This chapter looked at using Cisco VPN 3000 Series Concentrator devices in LAN-to- LAN VPN implementations. The VPN Concentrator works as an endpoint device in these implementations. While the peer device can be a router, PIX firewall, Cisco VPN 3002 hardware client, or third-party VPN device, this chapter and the features that will be tested on the exam assume Cisco VPN Concentrators will be on both ends of the link.
LAN-to-LAN (site-to-site) VPNs are a rapidly expanding alternative or augmentation to leased line or Frame Relay WAN infrastructures. VPNs are used to create secure tunnels between two networks via an insecure public network, such as the Internet. The Cisco Concentrator supports three types of tunnels: Layer 2 Tunneling Protocol (L2TP), Point-to-Point Tunneling Protocol (PPTP), and IPSec.
Two types of LAN-to-LAN VPN implementations exist.
Intranet VPNs provide secure connections between branch offices to the enterprise network resources.
Extranet VPNs provide secure connections for special third parties, such as business partners, vendors, and customers to the specified enterprise resources.
The Concentrator menu-driven system is used to configure basic LAN-to-LAN VPN parameters, as well as to enable and define features like NAT Transparency and VPN routing features, such as reverse route injection (RRI) and Virtual Router Redundancy Protocol (VRRP).
1.? |
Which one of the following tunnel protocols is not supported on Cisco Concentrators?
|
|
2.? |
Which three ports must be open on the entire data path for standard IPSec VPNs?
|
|
3.? |
Assuming LAN-to-LAN Network Lists are used, how many lists would a remote branch have in a hub-and-spoke topology?
|
|
4.? |
Which is an example of a valid Network List entry?
|
|
5.? |
How many LAN-to-LAN connections can be created with each VPN peer?
|
|
6.? |
What is the maximum total number of LAN-to-LAN connections supported on the VPN 3060 Concentrator?
|
|
7.? |
If the Configuration | System | Tunneling Protocols | IPSec | LAN-to-LAN | No Public Interfaces message is displayed, which statement is false?
|
|
8.? |
Which is not an IPSec NAT Transparency feature?
|
|
9.? |
Which statement is not true about IPSec over TCP?
|
|
10.? |
Which version of the VPN software is required to support NAT Traversal?
|
|
11.? |
What is the default port for IPSec over TCP?
|
|
12.? |
Which of the following could be used to create a LAN-to-LAN VPN connection between two networks with overlapping IP addresses?
|
|
13.? |
Which Concentrator feature allows the VPN Concentrator to add static routes to its routing table, and then to share those routes with connected routers?
|
|
14.? |
Which of the following causes the Concentrator to retain routing table entries that might otherwise be dropped because of link inactivity?
|
|
15.? |
Which feature provides failover protection for VPN Concentrator users?
|
|
Answers
1.? |
D. Layer 2 Forwarding (L2F) |
2.? |
A. Protocol 50, C. Protocol 51, and D. UDP 500 |
3.? |
B. 2 |
4.? |
C. 192.168.10.0/0.0.0.255 |
5.? |
A. 1 |
6.? |
D. 1000 |
7.? |
C. You need to go to the Configure | Interfaces screen |
8.? |
B. IPSec over PPP |
9.? |
D. Supports LAN-to-LAN connections |
10.? |
C. 3.6 |
11.? |
D. 10000 |
12.? |
C. NAT both LANs |
13.? |
D. RRI |
14.? |
B. Address Pool Hold Down Routes |
15.? |
B. VRRP |