CCNP ISCW Official Exam Certification Guide
- By Brian Morgan, Neil Lovering
- Published Jul 18, 2007 by Cisco Press. Part of the Official Cert Guide series.
Book
- Sorry, this book is no longer in print.
- Copyright 2008
- Edition: 1st
- Book
- ISBN-10: 1-58720-150-X
- ISBN-13: 978-1-58720-150-9
CCNP ISCW Official Exam Certification Guide
- Master all 642-825 exam topics with the official study guide
- Assess your knowledge with chapter-opening quizzes
- Review key concepts with foundation summaries
- Practice with hundreds of exam questions on the CD-ROM
Brian Morgan, CCIE® No. 4865
Neil Lovering, CCIE No. 1772
CCNP ISCW Official Exam Certification Guide is a best of breed Cisco® exam study guide that focuses specifically on the objectives for the Implementing Secure Converged Wide Area Networks exam (642-825 ISCW). Successfully passing the ISCW 642-825 exam certifies that you have the knowledge and skills necessary to secure and expand the reach of an enterprise network to teleworkers and remote sites with focus on securing remote access and VPN client configuration.
CCNP ISCW Official Exam Certification Guide follows a logical organization of the CCNP® ISCW exam objectives. Material is presented in a concise manner, focusing on increasing your retention and recall of exam topics. You can organize your exam preparation through the use of the consistent features in these chapters. “Do I Know This Already?” quizzes open each chapter and allow you to decide how much time you need to spend on each section. Exam topic lists and concise Foundation Summary information make referencing easy and give you a quick refresher whenever you need it. Challenging chapter-ending review questions help you assess your knowledge and reinforce key concepts.
The companion CD-ROM contains a powerful testing engine that allows you to focus on individual topic areas or take complete, timed exams. The assessment engine also tracks your performance and provides feedback on a topic-by-topic basis, presenting question-by-question remediation to the text. Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this book helps you master the concepts and techniques that can enable you to succeed on the exam the first time.
Brian Morgan, CCIE® No. 4865, is a consulting systems engineer for Cisco, specializing in Unified Communications technologies. He services a number of Fortune 500 companies in architectural, design, and support roles. With more than 15 years in the networking industry, he served as director of engineering for a large telecommunications company, is a certified Cisco instructor teaching at all levels, from basic routing and switching to CCIE lab preparation, and spent a number of years with IBM Network Services serving many of IBM’s largest clients. He is a former member of the ATM Forum and a long-time member of the IEEE.
Neil Lovering, CCIE No. 1772, works as a design consultant for Cisco. Neil has been with Cisco for more than three years and works on large-scale government networking solutions projects. Prior to Cisco, Neil was a network consultant and instructor for more than eight years and worked on various routing, switching, dialup, and security projects for many customers all over North America.
This official study guide helps you master all the topics on the CCNP ISCW exam, including
- The Cisco hierarchical network model as it pertains to the WAN
- Teleworker configuration and access with broadband technologies
- Frame mode MPLS
- IPsec VPN implementations
- Cisco device hardening
- Cisco IOS® Firewall features
- Cisco IOS Intrusion Prevention System (IPS) features
Companion CD-ROM
The CD-ROM contains an electronic copy of the book and more than 200 practice questions for the ISCW exam, which are all available in study mode, test mode, and flash card format.
This volume is part of the Exam Certification Guide Series from Cisco Press®. Books in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco Career Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as exam day nears.
Category: Cisco Certification
Covers: CCNP ISCW Exam 642-825
Online Sample Chapter
CCNP ISCW Exam Guide: GRE Tunneling over Ipsec
Downloadable Sample Chapter
Table of Contents
CCNP ISCW Official Exam Certification Guide
Part I Remote Connectivity Best Practices
Chapter 1 Describing Network Requirements
"Do I Know This Already?" Quiz 5
Foundation Topics 9
Describing Network Requirements 9
Intelligent Information Network 9
SONA
Networked Infrastructure Layer
Interactive Services Layer
Application Layer
Cisco Network Models
Cisco Hierarchical Network Model
Campus Network Architecture
Branch Network Architecture
Data Center Architecture
Enterprise Edge Architecture
Teleworker Architecture
WAN/MAN Architecture
Remote Connection Requirements in a Converged Network
Central Site
Branch Office
SOHO Site
Integrated Services for Secure Remote Access
Foundation Summary
Q&A
Chapter 2 Topologies for Teleworker Connectivity
"Do I Know This Already?" Quiz
Foundation Topics
Facilitating Remote Connections
IIN and the Teleworker
Enterprise Architecture Framework
Remote Connection Options
Challenges of Connecting Teleworkers
Infrastructure Options
Infrastructure Services
Teleworker Components
Traditional Teleworker versus Business-Ready Teleworker
Foundation Summary
Q&A
Chapter 3 Using Cable to Connect to a Central Site
"Do I Know This Already?" Quiz
Foundation Topics
Cable Access Technologies
Cable Technology Terminology
Cable System Standards
Cable System Components
Cable Features
Cable System Benefits
Radio Frequency Signals
Digital Signals over RF Channels
Data over Cable
Hybrid Fiber-Coaxial Networks
Data Transmission
Cable Technology Issues
Provisioning Cable Modems
Foundation Summary
Q&A
Chapter 4 Using DSL to Connect to a Central Site
"Do I Know This Already?" Quiz
Foundation Topics
DSL Features
POTS Coexistence
DSL Limitations
DSL Variants
Asymmetric DSL Types
Symmetric DSL Types
ADSL Basics
ADSL Modulation
CAP
DMT
Data Transmission over ADSL
RFC 1483/2684 Bridging
PPP Background
PPP over Ethernet
Discovery Phase
PPP Session Phase
Optimizing PPPoE MTU
PPP over ATM
Foundation Summary
Q&A
Chapter 5 Configuring DSL Access with PPPoE
"Do I Know This Already?" Quiz
Foundation Topics
Configure a Cisco Router as a PPPoE Client
Configure an Ethernet/ATM Interface for PPPoE
Configure the PPPoE DSL Dialer Interface
Configure Port Address Translation
Configure DHCP for DSL Router Users
Configure Static Default Route on a DSL Router
The Overall CPE Router Configuration
Foundation Summary
Q&A
Chapter 6 Configuring DSL Access with PPPoA
"Do I Know This Already?" Quiz
Foundation Topics
Configure a Cisco Router as a PPPoA Client
PPP over AAL5 Connections
Configure an ATM Interface for PPPoA
Configure the PPPoA DSL Dialer and Virtual-Template Interfaces
Configure Additional PPPoA Elements
The Overall CPE Router Configuration
Foundation Summary
Q&A
Chapter 7 Verifying and Troubleshooting ADSL Configurations
"Do I Know This Already?" Quiz
Foundation Topics
DSL Connection Troubleshooting
Layers of Trouble to Shoot
Isolating Physical Layer Issues
Layer 1 Anatomy
ADSL Physical Connectivity
Where to Begin
Playing with Colors
Tangled Wires
Keeping the Head on Straight
DSL Operating Mode
Isolating Data Link Layer Issues
PPP Negotiation
Foundation Summary
Q&A
Part II Implementing Frame Mode MPLS
Chapter 8 The MPLS Conceptual Model
"Do I Know This Already?" Quiz
Foundation Topics
Introducing MPLS Networks
Traditional WAN Connections
MPLS WAN Connectivity
Router Switching Mechanisms
Standard IP Switching
CEF Switching
Foundation Summary
Q&A
Chapter 9 MPLS Architecture
"Do I Know This Already?" Quiz
Foundation Topics
MPLS Components
MPLS Labels
Label Stacks
Frame Mode MPLS
Label Switching Routers
Label Allocation in Frame Mode MPLS Networks
LIB, LFIB, and FIB
Label Distribution
Packet Propagation
Interim Packet Propagation
Further Label Allocation
Foundation Summary
Q&A
Chapter 10 Configuring Frame Mode MPLS
"Do I Know This Already?" Quiz
Foundation Topics
Configuring CEF
Configuring MPLS on a Frame Mode Interface
Configuring MTU Size
Foundation Summary
Q&A
Chapter 11 MPLS VPN Technologies
"Do I Know This Already?" Quiz
Foundation Topics
MPLS VPN Architecture
Traditional VPNs
Layer 1 Overlay
Layer 2 Overlay
Layer 3 Overlay
Peer-to-Peer VPNs
VPN Benefits
VPN Drawbacks
MPLS VPNs
MPLS VPN Terminology
CE Router Architecture
PE Router Architecture
P Router Architecture
Route Distinguishers
Route Targets
End-to-End Routing Update Flow
MPLS VPN Packet Forwarding
MPLS VPN PHP
Foundation Summary
Q&A
Part III IPsec VPNs
Chapter 12 IPsec Overview
"Do I Know This Already?" Quiz
Foundation Topics
IPsec
IPsec Features
IPsec Protocols
IPsec Modes
IPsec Headers
Peer Authentication
Internet Key Exchange (IKE)
IKE Protocols
IKE Phases
IKE Modes
Other IKE Functions
Encryption Algorithms
Symmetric Encryption
Asymmetric Encryption
Public Key Infrastructure
Foundation Summary
Q&A
Chapter 13 Site-to-Site VPN Operations
"Do I Know This Already?" Quiz
Foundation Topics
Site-to-Site VPN Overview
Creating a Site-to-Site IPsec VPN
Step 1: Specify Interesting Traffic
Step 2: IKE Phase 1
Step 3: IKE Phase 2
Step 4: Secure Data Transfer
Step 5: IPsec Tunnel Termination
Site-to-Site IPsec Configuration Steps
Step 1: Configure the ISAKMP Policy
Step 2: Configure the IPsec Transform Sets
Step 3: Configure the Crypto ACL
Step 4: Configure the Crypto Map
Step 5: Apply the Crypto Map to the Interface
Step 6: Configure the Interface ACL
Security Device Manager Features and Interface
Configuring a Site-to-Site VPN in SDM
Site-to-Site VPN Wizard
Testing the IPsec VPN Tunnel
Monitoring the IPsec VPN Tunnel
Foundation Summary
Q&A
Chapter 14 GRE Tunneling over IPsec
"Do I Know This Already?" Quiz
Foundation Topics
GRE Characteristics
GRE Header
Basic GRE Configuration
Secure GRE Tunnels
Configure GRE over IPsec Using SDM
Launch the GRE over IPsec Wizard
Step 1: Create the GRE Tunnel
Step 2: Create a Backup GRE Tunnel
Steps 3–5: IPsec VPN Information
Step 6: Routing Information
Step 7: Validate the GRE over IPsec Configuration
Foundation Summary
Q&A
Chapter 15 IPsec High Availability Options
"Do I Know This Already?" Quiz
Foundation Topics
Sources of Failures
Failure Mitigation
Failover Strategies
IPsec Stateless Failover
IPsec Stateful Failover
WAN Backed Up by an IPsec VPN
Foundation Summary
Q&A
Chapter 16 Configuring Cisco Easy VPN
"Do I Know This Already?" Quiz
Foundation Topics
Cisco Easy VPN Components
Easy VPN Remote
Easy VPN Server Requirements
Easy VPN Connection Establishment
IKE Phase 1
Establishing an ISAKMP SA
SA Proposal Acceptance
Easy VPN User Authentication
Mode Configuration
Reverse Route Injection
IPsec Quick Mode
Easy VPN Server Configuration
User Configuration
Easy VPN Server Wizard
Monitoring the Easy VPN Server
Troubleshooting the Easy VPN Server
Foundation Summary
Q&A
Chapter 17 Implementing the Cisco VPN Client
"Do I Know This Already?" Quiz
Foundation Topics
Cisco VPN Client Installation and Configuration Overview
Cisco VPN Client Installation
Cisco VPN Client Configuration
Connection Entries
Authentication Tab
Transport Tab
Backup Servers Tab
Dial-Up Tab
Finish the Connection Configuration
Foundation Summary
Q&A
Part IV Device Hardening
Chapter 18 Cisco Device Hardening
"Do I Know This Already?" Quiz
Foundation Topics
Router Vulnerability
Vulnerable Router Services
Unnecessary Services and Interfaces
Common Management Services
Path Integrity Mechanisms
Probes and Scans
Terminal Access Security
Gratuitous and Proxy ARP
Using AutoSecure to Secure a Router
Using SDM to Secure a Router
SDM Security Audit Wizard
SDM One-Step Lockdown Wizard
AutoSecure Default Configurations
SDM One-Step Lockdown Default Configurations
Foundation Summary
Q&A
Chapter 19 Securing Administrative Access
"Do I Know This Already?" Quiz
Foundation Topics
Router Access
Password Considerations
Set Login Limitations
Setup Mode
CLI Passwords
Additional Line Protections
Password Length Restrictions
Password Encryption
Create Banners
Provide Individual Logins
Create Multiple Privilege Levels
Role-Based CLI
Prevent Physical Router Compromise
Foundation Summary
Q&A
Chapter 20 Using AAA to Scale Access Control
"Do I Know This Already?" Quiz
Foundation Topics
AAA Components
AAA Access Modes
Understanding the TACACS+ and RADIUS Protocols
UDP Versus TCP
Packet Encryption
Authentication and Authorization
Multiprotocol Support
Router Management
Interoperability
Configuring AAA Using the CLI
RADIUS Configuration
TACACS+ Configuration
AAA-Related Commands
Configuring AAA Using SDM
Using Debugging for AAA
debug aaa authentication Command
debug aaa authorization Command
debug aaa accounting Command
debug radius Command
debug tacacs Command
Foundation Summary
Q&A
Chapter 21 Cisco IOS Threat Defense Features
"Do I Know This Already?" Quiz
Foundation Topics
Layered Device Structure
Firewall Technology Basics
Packet Filtering
Application Layer Gateway
Stateful Packet Filtering
Cisco IOS Firewall Feature Set
Cisco IOS Firewall
Authentication Proxy
Cisco IOS IPS
Cisco IOS Firewall Operation
Cisco IOS Firewall Packet Inspection and Proxy Firewalls
Foundation Summary
Q&A
Chapter 22 Implementing Cisco IOS Firewalls
"Do I Know This Already?" Quiz
Foundation Topics
Configure a Cisco IOS Firewall Using the CLI
Step 1: Choose an Interface and Packet Direction to Inspect
Step 2: Configure an IP ACL for the Interface
Step 3: Define the Inspection Rules
Step 4: Apply the Inspection Rules and the ACL to the Interface
Step 5: Verify the Configuration
Configure a Basic Firewall Using SDM
Configure an Advanced Firewall Using SDM
Foundation Summary
Q&A
Chapter 23 Implementing Cisco IDS and IPS
"Do I Know This Already?" Quiz
Foundation Topics
IDS and IPS Functions and Operations
Categories of IDS and IPS
IDS and IPS Signatures
Signature Reaction
Cisco IOS IPS Configuration
SDM Configuration
Foundation Summary
Q&A
Appendix A Answers to the "Do I Know This Already?" Quizzes and Q&A Sections
158720150x TOC 6/18/2007
Foreword
Index
Introduction
CD-ROM fixes
If you have a 10-digit code that does not work, please click on the link below for instructions on how to activate your software. We apologize for the inconvenience.
Updated Activation Procedure for Cisco Press CD-ROM Software