press
  • 出版日期: 2007-07-28
  • 定價: $1,950
  • 售價: 2.0$399
  • 語言: 英文
  • 頁數: 696
  • 裝訂: Hardcover
  • ISBN: 158720150X
  • ISBN-13: 9781587201509
  • 相關分類: Cisco
  • 立即出貨(限量) (庫存=6)

買這商品的人也買了...

相關主題

商品描述

Description

CCNP ISCW Official Exam Certification Guide

 

  • Master all 642-825 exam topics with the official study guide
  • Assess your knowledge with chapter-opening quizzes
  • Review key concepts with foundation summaries
  • Practice with hundreds of exam questions on the CD-ROM

 

Brian Morgan, CCIE® No. 4865

Neil Lovering, CCIE No. 1772

 

CCNP ISCW Official Exam Certification Guide is a best of breed Cisco® exam study guide that focuses specifically on the objectives for the Implementing Secure Converged Wide Area Networks exam (642-825 ISCW). Successfully passing the ISCW 642-825 exam certifies that you have the knowledge and skills necessary to secure and expand the reach of an enterprise network to teleworkers and remote sites with focus on securing remote access and VPN client configuration.

 

CCNP ISCW Official Exam Certification Guide follows a logical organization of the CCNP® ISCW exam objectives. Material is presented in a concise manner, focusing on increasing your retention and recall of exam topics. You can organize your exam preparation through the use of the consistent features in these chapters. “Do I Know This Already?” quizzes open each chapter and allow you to decide how much time you need to spend on each section. Exam topic lists and concise Foundation Summary information make referencing easy and give you a quick refresher whenever you need it. Challenging chapter-ending review questions help you assess your knowledge and reinforce key concepts.

 

The companion CD-ROM contains a powerful testing engine that allows you to focus on individual topic areas or take complete, timed exams. The assessment engine also tracks your performance and provides feedback on a topic-by-topic basis, presenting question-by-question remediation to the text. Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this book helps you master the concepts and techniques that can enable you to succeed on the exam the first time.

 

Brian Morgan, CCIE® No. 4865, is a consulting systems engineer for Cisco, specializing in Unified Communications technologies. He services a number of Fortune 500 companies in architectural, design, and support roles. With more than 15 years in the networking industry, he served as director of engineering for a large telecommunications company, is a certified Cisco instructor teaching at all levels, from basic routing and switching to CCIE lab preparation, and spent a number of years with IBM Network Services serving many of IBM’s largest clients. He is a former member of the ATM Forum and a long-time member of the IEEE.

 

Neil Lovering, CCIE No. 1772, works as a design consultant for Cisco. Neil has been with Cisco for more than three years and works on large-scale government networking solutions projects. Prior to Cisco, Neil was a network consultant and instructor for more than eight years and worked on various routing, switching, dialup, and security projects for many customers all over North America.

 

This official study guide helps you master all the topics on the CCNP ISCW exam, including

  • The Cisco hierarchical network model as it pertains to the WAN
  • Teleworker configuration and access with broadband technologies
  • Frame mode MPLS
  • IPsec VPN implementations
  • Cisco device hardening
  • Cisco IOS® Firewall features
  • Cisco IOS Intrusion Prevention System (IPS) features

 

Companion CD-ROM

The CD-ROM contains an electronic copy of the book and more than 200 practice questions for the ISCW exam, which are all available in study mode, test mode, and flash card format.

 

This volume is part of the Exam Certification Guide Series from Cisco Press®. Books in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco Career Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as exam day nears.




 

Table of Contents

CCNP ISCW Official Exam Certification Guide

Part I Remote Connectivity Best Practices

Chapter 1 Describing Network Requirements

"Do I Know This Already?" Quiz 5

Foundation Topics 9

Describing Network Requirements 9

Intelligent Information Network 9

SONA

    Networked Infrastructure Layer

    Interactive Services Layer

    Application Layer

Cisco Network Models

    Cisco Hierarchical Network Model

    Campus Network Architecture

    Branch Network Architecture

    Data Center Architecture

    Enterprise Edge Architecture

    Teleworker Architecture

    WAN/MAN Architecture

Remote Connection Requirements in a Converged Network

    Central Site

    Branch Office

    SOHO Site

    Integrated Services for Secure Remote Access

Foundation Summary

Q&A

Chapter 2 Topologies for Teleworker Connectivity

"Do I Know This Already?" Quiz

Foundation Topics

Facilitating Remote Connections

    IIN and the Teleworker

    Enterprise Architecture Framework

    Remote Connection Options

Challenges of Connecting Teleworkers

    Infrastructure Options

    Infrastructure Services

    Teleworker Components

    Traditional Teleworker versus Business-Ready Teleworker

Foundation Summary

Q&A

Chapter 3 Using Cable to Connect to a Central Site

"Do I Know This Already?" Quiz

Foundation Topics

Cable Access Technologies

    Cable Technology Terminology

    Cable System Standards

    Cable System Components

    Cable Features

    Cable System Benefits

Radio Frequency Signals

    Digital Signals over RF Channels

Data over Cable

    Hybrid Fiber-Coaxial Networks

    Data Transmission

Cable Technology Issues

Provisioning Cable Modems

Foundation Summary

Q&A

Chapter 4 Using DSL to Connect to a Central Site

"Do I Know This Already?" Quiz

Foundation Topics

DSL Features

    POTS Coexistence

DSL Limitations

DSL Variants

    Asymmetric DSL Types

    Symmetric DSL Types

ADSL Basics

ADSL Modulation

    CAP

    DMT

Data Transmission over ADSL

    RFC 1483/2684 Bridging

    PPP Background

PPP over Ethernet

    Discovery Phase

    PPP Session Phase

    Optimizing PPPoE MTU

PPP over ATM

Foundation Summary

Q&A

Chapter 5 Configuring DSL Access with PPPoE

"Do I Know This Already?" Quiz

Foundation Topics

Configure a Cisco Router as a PPPoE Client

Configure an Ethernet/ATM Interface for PPPoE

Configure the PPPoE DSL Dialer Interface

Configure Port Address Translation

Configure DHCP for DSL Router Users

Configure Static Default Route on a DSL Router

The Overall CPE Router Configuration

Foundation Summary

Q&A

Chapter 6 Configuring DSL Access with PPPoA

"Do I Know This Already?" Quiz

Foundation Topics

Configure a Cisco Router as a PPPoA Client

    PPP over AAL5 Connections

Configure an ATM Interface for PPPoA

Configure the PPPoA DSL Dialer and Virtual-Template Interfaces

Configure Additional PPPoA Elements

The Overall CPE Router Configuration

Foundation Summary

Q&A

Chapter 7 Verifying and Troubleshooting ADSL Configurations

"Do I Know This Already?" Quiz

Foundation Topics

DSL Connection Troubleshooting

    Layers of Trouble to Shoot

Isolating Physical Layer Issues

    Layer 1 Anatomy

    ADSL Physical Connectivity

    Where to Begin

    Playing with Colors

    Tangled Wires

    Keeping the Head on Straight

    DSL Operating Mode

Isolating Data Link Layer Issues

    PPP Negotiation

Foundation Summary

Q&A

Part II Implementing Frame Mode MPLS

Chapter 8 The MPLS Conceptual Model

"Do I Know This Already?" Quiz

Foundation Topics

Introducing MPLS Networks

    Traditional WAN Connections

    MPLS WAN Connectivity

Router Switching Mechanisms

    Standard IP Switching

    CEF Switching

Foundation Summary

Q&A

Chapter 9 MPLS Architecture

"Do I Know This Already?" Quiz

Foundation Topics

MPLS Components

MPLS Labels

    Label Stacks

    Frame Mode MPLS

Label Switching Routers

Label Allocation in Frame Mode MPLS Networks

    LIB, LFIB, and FIB

Label Distribution

    Packet Propagation

    Interim Packet Propagation

    Further Label Allocation

Foundation Summary

Q&A

Chapter 10 Configuring Frame Mode MPLS

"Do I Know This Already?" Quiz

Foundation Topics

Configuring CEF

Configuring MPLS on a Frame Mode Interface

Configuring MTU Size

Foundation Summary

Q&A

Chapter 11 MPLS VPN Technologies

"Do I Know This Already?" Quiz

Foundation Topics

MPLS VPN Architecture

Traditional VPNs

    Layer 1 Overlay

    Layer 2 Overlay

    Layer 3 Overlay

Peer-to-Peer VPNs

    VPN Benefits

    VPN Drawbacks

MPLS VPNs

    MPLS VPN Terminology

    CE Router Architecture

    PE Router Architecture

    P Router Architecture

    Route Distinguishers

    Route Targets

    End-to-End Routing Update Flow

    MPLS VPN Packet Forwarding

    MPLS VPN PHP

Foundation Summary

Q&A

Part III IPsec VPNs

Chapter 12 IPsec Overview

"Do I Know This Already?" Quiz

Foundation Topics

IPsec

    IPsec Features

    IPsec Protocols

    IPsec Modes

    IPsec Headers

    Peer Authentication

Internet Key Exchange (IKE)

    IKE Protocols

    IKE Phases

IKE Modes

    Other IKE Functions

Encryption Algorithms

    Symmetric Encryption

    Asymmetric Encryption

Public Key Infrastructure

Foundation Summary

Q&A

Chapter 13 Site-to-Site VPN Operations

"Do I Know This Already?" Quiz

Foundation Topics

Site-to-Site VPN Overview

Creating a Site-to-Site IPsec VPN

    Step 1: Specify Interesting Traffic

    Step 2: IKE Phase 1

    Step 3: IKE Phase 2

    Step 4: Secure Data Transfer

    Step 5: IPsec Tunnel Termination

Site-to-Site IPsec Configuration Steps

    Step 1: Configure the ISAKMP Policy

    Step 2: Configure the IPsec Transform Sets

    Step 3: Configure the Crypto ACL

    Step 4: Configure the Crypto Map

    Step 5: Apply the Crypto Map to the Interface

    Step 6: Configure the Interface ACL

Security Device Manager Features and Interface

Configuring a Site-to-Site VPN in SDM

    Site-to-Site VPN Wizard

    Testing the IPsec VPN Tunnel

Monitoring the IPsec VPN Tunnel

Foundation Summary

Q&A

Chapter 14 GRE Tunneling over IPsec

"Do I Know This Already?" Quiz

Foundation Topics

GRE Characteristics

GRE Header

Basic GRE Configuration

Secure GRE Tunnels

Configure GRE over IPsec Using SDM

    Launch the GRE over IPsec Wizard

    Step 1: Create the GRE Tunnel

    Step 2: Create a Backup GRE Tunnel

    Steps 3–5: IPsec VPN Information

    Step 6: Routing Information

    Step 7: Validate the GRE over IPsec Configuration

Foundation Summary

Q&A

Chapter 15 IPsec High Availability Options

"Do I Know This Already?" Quiz

Foundation Topics

Sources of Failures

Failure Mitigation

Failover Strategies

    IPsec Stateless Failover

    IPsec Stateful Failover

WAN Backed Up by an IPsec VPN

Foundation Summary

Q&A

Chapter 16 Configuring Cisco Easy VPN

"Do I Know This Already?" Quiz

Foundation Topics

Cisco Easy VPN Components

    Easy VPN Remote

    Easy VPN Server Requirements

Easy VPN Connection Establishment

    IKE Phase 1

    Establishing an ISAKMP SA

    SA Proposal Acceptance

    Easy VPN User Authentication

    Mode Configuration

    Reverse Route Injection

    IPsec Quick Mode

Easy VPN Server Configuration

    User Configuration

    Easy VPN Server Wizard

Monitoring the Easy VPN Server

Troubleshooting the Easy VPN Server

Foundation Summary

Q&A

Chapter 17 Implementing the Cisco VPN Client

"Do I Know This Already?" Quiz

Foundation Topics

Cisco VPN Client Installation and Configuration Overview

Cisco VPN Client Installation

Cisco VPN Client Configuration

    Connection Entries

    Authentication Tab

    Transport Tab

    Backup Servers Tab

    Dial-Up Tab

    Finish the Connection Configuration

Foundation Summary

Q&A

Part IV Device Hardening

Chapter 18 Cisco Device Hardening

"Do I Know This Already?" Quiz

Foundation Topics

Router Vulnerability

    Vulnerable Router Services

    Unnecessary Services and Interfaces

    Common Management Services

    Path Integrity Mechanisms

    Probes and Scans

    Terminal Access Security

    Gratuitous and Proxy ARP

Using AutoSecure to Secure a Router

Using SDM to Secure a Router

    SDM Security Audit Wizard

    SDM One-Step Lockdown Wizard

    AutoSecure Default Configurations

    SDM One-Step Lockdown Default Configurations

Foundation Summary

Q&A

Chapter 19 Securing Administrative Access

"Do I Know This Already?" Quiz

Foundation Topics

Router Access

Password Considerations

Set Login Limitations

Setup Mode

CLI Passwords

Additional Line Protections

Password Length Restrictions

Password Encryption

Create Banners

Provide Individual Logins

Create Multiple Privilege Levels

Role-Based CLI

Prevent Physical Router Compromise

Foundation Summary

Q&A

Chapter 20 Using AAA to Scale Access Control

"Do I Know This Already?" Quiz

Foundation Topics

AAA Components

AAA Access Modes

Understanding the TACACS+ and RADIUS Protocols

    UDP Versus TCP

    Packet Encryption

    Authentication and Authorization

    Multiprotocol Support

    Router Management

    Interoperability

Configuring AAA Using the CLI

    RADIUS Configuration

    TACACS+ Configuration

    AAA-Related Commands

Configuring AAA Using SDM

Using Debugging for AAA

    debug aaa authentication Command

    debug aaa authorization Command

    debug aaa accounting Command

    debug radius Command

    debug tacacs Command

Foundation Summary

Q&A

Chapter 21 Cisco IOS Threat Defense Features

"Do I Know This Already?" Quiz

Foundation Topics

Layered Device Structure

Firewall Technology Basics

    Packet Filtering

    Application Layer Gateway

    Stateful Packet Filtering

Cisco IOS Firewall Feature Set

Cisco IOS Firewall

    Authentication Proxy

    Cisco IOS IPS

Cisco IOS Firewall Operation

Cisco IOS Firewall Packet Inspection and Proxy Firewalls

Foundation Summary

Q&A

Chapter 22 Implementing Cisco IOS Firewalls

"Do I Know This Already?" Quiz

Foundation Topics

Configure a Cisco IOS Firewall Using the CLI

    Step 1: Choose an Interface and Packet Direction to Inspect

    Step 2: Configure an IP ACL for the Interface

    Step 3: Define the Inspection Rules

    Step 4: Apply the Inspection Rules and the ACL to the Interface

    Step 5: Verify the Configuration

Configure a Basic Firewall Using SDM

Configure an Advanced Firewall Using SDM

Foundation Summary

Q&A

Chapter 23 Implementing Cisco IDS and IPS

"Do I Know This Already?" Quiz

Foundation Topics

IDS and IPS Functions and Operations

Categories of IDS and IPS

IDS and IPS Signatures

Signature Reaction

Cisco IOS IPS Configuration

SDM Configuration

Foundation Summary

Q&A

Appendix A Answers to the "Do I Know This Already?" Quizzes and Q&A Sections

 

158720150x   TOC   6/18/2007

商品描述(中文翻譯)

Description



CCNP ISCW Official Exam Certification Guide


 



  • 掌握642-825考試的所有主題,使用官方學習指南

  • 通過章節開頭的測驗評估您的知識

  • 通過基礎摘要回顧關鍵概念

  • 在CD-ROM上練習數百道考試題目


 


Brian Morgan, CCIE® No. 4865


Neil Lovering, CCIE No. 1772


 


CCNP ISCW Official Exam Certification Guide是一本最佳的思科考試學習指南,專注於實施安全的廣域網路(ISCW)考試(642-825)。成功通過ISCW 642-825考試證明您具備保護和擴展企業網路以適應遠程工作者和遠程站點的知識和技能,重點是保護遠程訪問和VPN客戶端配置。


 


CCNP ISCW Official Exam Certification Guide按照CCNP® ISCW考試目標的邏輯組織。材料以簡潔的方式呈現,重點是增加您對考試主題的記憶和回憶。您可以通過使用這些章節中的一致特點來組織您的考試準備。每章的“我已經知道這個了嗎?”測驗讓您決定需要花多少時間在每個部分上。考試主題列表和簡潔的基礎摘要信息使得參考變得容易,並在您需要時快速複習。具有挑戰性的章節結束的回顧問題幫助您評估自己的知識並鞏固關鍵概念。


 


附帶的CD-ROM包含一個強大的測試引擎,使您可以專注於個別主題領域或進行完整的定時考試。評估引擎還會根據主題提供您的表現和反饋,並提供逐個問題的補救措施。這本書以其詳細程度、評估功能和具有挑戰性的回顧問題和練習而受到好評,它可以幫助您掌握可以使您在第一次考試中成功的概念和技巧。


 


Brian Morgan, CCIE® No. 4865,是思科的咨詢系統工程師,專門從事統一通信技術。他為多家財富500強公司提供架構、設計和支持角色的服務。在網絡行業擁有15年以上的經驗,他曾擔任大型電信公司的工程總監,是一位經過認證的思科講師,教授從基礎路由和交換到CCIE實驗室準備的所有級別,並在IBM網絡服務部門工作了多年,為IBM的許多大客戶提供服務。他曾是ATM論壇的成員,也是IEEE的長期成員。


 


Neil Lovering, CCIE No. 1772,是思科的設計顧問。Neil在思科工作超過三年,從事大型政府網絡解決方案項目。在加入思科之前,Neil是一位網絡顧問和講師,擁有超過八年的網絡顧問和講師經驗,並為北美各地的許多客戶參與了各種路由、交換、撥號和安全項目。


 


這本書的目的是幫助您準備並成功通過CCNP ISCW考試,並成為一名合格的思科專業人士。