CCNP ISCW official exam certification guide

CCNP ISCW Official Exam Certification Guide Master all 642-825 exam topics with the official study guide Assess your knowledge with chapter-opening quizzes Review key concepts with foundation summaries Practice with hundreds of exam questions on the CD-ROM Brian Morgan, CCIE (R) No. 4865 Neil Lovering, CCIE No. 1772 CCNP ISCW Official Exam Certification Guide is a best of breed Cisco (R) exam study guide that focuses specifically on the objectives for the Implementing Secure Converged Wide Area Networks exam (642-825 ISCW). Successfully passing the ISCW 642-825 exam certifies that you have the knowledge and skills necessary to secure and expand the reach of an enterprise network to teleworkers and remote sites with focus on securing remote access and VPN client configuration. CCNP ISCW Official Exam Certification Guide follows a logical organization of the CCNP (R) ISCW exam objectives. Material is presented in a concise manner, focusing on increasing your retention and recall of exam topics. You can organize your exam preparation through the use of the consistent features in these chapters. "Do I Know This Already?" quizzes open each chapter and allow you to decide how much time you need to spend on each section. Exam topic lists and concise Foundation Summary information make referencing easy and give you a quick refresher whenever you need it. Challenging chapter-ending review questions help you assess your knowledge and reinforce key concepts. The companion CD-ROM contains a powerful testing engine that allows you to focus on individual topic areas or take complete, timed exams. The assessment engine also tracks your performance and provides feedback on a topic-by-topic basis, presenting question-by-question remediation to the text. Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this book helps you master the concepts and techniques that can enable you to succeed on the exam the first time. Brian Morgan, CCIE (R) No. 4865, is a consulting systems engineer for Cisco, specializing in Unified Communications technologies. He services a number of Fortune 500 companies in architectural, design, and support roles. With more than 15 years in the networking industry, he served as director of engineering for a large telecommunications company, is a certified Cisco instructor teaching at all levels, from basic routing and switching to CCIE lab preparation, and spent a number of years with IBM Network Services serving many of IBM's largest clients. He is a former member of the ATM Forum and a long-time member of the IEEE. Neil Lovering, CCIE No. 1772, works as a design consultant for Cisco. Neil has been with Cisco for more than three years and works on large-scale government networking solutions projects. Prior to Cisco, Neil was a network consultant and instructor for more than eight years and worked on various routing, switching, dialup, and security projects for many customers all over North America. This official study guide helps you master all the topics on the CCNP ISCW exam, including The Cisco hierarchical network model as it pertains to the WAN Teleworker configuration and access with broadband technologies Frame mode MPLS IPsec VPN implementations Cisco device hardening Cisco IOS (R) Firewall features Cisco IOS Intrusion Prevention System (IPS) features Companion CD-ROM The CD-ROM contains an electronic copy of the book and more than 200 practice questions for the ISCW exam, which are all available in study mode, test mode, and flash card format. This volume is part of the Exam Certification Guide Series from Cisco Press (R). Books in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco Career Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as exam day nears. Category: Cisco Certification Covers: CCNP ISCW Exam 642-825

CCNP ISCW Official Exam Certification Guide Part I Remote Connectivity Best Practices Chapter 1 Describing Network Requirements "Do I Know This Already?" Quiz 5 Foundation Topics 9 Describing Network Requirements 9 Intelligent Information Network 9 SONA Networked Infrastructure Layer Interactive Services Layer Application Layer Cisco Network Models Cisco Hierarchical Network Model Campus Network Architecture Branch Network Architecture Data Center Architecture Enterprise Edge Architecture Teleworker Architecture WAN/MAN Architecture Remote Connection Requirements in a Converged Network Central Site Branch Office SOHO Site Integrated Services for Secure Remote Access Foundation Summary Q&A Chapter 2 Topologies for Teleworker Connectivity "Do I Know This Already?" Quiz Foundation Topics Facilitating Remote Connections IIN and the Teleworker Enterprise Architecture Framework Remote Connection Options Challenges of Connecting Teleworkers Infrastructure Options Infrastructure Services Teleworker Components Traditional Teleworker versus Business-Ready Teleworker Foundation Summary Q&A Chapter 3 Using Cable to Connect to a Central Site "Do I Know This Already?" Quiz Foundation Topics Cable Access Technologies Cable Technology Terminology Cable System Standards Cable System Components Cable Features Cable System Benefits Radio Frequency Signals Digital Signals over RF Channels Data over Cable Hybrid Fiber-Coaxial Networks Data Transmission Cable Technology Issues Provisioning Cable Modems Foundation Summary Q&A Chapter 4 Using DSL to Connect to a Central Site "Do I Know This Already?" Quiz Foundation Topics DSL Features POTS Coexistence DSL Limitations DSL Variants Asymmetric DSL Types Symmetric DSL Types ADSL Basics ADSL Modulation CAP DMT Data Transmission over ADSL RFC 1483/2684 Bridging PPP Background PPP over Ethernet Discovery Phase PPP Session Phase Optimizing PPPoE MTU PPP over ATM Foundation Summary Q&A Chapter 5 Configuring DSL Access with PPPoE "Do I Know This Already?" Quiz Foundation Topics Configure a Cisco Router as a PPPoE Client Configure an Ethernet/ATM Interface for PPPoE Configure the PPPoE DSL Dialer Interface Configure Port Address Translation Configure DHCP for DSL Router Users Configure Static Default Route on a DSL Router The Overall CPE Router Configuration Foundation Summary Q&A Chapter 6 Configuring DSL Access with PPPoA "Do I Know This Already?" Quiz Foundation Topics Configure a Cisco Router as a PPPoA Client PPP over AAL5 Connections Configure an ATM Interface for PPPoA Configure the PPPoA DSL Dialer and Virtual-Template Interfaces Configure Additional PPPoA Elements The Overall CPE Router Configuration Foundation Summary Q&A Chapter 7 Verifying and Troubleshooting ADSL Configurations "Do I Know This Already?" Quiz Foundation Topics DSL Connection Troubleshooting Layers of Trouble to Shoot Isolating Physical Layer Issues Layer 1 Anatomy ADSL Physical Connectivity Where to Begin Playing with Colors Tangled Wires Keeping the Head on Straight DSL Operating Mode Isolating Data Link Layer Issues PPP Negotiation Foundation Summary Q&A Part II Implementing Frame Mode MPLS Chapter 8 The MPLS Conceptual Model "Do I Know This Already?" Quiz Foundation Topics Introducing MPLS Networks Traditional WAN Connections MPLS WAN Connectivity Router Switching Mechanisms Standard IP Switching CEF Switching Foundation Summary Q&A Chapter 9 MPLS Architecture "Do I Know This Already?" Quiz Foundation Topics MPLS Components MPLS Labels Label Stacks Frame Mode MPLS Label Switching Routers Label Allocation in Frame Mode MPLS Networks LIB, LFIB, and FIB Label Distribution Packet Propagation Interim Packet Propagation Further Label Allocation Foundation Summary Q&A Chapter 10 Configuring Frame Mode MPLS "Do I Know This Already?" Quiz Foundation Topics Configuring CEF Configuring MPLS on a Frame Mode Interface Configuring MTU Size Foundation Summary Q&A Chapter 11 MPLS VPN Technologies "Do I Know This Already?" Quiz Foundation Topics MPLS VPN Architecture Traditional VPNs Layer 1 Overlay Layer 2 Overlay Layer 3 Overlay Peer-to-Peer VPNs VPN Benefits VPN Drawbacks MPLS VPNs MPLS VPN Terminology CE Router Architecture PE Router Architecture P Router Architecture Route Distinguishers Route Targets End-to-End Routing Update Flow MPLS VPN Packet Forwarding MPLS VPN PHP Foundation Summary Q&A Part III IPsec VPNs Chapter 12 IPsec Overview "Do I Know This Already?" Quiz Foundation Topics IPsec IPsec Features IPsec Protocols IPsec Modes IPsec Headers Peer Authentication Internet Key Exchange (IKE) IKE Protocols IKE Phases IKE Modes Other IKE Functions Encryption Algorithms Symmetric Encryption Asymmetric Encryption Public Key Infrastructure Foundation Summary Q&A Chapter 13 Site-to-Site VPN Operations "Do I Know This Already?" Quiz Foundation Topics Site-to-Site VPN Overview Creating a Site-to-Site IPsec VPN Step 1: Specify Interesting Traffic Step 2: IKE Phase 1 Step 3: IKE Phase 2 Step 4: Secure Data Transfer Step 5: IPsec Tunnel Termination Site-to-Site IPsec Configuration Steps Step 1: Configure the ISAKMP Policy Step 2: Configure the IPsec Transform Sets Step 3: Configure the Crypto ACL Step 4: Configure the Crypto Map Step 5: Apply the Crypto Map to the Interface Step 6: Configure the Interface ACL Security Device Manager Features and Interface Configuring a Site-to-Site VPN in SDM Site-to-Site VPN Wizard Testing the IPsec VPN Tunnel Monitoring the IPsec VPN Tunnel Foundation Summary Q&A Chapter 14 GRE Tunneling over IPsec "Do I Know This Already?" Quiz Foundation Topics GRE Characteristics GRE Header Basic GRE Configuration Secure GRE Tunnels Configure GRE over IPsec Using SDM Launch the GRE over IPsec Wizard Step 1: Create the GRE Tunnel Step 2: Create a Backup GRE Tunnel Steps 3-5: IPsec VPN Information Step 6: Routing Information Step 7: Validate the GRE over IPsec Configuration Foundation Summary Q&A Chapter 15 IPsec High Availability Options "Do I Know This Already?" Quiz Foundation Topics Sources of Failures Failure Mitigation Failover Strategies IPsec Stateless Failover IPsec Stateful Failover WAN Backed Up by an IPsec VPN Foundation Summary Q&A Chapter 16 Configuring Cisco Easy VPN "Do I Know This Already?" Quiz Foundation Topics Cisco Easy VPN Components Easy VPN Remote Easy VPN Server Requirements Easy VPN Connection Establishment IKE Phase 1 Establishing an ISAKMP SA SA Proposal Acceptance Easy VPN User Authentication Mode Configuration Reverse Route Injection IPsec Quick Mode Easy VPN Server Configuration User Configuration Easy VPN Server Wizard Monitoring the Easy VPN Server Troubleshooting the Easy VPN Server Foundation Summary Q&A Chapter 17 Implementing the Cisco VPN Client "Do I Know This Already?" Quiz Foundation Topics Cisco VPN Client Installation and Configuration Overview Cisco VPN Client Installation Cisco VPN Client Configuration Connection Entries Authentication Tab Transport Tab Backup Servers Tab Dial-Up Tab Finish the Connection Configuration Foundation Summary Q&A Part IV Device Hardening Chapter 18 Cisco Device Hardening "Do I Know This Already?" Quiz Foundation Topics Router Vulnerability Vulnerable Router Services Unnecessary Services and Interfaces Common Management Services Path Integrity Mechanisms Probes and Scans Terminal Access Security Gratuitous and Proxy ARP Using AutoSecure to Secure a Router Using SDM to Secure a Router SDM Security Audit Wizard SDM One-Step Lockdown Wizard AutoSecure Default Configurations SDM One-Step Lockdown Default Configurations Foundation Summary Q&A Chapter 19 Securing Administrative Access "Do I Know This Already?" Quiz Foundation Topics Router Access Password Considerations Set Login Limitations Setup Mode CLI Passwords Additional Line Protections Password Length Restrictions Password Encryption Create Banners Provide Individual Logins Create Multiple Privilege Levels Role-Based CLI Prevent Physical Router Compromise Foundation Summary Q&A Chapter 20 Using AAA to Scale Access Control "Do I Know This Already?" Quiz Foundation Topics AAA Components AAA Access Modes Understanding the TACACS+ and RADIUS Protocols UDP Versus TCP Packet Encryption Authentication and Authorization Multiprotocol Support Router Management Interoperability Configuring AAA Using the CLI RADIUS Configuration TACACS+ Configuration AAA-Related Commands Configuring AAA Using SDM Using Debugging for AAA debug aaa authentication Command debug aaa authorization Command debug aaa accounting Command debug radius Command debug tacacs Command Foundation Summary Q&A Chapter 21 Cisco IOS Threat Defense Features "Do I Know This Already?" Quiz Foundation Topics Layered Device Structure Firewall Technology Basics Packet Filtering Application Layer Gateway Stateful Packet Filtering Cisco IOS Firewall Feature Set Cisco IOS Firewall Authentication Proxy Cisco IOS IPS Cisco IOS Firewall Operation Cisco IOS Firewall Packet Inspection and Proxy Firewalls Foundation Summary Q&A Chapter 22 Implementing Cisco IOS Firewalls "Do I Know This Already?" Quiz Foundation Topics Configure a Cisco IOS Firewall Using the CLI Step 1: Choose an Interface and Packet Direction to Inspect Step 2: Configure an IP ACL for the Interface Step 3: Define the Inspection Rules Step 4: Apply the Inspection Rules and the ACL to the Interface Step 5: Verify the Configuration Configure a Basic Firewall Using SDM Configure an Advanced Firewall Using SDM Foundation Summary Q&A Chapter 23 Implementing Cisco IDS and IPS "Do I Know This Already?" Quiz Foundation Topics IDS and IPS Functions and Operations Categories of IDS and IPS IDS and IPS Signatures Signature Reaction Cisco IOS IPS Configuration SDM Configuration Foundation Summary Q&A Appendix A Answers to the "Do I Know This Already?" Quizzes and Q&A Sections 158720150x TOC 6/18/2007