larger cover

Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

CCNP ISCW Official Exam Certification Guide


  • Sorry, this book is no longer in print.
Not for Sale
  • Description
  • Sample Content
  • Updates
  • Copyright 2008
  • Edition: 1st
  • Book
  • ISBN-10: 1-58720-150-X
  • ISBN-13: 978-1-58720-150-9

CCNP ISCW Official Exam Certification Guide

  • Master all 642-825 exam topics with the official study guide
  • Assess your knowledge with chapter-opening quizzes
  • Review key concepts with foundation summaries
  • Practice with hundreds of exam questions on the CD-ROM

Brian Morgan, CCIE® No. 4865

Neil Lovering, CCIE No. 1772

CCNP ISCW Official Exam Certification Guide is a best of breed Cisco® exam study guide that focuses specifically on the objectives for the Implementing Secure Converged Wide Area Networks exam (642-825 ISCW). Successfully passing the ISCW 642-825 exam certifies that you have the knowledge and skills necessary to secure and expand the reach of an enterprise network to teleworkers and remote sites with focus on securing remote access and VPN client configuration.

CCNP ISCW Official Exam Certification Guide follows a logical organization of the CCNP® ISCW exam objectives. Material is presented in a concise manner, focusing on increasing your retention and recall of exam topics. You can organize your exam preparation through the use of the consistent features in these chapters. “Do I Know This Already?” quizzes open each chapter and allow you to decide how much time you need to spend on each section. Exam topic lists and concise Foundation Summary information make referencing easy and give you a quick refresher whenever you need it. Challenging chapter-ending review questions help you assess your knowledge and reinforce key concepts.

The companion CD-ROM contains a powerful testing engine that allows you to focus on individual topic areas or take complete, timed exams. The assessment engine also tracks your performance and provides feedback on a topic-by-topic basis, presenting question-by-question remediation to the text. Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this book helps you master the concepts and techniques that can enable you to succeed on the exam the first time.

Brian Morgan, CCIE® No. 4865, is a consulting systems engineer for Cisco, specializing in Unified Communications technologies. He services a number of Fortune 500 companies in architectural, design, and support roles. With more than 15 years in the networking industry, he served as director of engineering for a large telecommunications company, is a certified Cisco instructor teaching at all levels, from basic routing and switching to CCIE lab preparation, and spent a number of years with IBM Network Services serving many of IBM’s largest clients. He is a former member of the ATM Forum and a long-time member of the IEEE.

Neil Lovering, CCIE No. 1772, works as a design consultant for Cisco. Neil has been with Cisco for more than three years and works on large-scale government networking solutions projects. Prior to Cisco, Neil was a network consultant and instructor for more than eight years and worked on various routing, switching, dialup, and security projects for many customers all over North America.

This official study guide helps you master all the topics on the CCNP ISCW exam, including

  • The Cisco hierarchical network model as it pertains to the WAN
  • Teleworker configuration and access with broadband technologies
  • Frame mode MPLS
  • IPsec VPN implementations
  • Cisco device hardening
  • Cisco IOS® Firewall features
  • Cisco IOS Intrusion Prevention System (IPS) features

Companion CD-ROM

The CD-ROM contains an electronic copy of the book and more than 200 practice questions for the ISCW exam, which are all available in study mode, test mode, and flash card format.

This volume is part of the Exam Certification Guide Series from Cisco Press®. Books in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco Career Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as exam day nears.

Category: Cisco Certification

Covers: CCNP ISCW Exam 642-825

Online Sample Chapter

CCNP ISCW Exam Guide: GRE Tunneling over Ipsec

Downloadable Sample Chapter

Download the sample chapter

Table of Contents

CCNP ISCW Official Exam Certification Guide

Part I Remote Connectivity Best Practices

Chapter 1 Describing Network Requirements

"Do I Know This Already?" Quiz 5

Foundation Topics 9

Describing Network Requirements 9

Intelligent Information Network 9


    Networked Infrastructure Layer

    Interactive Services Layer

    Application Layer

Cisco Network Models

    Cisco Hierarchical Network Model

    Campus Network Architecture

    Branch Network Architecture

    Data Center Architecture

    Enterprise Edge Architecture

    Teleworker Architecture

    WAN/MAN Architecture

Remote Connection Requirements in a Converged Network

    Central Site

    Branch Office

    SOHO Site

    Integrated Services for Secure Remote Access

Foundation Summary


Chapter 2 Topologies for Teleworker Connectivity

"Do I Know This Already?" Quiz

Foundation Topics

Facilitating Remote Connections

    IIN and the Teleworker

    Enterprise Architecture Framework

    Remote Connection Options

Challenges of Connecting Teleworkers

    Infrastructure Options

    Infrastructure Services

    Teleworker Components

    Traditional Teleworker versus Business-Ready Teleworker

Foundation Summary


Chapter 3 Using Cable to Connect to a Central Site

"Do I Know This Already?" Quiz

Foundation Topics

Cable Access Technologies

    Cable Technology Terminology

    Cable System Standards

    Cable System Components

    Cable Features

    Cable System Benefits

Radio Frequency Signals

    Digital Signals over RF Channels

Data over Cable

    Hybrid Fiber-Coaxial Networks

    Data Transmission

Cable Technology Issues

Provisioning Cable Modems

Foundation Summary


Chapter 4 Using DSL to Connect to a Central Site

"Do I Know This Already?" Quiz

Foundation Topics

DSL Features

    POTS Coexistence

DSL Limitations

DSL Variants

    Asymmetric DSL Types

    Symmetric DSL Types

ADSL Basics

ADSL Modulation



Data Transmission over ADSL

    RFC 1483/2684 Bridging

    PPP Background

PPP over Ethernet

    Discovery Phase

    PPP Session Phase

    Optimizing PPPoE MTU

PPP over ATM

Foundation Summary


Chapter 5 Configuring DSL Access with PPPoE

"Do I Know This Already?" Quiz

Foundation Topics

Configure a Cisco Router as a PPPoE Client

Configure an Ethernet/ATM Interface for PPPoE

Configure the PPPoE DSL Dialer Interface

Configure Port Address Translation

Configure DHCP for DSL Router Users

Configure Static Default Route on a DSL Router

The Overall CPE Router Configuration

Foundation Summary


Chapter 6 Configuring DSL Access with PPPoA

"Do I Know This Already?" Quiz

Foundation Topics

Configure a Cisco Router as a PPPoA Client

    PPP over AAL5 Connections

Configure an ATM Interface for PPPoA

Configure the PPPoA DSL Dialer and Virtual-Template Interfaces

Configure Additional PPPoA Elements

The Overall CPE Router Configuration

Foundation Summary


Chapter 7 Verifying and Troubleshooting ADSL Configurations

"Do I Know This Already?" Quiz

Foundation Topics

DSL Connection Troubleshooting

    Layers of Trouble to Shoot

Isolating Physical Layer Issues

    Layer 1 Anatomy

    ADSL Physical Connectivity

    Where to Begin

    Playing with Colors

    Tangled Wires

    Keeping the Head on Straight

    DSL Operating Mode

Isolating Data Link Layer Issues

    PPP Negotiation

Foundation Summary


Part II Implementing Frame Mode MPLS

Chapter 8 The MPLS Conceptual Model

"Do I Know This Already?" Quiz

Foundation Topics

Introducing MPLS Networks

    Traditional WAN Connections

    MPLS WAN Connectivity

Router Switching Mechanisms

    Standard IP Switching

    CEF Switching

Foundation Summary


Chapter 9 MPLS Architecture

"Do I Know This Already?" Quiz

Foundation Topics

MPLS Components

MPLS Labels

    Label Stacks

    Frame Mode MPLS

Label Switching Routers

Label Allocation in Frame Mode MPLS Networks

    LIB, LFIB, and FIB

Label Distribution

    Packet Propagation

    Interim Packet Propagation

    Further Label Allocation

Foundation Summary


Chapter 10 Configuring Frame Mode MPLS

"Do I Know This Already?" Quiz

Foundation Topics

Configuring CEF

Configuring MPLS on a Frame Mode Interface

Configuring MTU Size

Foundation Summary


Chapter 11 MPLS VPN Technologies

"Do I Know This Already?" Quiz

Foundation Topics

MPLS VPN Architecture

Traditional VPNs

    Layer 1 Overlay

    Layer 2 Overlay

    Layer 3 Overlay

Peer-to-Peer VPNs

    VPN Benefits

    VPN Drawbacks


    MPLS VPN Terminology

    CE Router Architecture

    PE Router Architecture

    P Router Architecture

    Route Distinguishers

    Route Targets

    End-to-End Routing Update Flow

    MPLS VPN Packet Forwarding


Foundation Summary


Part III IPsec VPNs

Chapter 12 IPsec Overview

"Do I Know This Already?" Quiz

Foundation Topics


    IPsec Features

    IPsec Protocols

    IPsec Modes

    IPsec Headers

    Peer Authentication

Internet Key Exchange (IKE)

    IKE Protocols

    IKE Phases

IKE Modes

    Other IKE Functions

Encryption Algorithms

    Symmetric Encryption

    Asymmetric Encryption

Public Key Infrastructure

Foundation Summary


Chapter 13 Site-to-Site VPN Operations

"Do I Know This Already?" Quiz

Foundation Topics

Site-to-Site VPN Overview

Creating a Site-to-Site IPsec VPN

    Step 1: Specify Interesting Traffic

    Step 2: IKE Phase 1

    Step 3: IKE Phase 2

    Step 4: Secure Data Transfer

    Step 5: IPsec Tunnel Termination

Site-to-Site IPsec Configuration Steps

    Step 1: Configure the ISAKMP Policy

    Step 2: Configure the IPsec Transform Sets

    Step 3: Configure the Crypto ACL

    Step 4: Configure the Crypto Map

    Step 5: Apply the Crypto Map to the Interface

    Step 6: Configure the Interface ACL

Security Device Manager Features and Interface

Configuring a Site-to-Site VPN in SDM

    Site-to-Site VPN Wizard

    Testing the IPsec VPN Tunnel

Monitoring the IPsec VPN Tunnel

Foundation Summary


Chapter 14 GRE Tunneling over IPsec

"Do I Know This Already?" Quiz

Foundation Topics

GRE Characteristics

GRE Header

Basic GRE Configuration

Secure GRE Tunnels

Configure GRE over IPsec Using SDM

    Launch the GRE over IPsec Wizard

    Step 1: Create the GRE Tunnel

    Step 2: Create a Backup GRE Tunnel

    Steps 3–5: IPsec VPN Information

    Step 6: Routing Information

    Step 7: Validate the GRE over IPsec Configuration

Foundation Summary


Chapter 15 IPsec High Availability Options

"Do I Know This Already?" Quiz

Foundation Topics

Sources of Failures

Failure Mitigation

Failover Strategies

    IPsec Stateless Failover

    IPsec Stateful Failover

WAN Backed Up by an IPsec VPN

Foundation Summary


Chapter 16 Configuring Cisco Easy VPN

"Do I Know This Already?" Quiz

Foundation Topics

Cisco Easy VPN Components

    Easy VPN Remote

    Easy VPN Server Requirements

Easy VPN Connection Establishment

    IKE Phase 1

    Establishing an ISAKMP SA

    SA Proposal Acceptance

    Easy VPN User Authentication

    Mode Configuration

    Reverse Route Injection

    IPsec Quick Mode

Easy VPN Server Configuration

    User Configuration

    Easy VPN Server Wizard

Monitoring the Easy VPN Server

Troubleshooting the Easy VPN Server

Foundation Summary


Chapter 17 Implementing the Cisco VPN Client

"Do I Know This Already?" Quiz

Foundation Topics

Cisco VPN Client Installation and Configuration Overview

Cisco VPN Client Installation

Cisco VPN Client Configuration

    Connection Entries

    Authentication Tab

    Transport Tab

    Backup Servers Tab

    Dial-Up Tab

    Finish the Connection Configuration

Foundation Summary


Part IV Device Hardening

Chapter 18 Cisco Device Hardening

"Do I Know This Already?" Quiz

Foundation Topics

Router Vulnerability

    Vulnerable Router Services

    Unnecessary Services and Interfaces

    Common Management Services

    Path Integrity Mechanisms

    Probes and Scans

    Terminal Access Security

    Gratuitous and Proxy ARP

Using AutoSecure to Secure a Router

Using SDM to Secure a Router

    SDM Security Audit Wizard

    SDM One-Step Lockdown Wizard

    AutoSecure Default Configurations

    SDM One-Step Lockdown Default Configurations

Foundation Summary


Chapter 19 Securing Administrative Access

"Do I Know This Already?" Quiz

Foundation Topics

Router Access

Password Considerations

Set Login Limitations

Setup Mode

CLI Passwords

Additional Line Protections

Password Length Restrictions

Password Encryption

Create Banners

Provide Individual Logins

Create Multiple Privilege Levels

Role-Based CLI

Prevent Physical Router Compromise

Foundation Summary


Chapter 20 Using AAA to Scale Access Control

"Do I Know This Already?" Quiz

Foundation Topics

AAA Components

AAA Access Modes

Understanding the TACACS+ and RADIUS Protocols

    UDP Versus TCP

    Packet Encryption

    Authentication and Authorization

    Multiprotocol Support

    Router Management


Configuring AAA Using the CLI

    RADIUS Configuration

    TACACS+ Configuration

    AAA-Related Commands

Configuring AAA Using SDM

Using Debugging for AAA

    debug aaa authentication Command

    debug aaa authorization Command

    debug aaa accounting Command

    debug radius Command

    debug tacacs Command

Foundation Summary


Chapter 21 Cisco IOS Threat Defense Features

"Do I Know This Already?" Quiz

Foundation Topics

Layered Device Structure

Firewall Technology Basics

    Packet Filtering

    Application Layer Gateway

    Stateful Packet Filtering

Cisco IOS Firewall Feature Set

Cisco IOS Firewall

    Authentication Proxy

    Cisco IOS IPS

Cisco IOS Firewall Operation

Cisco IOS Firewall Packet Inspection and Proxy Firewalls

Foundation Summary


Chapter 22 Implementing Cisco IOS Firewalls

"Do I Know This Already?" Quiz

Foundation Topics

Configure a Cisco IOS Firewall Using the CLI

    Step 1: Choose an Interface and Packet Direction to Inspect

    Step 2: Configure an IP ACL for the Interface

    Step 3: Define the Inspection Rules

    Step 4: Apply the Inspection Rules and the ACL to the Interface

    Step 5: Verify the Configuration

Configure a Basic Firewall Using SDM

Configure an Advanced Firewall Using SDM

Foundation Summary


Chapter 23 Implementing Cisco IDS and IPS

"Do I Know This Already?" Quiz

Foundation Topics

IDS and IPS Functions and Operations

Categories of IDS and IPS

IDS and IPS Signatures

Signature Reaction

Cisco IOS IPS Configuration

SDM Configuration

Foundation Summary


Appendix A Answers to the "Do I Know This Already?" Quizzes and Q&A Sections

158720150x   TOC   6/18/2007


Download the Foreword


Download the Index


Download the Introduction

CD-ROM fixes

If you have a 10-digit code that does not work, please click on the link below for instructions on how to activate your software. We apologize for the inconvenience.

Updated Activation Procedure for Cisco Press CD-ROM Software

Submit Errata

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive:

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020