Configuring Frame Mode MPLS 207

"Do I Know This Already?" Quiz 207 Foundation Topics 210 Configuring CEF 211

Configuring MPLS on a Frame Mode Interface 214 Configuring MTU Size 217

Foundation Summary 221 Q&A 222

Chapter 11 MPLS VPN Technologies 225

"Do I Know This Already?" Quiz 225 Foundation Topics 229 MPLS VPN Architecture 229 Traditional VPNs 230 Layer 1 Overlay 230 Layer 2 Overlay 231 Layer 3 Overlay 232 Peer-to-Peer VPNs 232 VPN Benefits 234 VPN Drawbacks 234 MPLS VPNs 236

MPLS VPN Terminology 237 CE Router Architecture 237 PE Router Architecture 238 P Router Architecture 239 Route Distinguishers 239 Route Targets 242 End-to-End Routing Update Flow 242 MPLS VPN Packet Forwarding 243 MPLS VPN PHP 244 Foundation Summary 245 Q&A 246

Part III IPsec VPNs 249

Chapter 12 IPsec Overview 251

"Do I Know This Already?" Quiz 251 Foundation Topics 256 IPsec 256

IPsec Features 257 IPsec Protocols 258 IKE 258 ESP 258 AH 259 IPsec Modes 259 IPsec Headers 261 Peer Authentication 262 Internet Key Exchange (IKE) 263 IKE Protocols 263 IKE Phases 263

IKE Modes 264

IKE Main Mode 264 IKE Aggressive Mode 264 IKE Quick Mode 265 Other IKE Functions 265 Encryption Algorithms 266 Symmetric Encryption 267 Asymmetric Encryption 267 Public Key Infrastructure 270 Foundation Summary 272 Q&A 273

Chapter 13 Site-to-Site VPN Operations 275

"Do I Know This Already?" Quiz 275 Foundation Topics 282 Site-to-Site VPN Overview 282 Creating a Site-to-Site IPsec VPN 283 Step 1: Specify Interesting Traffic 284 Step 2: IKE Phase 1 284 IKE Transform Sets 286 Diffie-Hellman Key Exchange 287 Peer Authentication 288 Step 3: IKE Phase 2 288 IPsec Transform Sets 289 Security Associations 291 SA Lifetime 292 Step 4: Secure Data Transfer 292 Step 5: IPsec Tunnel Termination 292 Site-to-Site IPsec Configuration Steps 293 Step 1: Configure the ISAKMP Policy 293 Step 2: Configure the IPsec Transform Sets 295 Step 3: Configure the Crypto ACL 297 Step 4: Configure the Crypto Map 297 Step 5: Apply the Crypto Map to the Interface 298 Step 6: Configure the Interface ACL 299 Security Device Manager Features and Interface 300 Configuring a Site-to-Site VPN in SDM 303 Site-to-Site VPN Wizard 305 Quick Setup 306 Step-by-Step Setup 307 Testing the IPsec VPN Tunnel 314 Monitoring the IPsec VPN Tunnel 314 Foundation Summary 317 Q&A 323

Chapter 14 GRE Tunneling over IPsec 327

"Do I Know This Already?" Quiz 327 Foundation Topics 332 GRE Characteristics 332 GRE Header 333 Basic GRE Configuration 335 Secure GRE Tunnels 336 Configure GRE over IPsec Using SDM 339 Launch the GRE over IPsec Wizard 339 Step 1: Create the GRE Tunnel 340 Step 2: Create a Backup GRE Tunnel 341 Steps 3-5: IPsec VPN Information 342 Step 6: Routing Information 343 Step 7: Validate the GRE over IPsec Configuration 346 Foundation Summary 347 Q&A 350

Chapter 15 IPsec High Availability Options 353

"Do I Know This Already?" Quiz 353 Foundation Topics 358 Sources of Failures 358 Failure Mitigation 358 Failover Strategies 359

IPsec Stateless Failover 360 Dead Peer Detection 360 IGP Within a GRE over IPsec Tunnel 362 HSRP 363 IPsec Stateful Failover 366 WAN Backed Up by an IPsec VPN 368 Foundation Summary 370 Q&A 373

Chapter 16 Configuring Cisco Easy VPN 375

"Do I Know This Already?" Quiz 375 Foundation Topics 379 Cisco Easy VPN Components 379 Easy VPN Remote 379 Easy VPN Server Requirements 381 Easy VPN Connection Establishment 382 IKE Phase 1 383 Establishing an ISAKMP SA 384 SA Proposal Acceptance 384 Easy VPN User Authentication 384 Mode Configuration 385

Reverse Route Injection 385 IPsec Quick Mode 385 Easy VPN Server Configuration 385 User Configuration 388 Easy VPN Server Wizard 389 Monitoring the Easy VPN Server 396 Troubleshooting the Easy VPN Server 398 Foundation Summary 407 Q&A 408

Chapter 17 Implementing the Cisco VPN Client 411

"Do I Know This Already?" Quiz 411 Foundation Topics 414

Cisco VPN Client Installation and Configuration Overview 414 Cisco VPN Client Installation 414 Cisco VPN Client Configuration 418 Connection Entries 419 Authentication Tab 419 Transport Tab 420 Backup Servers Tab 422 Dial-Up Tab 422

Finish the Connection Configuration 423 Foundation Summary 425 Q&A 426

Part IV Device Hardening 429

Chapter 18 Cisco Device Hardening 431

"Do I Know This Already?" Quiz 431 Foundation Topics 435 Router Vulnerability 435

Vulnerable Router Services 436 Unnecessary Services and Interfaces 436 Common Management Services 438 Path Integrity Mechanisms 439 Probes and Scans 439 Terminal Access Security 440 Gratuitous and Proxy ARP 440 Using AutoSecure to Secure a Router 441 Using SDM to Secure a Router 443 SDM Security Audit Wizard 444 SDM One-Step Lockdown Wizard 447 AutoSecure Default Configurations 448 SDM One-Step Lockdown Default Configurations 450 Foundation Summary 452 Q&A 456

Was this article helpful?

0 0

Post a comment