Home > Store

CCNP Security VPN 642-647 Official Cert Guide

Register your product to gain access to bonus material or receive a coupon.

CCNP Security VPN 642-647 Official Cert Guide

Book

  • Sorry, this book is no longer in print.
Not for Sale

Description

  • Copyright 2012
  • Edition: 1st
  • Book
  • ISBN-10: 1-58714-256-2
  • ISBN-13: 978-1-58714-256-7

Trust the best selling Official Cert Guide series from Cisco Press to help you learn, prepare, and practice for exam success. They are built with the objective of providing assessment, review, and practice to help ensure you are fully prepared for your certification exam.

CCNP Security VPN 642-647 Official Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

  • Master Cisco CCNP Security VPN 642-647 exam topics
  • Assess your knowledge with chapter-opening quizzes
  • Review key concepts with exam preparation tasks
  • Practice with realistic exam questions on the CD-ROM

CCNP Security VPN 642-647 Official Cert Guide, focuses specifically on the objectives for the CCNP Security VPN exam. Cisco Certified Internetwork Expert (CCIE) Howard Hooper share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

The companion CD-ROM contains a powerful Pearson IT Certification Practice Test engine that enables you to focus on individual topic areas or take a complete, timed exam. The assessment engine also tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.

Well-regarded for its level of detail, assessment features, comprehensive design scenarios, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

The official study guide helps you master all the topics on the CCNP Security VPN exam, including:

  • Configuring policies, inheritance, and attributes
  • AnyConnect Remote Access VPN solution
  • AAA and Dynamic Access Policies (DAP)
  • High availability and performance
  • Clientless VPN solutions
  • SSL VPN with Cisco Secure Desktop
  • Easy VPN solutions
  • IPsec VPN clients and site-to-site VPNs

CCNP Security VPN 642-647 Official Cert Guide is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

The print edition of the CCNP Security VPN 642-647 Official Cert Guide contains a free, complete practice exam.

Pearson IT Certification Practice Test minimum system requirements:

Windows XP (SP3), Windows Vista (SP2), or Windows 7;

Microsoft .NET Framework 4.0 Client;

Microsoft SQL Server Compact 4.0;

Pentium class 1GHz processor (or equivalent);

512 MB RAM;

650 MB disc space plus 50 MB for each downloaded practice exam

Also available from Cisco Press for Cisco CCNP Security study is the CCNP Security VPN 642-647 Official Cert Guide Premium Edition eBook and Practice Test. This digital-only certification preparation product combines an eBook with enhanced Pearson IT Certification Practice Test.

This integrated learning package:

  • Allows you to focus on individual topic areas or take complete, timed exams
  • Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions
  • Provides unique sets of exam-realistic practice questions
  • Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

Premium Edition

The exciting new CCNP Security VPN 642-647 Official Cert Guide, Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson IT Certification Practice Test. The Premium Edition eBook and Practice Test contains the following items:

  • The CCNP Security VPN 642-647 Premium Edition Practice Test, including three full practice exams (over 200 questions) and enhanced practice test features
  • PDF and EPUB formats of the CCNP Security VPN 642-647 Official Cert Guide from Cisco Press, which are accessible via your PC, tablet, and Smartphone

About the Premium Edition Practice Test

This Premium Edition contains an enhanced version of the Pearson IT Certification Practice Test (PCPT) software with three full practice exams. In addition, it contains all the chapter-opening assessment questions from the book. This integrated learning package:

  • Allows you to focus on individual topic areas or take complete, timed exams
  • Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions
  • Provides unique sets of exam-realistic practice questions
  • Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

Pearson IT Certification Practice Test minimum system requirements:

Windows XP (SP3), Windows Vista (SP2), or Windows 7;

Microsoft .NET Framework 4.0 Client;

Microsoft SQL Server Compact 4.0;

Pentium class 1GHz processor (or equivalent);

512 MB RAM;

650 MB disc space plus 50 MB for each downloaded practice exam

About the Premium Edition eBook


CCNP Security VPN 642-647 Official Cert Guide focuses specifically on the objectives for the CCNP Security VPN exam. Cisco Certified Internetwork Expert Howard Hooper shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

CCNP Security VPN 642-647 Official Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

  

Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

This official study guide helps you master all the topics on the CCNP Security VPN exam, including:

  • Configuring policies, inheritance, and attributes
  • AnyConnect Remote Access VPN solution
  • AAA and Dynamic Access Policies (DAP)
  • High availability and performance
  • Clientless VPN solutions
  • SSL VPN with Cisco Secure Desktop
  • Easy VPN solutions
  • IPsec VPN clients and site-to-site VPNs

Sample Content

Online Sample Chapter

CCNP Security VPN Cert Guide: Configuring Policies, Inheritance, and Attributes

Sample Pages

Download the sample pages (includes Chapter 2 and Index)

Table of Contents

Introduction xxiv

Part I ASA Architecture and Technologies Overview

Chapter 1 Evaluation of the ASA Architecture 3

“Do I Know This Already?” Quiz 3

Foundation Topics 6

Examining ASA Control Fundamentals 6

    Interfaces, Security Levels, and EtherChannels 6

        Security Levels 9

        Same Security Interface and Intra-Interface Communication 10

        EtherChannels 11

    Access Control Lists 12

    Modular Policy Framework 15

Routing the Environment 16

Address Translations and Your ASA 18

AAA for Network-Based Access 21

ASA VPN Technology Comparison 24

Managing Your ASA Device 27

Packet Processing 28

Controlling VPN Access 29

The Good, the Bad, and the Licensing 32

    Time-Based Licenses 41

        When Time-Based and Permanent Licenses Combine 42

    Shared SSL VPN Licenses 43

        Failover Licensing 43

Exam Preparation Tasks 44

    Review All Key Topics 44

    Complete Tables and Lists from Memory 44

    Define Key Terms 44

Chapter 2 Configuring Policies, Inheritance, and Attributes 47

“Do I Know This Already?” Quiz 47

Foundation Topics 49

Policies and Their Relationships 49

Understanding Connection Profiles 50

    Group URL 52

    Group Alias 52

    Certificate to Connection Profile Mapping 53

    Per-User Connection Profile Lock 54

    Default Connection Profiles 55

Understanding Group Policies 56

Configure User Attributes 59

Using External Servers for AAA and Policies 60

Exam Preparation Tasks 70

    Review All Key Topics 70

    Complete Tables and Lists from Memory 70

    Define Key Terms 70

Part II Cisco AnyConnect Remote-Access VPN Solutions

Chapter 3 Deploying an AnyConnect Remote-Access VPN Solution 73

“Do I Know This Already?” Quiz 73

Foundation Topics 76

Full SSL VPN Technology Overview 76

    SSL/TLS 76

    DTLS 80

    IKEv2 81

Configuration Procedures, Deployment Strategies, and Information Gathering 83

    AnyConnect Secure Mobility Client Installation 84

Deploying Your First Full-Tunnel AnyConnect SSL VPN Solution 85

    IP Addressing 85

    Hostname, Domain Name, and DNS 85

    Enroll with a CA and Become a Member of a PKI 86

    Add an Identity Certificate 87

    Add the Signing Root CA Certificate 88

    Enable the Interfaces for SSL/DTLS and AnyConnect Client Connections 88

    Create a Connection Profile 89

Deploying Your First AnyConnect IKEv2 VPN Solution 92

    Enable the Relevant Interfaces for IKEv2 and AnyConnect Client Access 93

    Create a Connection Profile 94

Client IP Address Allocation 97

    Connection Profile Address Assignment 98

    Group Policy Address Assignment 100

    Direct User Address Assignment 104

Advanced Controls for Your Environment 104

    ACLs and Downloadable ACLs 105

    Split Tunneling 107

    Access Hours/Time Range 110

Troubleshooting the AnyConnect Secure Mobility Client 111

Exam Preparation Tasks 117

    Review All Key Topics 117

    Complete Tables and Lists from Memory 117

    Define Key Terms 117

Chapter 4 Advanced Authentication and Authorization of AnyConnect VPNs 119

“Do I Know This Already?” Quiz 119

Foundation Topics 121

Authentication Options and Strategies 121

Provisioning Certificates as a Local CA 126

Configuring Certificate Mappings 134

    Certificate-to-Connection Profile Maps 135

    Mapping Criteria 136

Provisioning Certificates from a Third-Party CA 139

    Configure an XML Profile for Use by the AnyConnect Client 141

    Configure a Dedicated Connection Profile for Enrollment 144

    Enroll the AnyConnect Client into a PKI 145

    Optionally, Configure Client Certificate Selection 147

    Import the Issuing CA’s Certificate into the ASA’s 149

    Create a Connection Profile Using Certificate-Based Authentication 150

Advanced PKI Deployment Strategies 151

    CRLs 152

    OCSP 152

Doubling Up on Client Authentication 155

Troubleshooting Your Advanced Configuration 161

Exam Preparation Tasks 163

    Review All Key Topics 163

    Complete Tables and Lists from Memory 163

    Define Key Terms 163

Chapter 5 Advanced Deployment and Management of the AnyConnect Client 165

“Do I Know This Already?” Quiz 165

Foundation Topics 167

Configuration Procedures, Deployment Strategies, and Information Gathering 167

AnyConnect Installation Options 168

    Manual Predeployment 168

    Automatic Web Deployment 172

Managing AnyConnect Client Profiles 177

Advanced Profile Features 181

    Start Before Login 182

    Trusted Network Detection 182

Advanced AnyConnect Customization and Management 188

Exam Preparation Tasks 195

    Review All Key Topics 195

    Complete Tables and Lists from Memory 195

    Define Key Terms 195

Chapter 6 Advanced Authorization Using AAA and DAPs 197

“Do I Know This Already?” Quiz 197

Foundation Topics 199

Configuration Procedures, Deployment Strategies, and Information Gathering 199

Configuring Local and Remote Group Policies 199

Full SSL VPN Accountability 209

Authorization Through Dynamic Access Policies 213

Troubleshooting Advanced Authorization Settings 216

Exam Preparation Tasks 219

    Review All Key Topics 219

    Complete Tables and Lists from Memory 219

    Define Key Terms 219

Chapter 7 AnyConnect Integration with Cisco Secure Desktop and Optional Modules 221

“Do I Know This Already?” Quiz 221

Foundation Topics 224

Cisco Secure Desktop Overview and Configuration 224

    Host Scan 225

    Prelogin Assessment 225

    Secure Desktop (Vault) 226

    Cache Cleaner 227

    Keystroke Logger Detection 228

    Integration with DAPs 228

    Host Emulation Detection 228

    Windows Mobile Device Management 228

    Standalone Installation Packages 228

    CSD Manual Launch 228

    Prelogin Policies 229

    Post-Login Policies 230

    VPN Session Termination 231

AnyConnect Posture Assessment and Host Scan 231

    AnyConnect Posture Assessment Module 231

    Host Scan 232

Configure Prelogin Policies 234

AnyConnect Network Access, Web Security, and Telemetry Modules 238

    NAM Module 238

    Web Security Module 241

    Telemetry Module 243

Exam Preparation Tasks 246

    Review All Key Topics 246

    Complete Tables and Lists from Memory 246

    Define Key Terms 246

Chapter 8 AnyConnect High Availability and Performance 249

“Do I Know This Already?” Quiz 249

Foundation Topics 251

Overview of High Availability and Redundancy Methods 251

    Hardware-Based Failover 251

    VPN Clustering (VPN Load Balancing) 252

    Redundant VPN Peering 253

    External Load Balancing 253

Deploying DTLS 255

Performance Assurance with QOS 256

    Basic ASDM QoS Configuration 258

AnyConnect Redundant Peering and Failover 265

Hardware-Based Failover with VPNs 267

    Configure LAN Failover Interfaces 269

    Configure Standby Addresses on Interfaces Used for Traffic Forwarding 270

    Define Failover Criteria 270

    Configure Nondefault MAC Addresses 270

Redundancy in the VPN Core 271

    VPN Clustering 272

    Load Balancing Using an External Load Balancer 274

Exam Preparation Tasks 276

    Review All Key Topics 276

    Complete Tables and Lists from Memory 276

    Define Key Terms 276

Part III Cisco Clientless Remote-Access VPN Solutions

Chapter 9 Deploying a Clientless SSL VPN Solution 279

“Do I Know This Already?” Quiz 279

Foundation Topics 282

Clientless SSL VPN Overview 282

SSL VPN Building Blocks 283

    SSL/TLS Recap 283

    SSL Tunnel Negotiation 285

    Handshake 286

Deployment Procedures and Strategies 289

    Physical Topology 289

Deploying Your First Clientless SSL VPN Solution 293

    IP Addressing 293

    Hostname, Domain Name, and DNS 293

    Become a Member of a Public Key Infrastructure 294

    Adding a CA Root Certificate 294

    Certificate Revocation List 295

    Revocation Check 296

    CRL Retrieval Policy 297

    CRL Retrieval Method 297

    OCSP Rules 297

    Advanced 301

    Enable the Relevant Interfaces for SSL 311

    Create Local User Accounts for Authentication 312

    Create a Connection Profile (Optional) 315

Basic Access Control 319

    Bookmarks 320

    HTTP and HTTPS 320

    CIFS 321

    FTP 321

    Group Policies 323

Content Transformation 327

    Gateway Content Rewriting 327

    Application Helper Profiles 329

    Java Code Signing 330

Troubleshooting a Basic Clientless SSL VPN 331

    Troubleshooting Session Establishment 331

    Troubleshooting Certificate Errors 333

Exam Preparation Tasks 335

    Review All Key Topics 335

    Complete Tables and Lists from Memory 335

    Define Key Terms 335

Chapter 10 Advanced Clientless SSL VPN Settings 337

“Do I Know This Already?” Quiz 337

Foundation Topics 340

Overview of Advanced Clientless SSL VPN Settings 340

Application Access Through Port Forwarding 343

    Configuring Port Forwarding Using the ASDM 345

Application Access Using Client-Server Plug-Ins 349

    Configuring Client-Server Plug-In Access Using the ASDM 350

Application Access Through Smart Tunnels 357

    Configuring Smart Tunnel Access Using the ASDM 359

Configuring SSL/TLS Proxies 363

    Email Proxy 363

    Internal HTTP and HTTPS Proxy 365

Troubleshooting Advanced Application Access 366

    Troubleshooting Application Access 366

    Client 366

    ASA/VPN Termination Appliance 367

    Application/Web Server 369

Exam Preparation Tasks 370

    Review All Key Topics 370

    Complete Tables and Lists from Memory 370

    Define Key Terms 370

Chapter 11 Customizing the Clientless Portal 373

“Do I Know This Already?” Quiz 373

Foundation Topics 375

Basic Portal Layout Configuration 375

    Logon Page Customization 377

    Portal Page Customization 379

    Logout Page Customization 379

Outside-the-Box Portal Configuration 381

Portal Localization 381

Getting Portal Help 386

AnyConnect Portal Integration 387

Clientless SSL VPN Advanced Authentication 389

Using an External and Internal CA for Clientless Access 391

Clientless SSL VPN Double Authentication 399

Deploying Clientless SSL VPN Single Sign-On 403

Troubleshooting PKI and SSO Integration 406

Exam Preparation Tasks 410

    Review All Key Topics 410

    Complete Tables and Lists from Memory 410

    Define Key Terms 410

Chapter 12 Advanced Authorization Using Dynamic Access Policies 413

“Do I Know This Already?” Quiz 413

Foundation Topics 416

Configuration Procedures, Deployment Strategies, and Information Gathering 416

    Create a DAP 419

    Specify User AAA Attributes 419

    Specify Endpoint Attributes 421

    Configure Authorization Parameters 424

    Configure Authorization Parameters for the Default DAP 426

DAP Record Aggregation 427

Troubleshooting DAP Deployment 432

    ASDM Test Feature 432

    ASA Logging 434

    DAP Debugging 435

Exam Preparation Tasks 437

    Review All Key Topics 437

    Complete Tables and Lists from Memory 437

    Define Key Terms 437

Chapter 13 Clientless SSL VPN with Cisco Secure Desktop 439

“Do I Know This Already?” Quiz 439

Foundation Topics 441

Cisco Secure Desktop Overview and Configuration 441

    Prelogin Assessment 442

    Host Scan 443

    Secure Desktop (Vault) 443

    Cache Cleaner 443

    Keystroke Logger Detection 444

    Integration with DAP 444

    Host Emulation Detection 444

    Windows Mobile Device Management 444

    Standalone Installation Packages 444

    CSD Manual Launch 444

    Secure Desktop (Vault) 446

    Cache Cleaner 446

    CSD Supported Browsers, Operating Systems, and Credentials 447

    Enabling Cisco Secure Desktop on the ASA 450

Configure Prelogin Criteria 452

    Keystroke Logger and Safety Checks 457

    Cache Cleaner 457

    Secure Desktop (Vault) General 458

    Secure Desktop (Vault) Settings 459

    Secure Desktop (Vault) Browser 460

Host Endpoint Assessment 460

Authorization Through DAPs 461

Troubleshooting Cisco Secure Desktop 463

Exam Preparation Tasks 465

    Review All Key Topics 465

    Complete Tables and Lists from Memory 465

    Define Key Terms 465

Chapter 14 Clientless SSL VPN High-Availability and Performance Options 467

“Do I Know This Already?” Quiz 467

Foundation Topics 469

High-Availability Deployment Information and Common Strategies 469

    Failover 469

    Active/Active 469

    Active/Standby 469

    VPN Load Balancing (Clustering) 470

    External Load Balancing 470

    Redundant VPN Peering 470

Content Caching for Optimization 472

Clientless SSL VPN Load Sharing Using an External Load Balancer 473

Clustering Configuration for Clientless SSL VPN 474

Troubleshooting Load Balancing and Clustering 477

Exam Preparation Tasks 479

    Review All Key Topics 479

    Complete Tables and Lists from Memory 479

    Define Key Terms 479

Part IV Cisco IPsec Remote-Access Client Solutions

Chapter 15 Deploying and Managing the Cisco VPN Client 481

“Do I Know This Already?” Quiz 481

Foundation Topics 483

IPsec Review 483

    IKEv1 483

    AH and ESP 486

Cisco IPsec VPN Client Features 488

IPsec Client Software Installation and Basic Configuration 491

    Connection Entries 495

    Status 495

    Certificates 495

    Log 495

    Options 495

    Help 496

    Create New VPN Connection Entry, Main Window 496

    Authentication Tab 496

    Transport Tab 497

    Backup Servers Tab 497

    Dial-Up Tab 497

Advanced Profile Settings 498

VPN Client Software GUI Customization 507

Troubleshooting VPN Client Connectivity 507

Exam Preparation Tasks 512

    Review All Key Topics 512

    Complete Tables and Lists from Memory 512

    Define Key Terms 512

Part V Cisco Easy VPN Solutions

Chapter 16 Deploying Easy VPN Solutions 515

“Do I Know This Already?” Quiz 515

Foundation Topics 517

Configuration Procedures, Deployment Procedures, and Information Gathering 517

Easy VPN Basic Configuration 519

    ASA IP Addresses 519

    Configure Required Routing 519

    Enable IPsec Connectivity 519

    Configure Preferred IKEv1 and IPsec Policies 522

    Client IP Address Assignment 527

    VPN Client Authentication Using Pre-Shared Keys 529

    Using XAUTH for VPN Client Access 532

    IP Address Allocation Using the VPN Client 533

    DHCP Configuration 538

Controlling Your Environment with Advanced Features 539

    ACL Bypass Configuration 540

    Basic Interface ACL Configuration 540

    Per-Group ACL Configuration 542

    Per-User ACL Configuration 543

    Split-Tunneling Configuration 545

    Troubleshooting a Basic Easy VPN 546

Exam Preparation Tasks 548

    Review All Key Topics 548

    Complete Tables and Lists from Memory 548

    Define Key Terms 548

Chapter 17 Advanced Authentication and Authorization Using Easy VPN 551

“Do I Know This Already?” Quiz 551

Foundation Topics 553

Authentication Options and Strategies 553

Configuring PKI with IPsec Easy VPNs 556

Configuring Mutual/Hybrid Authentication 561

Configuring Digital Certificate Mappings 562

Provisioning Certificates from a Third-Party CA 566

Advanced PKI Deployment Strategies 570

Troubleshooting Advanced Authentication for Easy VPN 575

Exam Preparation Tasks 577

    Review All Key Topics 577

    Complete Tables and Lists from Memory 577

    Define Key Terms 577

Chapter 18 Advanced Easy VPN Authorization 579

“Do I Know This Already?” Quiz 579

Foundation Topics 581

Configuration Procedures, Deployment Strategies, and Information Gathering 581

Configuring Local and Remote Group Policies 582

    Assigning a Group Policy to a Local User Account 586

    Assigning a Group Policy to a Connection Profile 586

Accounting Methods for Operational Information 588

    NetFlow 9 591

    RADIUS VPN Accounting 593

    SNMP 594

Exam Preparation Tasks 597

    Review All Key Topics 597

    Complete Tables and Lists from Memory 597

    Define Key Terms 597

Chapter 19 High Availability and Performance for Easy VPN 599

“Do I Know This Already?” Quiz 599

Foundation Topics 602

Configuration Procedures, Deployment Strategies, and Information Gathering 602

Easy VPN Client HA and Failover 604

Hardware-Based Failover with VPNs 606

    Configure Optional Active/Standby Failover Settings 610

Clustering Configuration for Easy VPN 612

Troubleshooting Device Failover and Clustering 615

Exam Preparation Tasks 619

    Review All Key Topics 619

    Complete Tables and Lists from Memory 619

    Define Key Terms 619

Chapter 20 Easy VPN Operation Using the ASA 5505 as a Hardware Client 621

“Do I Know This Already?” Quiz 621

Foundation Topics 623

Easy VPN Remote Hardware Client Overview 623

    Client Mode 623

    Network Extension Mode 624

Configuring a Basic Easy VPN Remote Client Using the ASA 5505 625

Configuring Advanced Easy VPN Remote Client Settings for the ASA 5505 627

    X-Auth and Device Authentication 627

    Remote Management 629

    Enable Tunneled Management 630

    Clear Tunneled Management 630

    NAT Traversal 631

    Device Pass-Through 632

Troubleshooting the ASA 5505 Easy VPN Remote Hardware Client 633

Exam Preparation Tasks 637

    Review All Key Topics 637

    Complete Tables and Lists from Memory 637

    Define Key Terms 637

Part VI Cisco IPsec Site-to-Site VPN Solutions

Chapter 21 Deploying IPsec Site-to-Site VPNs 639

“Do I Know This Already?” Quiz 639

Foundation Topics 642

Configuration Procedures, Deployment Strategies, and Information Gathering 642

IKEv1 Phase 1 644

IKEv1 Phase 2 (Quick Mode) 645

Configuring a Basic IPsec Site-to-Site VPN 647

    Configure Basic Peer Authentication 647

        Enable IKEv1 on the Interface 648

        Configure IKEv1 Policies 648

        Configure Pre-Shared Keys 649

    Configure Transmission Protection 650

        Select Transform Set and VPN Peer 650

        Define Interesting Traffic 652

Configure Advanced Authentication for IPsec Site-to-Site VPNs 656

Troubleshooting an IPsec Site-to-Site VPN Connection 661

    Tunnel Not Establishing: Phase 1 662

    Tunnel Not Establishing: Phase 2 662

    Traffic Not Passing Through Your Tunnel 662

Exam Preparation Tasks 664

    Review All Key Topics 664

    Complete Tables and Lists from Memory 664

    Define Key Terms 664

Chapter 22 High Availability and Performance Strategies for IPsec Site-to-Site VPNs 667

“Do I Know This Already?” Quiz 667

Foundation Topics 669

Configuration Procedures, Deployment Strategies, and Information Gathering 669

High Assurance with QoS 670

    Basic ASDM QoS Configuration 672

Deploying Redundant Peering for Site-to-Site VPNs 678

Site-to-Site VPN Redundancy Using Routing 679

Hardware-Based Failover with VPNs 683

    Configure LAN Failover Interfaces 684

    Configure Standby Addresses on Interfaces Used for Traffic Forwarding 685

    Define Failover Criteria 686

    Configure Nondefault Mac Addresses 686

Troubleshooting HA Deployment 688

Exam Preparation Tasks 690

    Review All Key Topics 690

    Complete Tables and Lists from Memory 690

    Define Key Terms 690

Part VII Exam Preparation

Chapter 23 Final Exam Preparation 693

Tools for Final Preparation 693

    Pearson Cert Practice Test Engine and Questions on the CD 693

    Install the Software from the CD 694

        Activate and Download the Practice Exam 694

        Activating Other Exams 695

        Premium Edition 695

    The Cisco Learning Network 695

    Memory Tables 695

Suggested Plan for Final Review/Study 696

    Using the Exam Engine 696

Summary 697

Part VIII Appendixes

Appendix A Answers to the “Do I Know This Already?” Quizzes 699

Appendix B 642-647 CCNP Security VPN Exam Updates, Version 1.0 703

Appendix C Memory Tables (CD only)

Appendix D Memory Tables Answer Key (CD only)

Glossary 707

9781587142567    TOC    6/20/2011

More Information

Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Pearson IT Certification products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by Adobe Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.pearsonitcertification.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020