Chapter Review

Chapter Review

This chapter looked at the various hardware implementations for Cisco VPN technologies and focused mainly on the VPN 3002 Hardware Client and the VPN 3000 Series Concentrators. The VPN 3002 is typically implemented at remote sites in larger organizations. They can be augmented by Cisco IOS routers, PIX Firewalls, and VPN client software running directly on the host PC.

The 3002 comes in two models: a two-port unit that can support a single client or pass through to a hub or switch and a model with a built-in 8-port 10/100 switch. Both devices can support up to 253 users on the LAN interface and a maximum of 100 simultaneous secure connections back to the central network.

The Cisco VPN 3002 supports two modes of operation to offer implementation choices based on flexibility, security, and easy configuration: Client mode and Network Extension mode. A large VPN implementation might frequently have both types of operation. In Client mode, the VPN 3002 emulates the VPN client software appearing to the main network like a single remote user. The hosts protected behind the VPN 3002 are a separate network that remains invisible and nonroutable to the central site. In Network Extension mode, the VPN 3002 establishes a secure site-to-site connection with the central site device. The local stations behind the VPN 3002 are fully routable and the local network is visible to the central site.

The VPN 3002 supports a growing range of VPN standards and technologies, plus some implementation features to simplify large VPN implementation and support. These features include Easy VPN Client, which allows a thin installation on the 3002 and the final configuration pushed down to the 3002 on first connection to the VPN Concentrator. The 3002 also supports Auto Upgrade, which allows the VPN Concentrator to push any needed software or firmware upgrades down to the client.

The VPN 3002 supports the following two levels of client authentication mechanism that supplies a high-level of security for both the VPN 3002 and the users behind the VPN 3002: Interactive Unit Authentication authenticates the VPN device during the VPN setup, while Individual User Authentication requires each user behind the 3002 to authenticate before using the VPN tunnel.

The VPN 3002 hardware device (release 3.5) and the Cisco VPN software client (v3.0) both support Cisco’s VPN 3000 load-balancing and failover strategies that allow for more efficient use of the Concentrators and provide backup alternatives if a Concentrator fails.

The Cisco VPN 3000 Series Concentrator is a growing family of VPN devices designed and built to provide fast, reliable, and secure remote access to organization network resources. These devices work with the Cisco VPN client software and various Cisco VPN hardware devices to incorporate high availability, high performance, and scalability, plus advanced encryption and authentication technologies to the network.

The VPN 3000 Concentrator platform offers customer-upgradeable and field- swappable components to increase capacity dramatically, while maintaining the original device, rack space, and power requirements. Scalable Encryption Processing (SEP) modules can be added to the 3015 to 3060 model case to enable users to add capacity and throughput easily.

The Cisco VPN 3000 Concentrator series comes in several models to meet organization capacity requirements and applications. The platform includes models to support customers with 100 or fewer remote access users to large organizations with up to 10,000 simultaneous remote connections. The latest Cisco VPN Software Client is provided at no additional charge with unlimited distribution licensing with all versions of the Cisco VPN 3000 Concentrator.

Questions

1.?

What is the protocol the Cisco VPN 3000 Series Concentrators use to provide Wireless Client Support for personal digital assistants (PDAs) and smart phones?

  1. H.323

  2. Elliptic Curve Cryptography (ECC)

  3. IPSec/UDP NAT-T

  4. PPPoE

 B. Elliptic Curve Cryptography (ECC)

2.?

The VPN 3002 Hardware Client supports how many simultaneous VPN connections?

  1. 10

  2. 50

  3. 100

  4. 253

 C. 100

3.?

The Cisco VPN 3002 supports which two modes of operation?

  1. Split Tunneling mode

  2. Client mode

  3. DHCP mode

  4. Network Extension mode

 B. Client mode. and D. Network Extension mode

4.?

The VPN 3002 DHCP “client” service is implemented on which interface?

  1. Private

  2. DMZ

  3. Public

  4. It is user configurable on any interface

 C. Public

5.?

The VPN 3002 DHCP “server” service is implemented on which interface?

  1. Private

  2. DMZ

  3. Public

  4. It is user configurable on any interface

 A. Private

6.?

Which one of the following is not a VPN 3002–supported feature?

  1. Auto Upgrade

  2. Interactive Unit Authentication

  3. PPPoE

  4. Individual User Authentication

  5. Wireless client

 E. Wireless client

7.?

Which is not a model of VPN 3000 Concentrator?

  1. 3005

  2. 3010

  3. 3030

  4. 3060

  5. 3080

 B. 3010

8.?

Which model of VPN 3000 Concentrator supports only two 10/100 interfaces?

  1. 3005

  2. 3010

  3. 3030

  4. 3060

  5. 3080

 A. 3005

9.?

What is the maximum number of simultaneous VPN connections supported by any VPN 3000 Concentrator?

  1. 1,000

  2. 5,000

  3. 10,000

  4. 100,000

  5. No limit

 C. 10,000

10.?

What is the maximum number of SEP modules that can be installed in a VPN 3000 Concentrator?

  1. 1

  2. 2

  3. 3

  4. 4

 D. 4

11.?

Which one is not a security protocol supported by the VPN 3000 series devices?

  1. Diffie–Hellman (DH) Groups 1, 2, 5, 7 (ECDH)

  2. RRI (reverse route injection)

  3. AES (128, 192, 256 bit)

  4. DES/3DES (56/168 bit)

 B. RRI (reverse route injection)

12.?

Which one is not a common remote access VPN client connectivity technique to reach the central site?

  1. VPN switch

  2. Firewalls and hardware clients

  3. Hardware VPN routers

  4. VPN client software installed on PCs or workstations

 A. VPN switch

13.?

With the Cisco Easy VPN strategy, where is the security policy configured?

  1. Cisco Easy VPN Client

  2. Cisco Easy VPN Server

  3. Cisco VPN Client

  4. NAS

 B. Cisco Easy VPN Server

14.?

The Cisco Internet Mobile Office provides mobile professionals with what service?

  1. VPN connectivity while on airplanes

  2. PDA connectivity within the network

  3. VPN connectivity from home

  4. Secure, high-speed broadband connectivity in public places

 D. Secure, high-speed broadband connectivity in public places

15.?

Which of the following can not be a Cisco Easy VPN server?

  1. PIX Firewall

  2. IOS Router

  3. VPN 3000 Concentrator

  4. VPN 3002 hardware device

 D. VPN 3002 hardware device

Answers

1.?

B. Elliptic Curve Cryptography (ECC)

2.?

C. 100

3.?

B. Client mode. and D. Network Extension mode

4.?

C. Public

5.?

A. Private

6.?

E. Wireless client

7.?

B. 3010

8.?

A. 3005

9.?

C. 10,000

10.?

D. 4

11.?

B. RRI (reverse route injection)

12.?

A. VPN switch

13.?

B. Cisco Easy VPN Server

14.?

D. Secure, high-speed broadband connectivity in public places

15.?

D. VPN 3002 hardware device




Part III: Virtual Private Networks (VPNs)