CCNP Security VPN 642-647 Official Cert Guide

CCNP Security VPN 642-647 Official Cert Guide

5 (1 rating by Goodreads)
By (author)  , By (author) 

List price: US$69.99

Currently unavailable

Add to wishlist

AbeBooks may have this title (opens in new window).

Try AbeBooks

Description

Trust the best selling Official Cert Guide series from Cisco Press to help you learn, prepare, and practice for exam success. They are built with the objective of providing assessment, review, and practice to help ensure you are fully prepared for your certification exam. CCNP Security VPN 642-647 Official Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. "Do I Know This Already?" quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. * Master Cisco CCNP Security VPN 642-647 exam topics* Assess your knowledge with chapter-opening quizzes* Review key concepts with exam preparation tasks* Practice with realistic exam questions on the CD-ROM CCNP Security VPN 642-647 Official Cert Guide, focuses specifically on the objectives for the CCNP Security VPN exam. Cisco Certified Internetwork Expert (CCIE) Howard Hooper share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics. The companion CD-ROM contains a powerful Pearson IT Certification Practice Test engine that enables you to focus on individual topic areas or take a complete, timed exam. The assessment engine also tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most. Well-regarded for its level of detail, assessment features, comprehensive design scenarios, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time. The official study guide helps you master all the topics on the CCNP Security VPN exam, including: * Configuring policies, inheritance, and attributes * AnyConnect Remote Access VPN solution * AAA and Dynamic Access Policies (DAP) * High availability and performance * Clientless VPN solutions * SSL VPN with Cisco Secure Desktop * Easy VPN solutions * IPsec VPN clients and site-to-site VPNs CCNP Security VPN 642-647 Official Cert Guide is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining. The print edition of the CCNP Security VPN 642-647 Official Cert Guide contains a free, complete practice exam. Pearson IT Certification Practice Test minimum system requirements: Windows XP (SP3), Windows Vista (SP2), or Windows 7; Microsoft .NET Framework 4.0 Client; Microsoft SQL Server Compact 4.0 ; Pentium class 1GHz processor (or equivalent); 512 MB RAM; 650 MB disc space plus 50 MB for each downloaded practice exam Also available from Cisco Press for Cisco CCNP Security study is the CCNP Security VPN 642-647 Official Cert Guide Premium Edition eBook and Practice Test. This digital-only certification preparation product combines an eBook with enhanced Pearson IT Certification Practice Test. This integrated learning package: * Allows you to focus on individual topic areas or take complete, timed exams* Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions* Provides unique sets of exam-realistic practice questions* Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed mostshow more

Product details

  • Mixed media product | 800 pages
  • 190.5 x 233.68 x 45.72mm | 1,474.17g
  • Pearson Education (US)
  • Cisco Press
  • Indianapolis, United States
  • English
  • 1587142562
  • 9781587142567
  • 807,085

About Jim Thomas

Howard Hooper, CCIE No. 23470, CCNP, CCNA, CCDA, JNCIA, works as a network consultant for his companies SYNCom Ltd. and Transcend Networks Ltd., specializing in network design, installation, and automation for enterprise and government clients. He has worked in the network industry for 10 years, starting his career in the service provider field as a support engineer, before moving on to installations engineer and network architect roles, working on small, medium, enterprise, and service provider networks.show more

Table of contents

Introduction xxiv Part I ASA Architecture and Technologies Overview Chapter 1 Evaluation of the ASA Architecture 3 "Do I Know This Already?" Quiz 3 Foundation Topics 6 Examining ASA Control Fundamentals 6 Interfaces, Security Levels, and EtherChannels 6 Security Levels 9 Same Security Interface and Intra-Interface Communication 10 EtherChannels 11 Access Control Lists 12 Modular Policy Framework 15 Routing the Environment 16 Address Translations and Your ASA 18 AAA for Network-Based Access 21 ASA VPN Technology Comparison 24 Managing Your ASA Device 27 Packet Processing 28 Controlling VPN Access 29 The Good, the Bad, and the Licensing 32 Time-Based Licenses 41 When Time-Based and Permanent Licenses Combine 42 Shared SSL VPN Licenses 43 Failover Licensing 43 Exam Preparation Tasks 44 Review All Key Topics 44 Complete Tables and Lists from Memory 44 Define Key Terms 44 Chapter 2 Configuring Policies, Inheritance, and Attributes 47 "Do I Know This Already?" Quiz 47 Foundation Topics 49 Policies and Their Relationships 49 Understanding Connection Profiles 50 Group URL 52 Group Alias 52 Certificate to Connection Profile Mapping 53 Per-User Connection Profile Lock 54 Default Connection Profiles 55 Understanding Group Policies 56 Configure User Attributes 59 Using External Servers for AAA and Policies 60 Exam Preparation Tasks 70 Review All Key Topics 70 Complete Tables and Lists from Memory 70 Define Key Terms 70 Part II Cisco AnyConnect Remote-Access VPN Solutions Chapter 3 Deploying an AnyConnect Remote-Access VPN Solution 73 "Do I Know This Already?" Quiz 73 Foundation Topics 76 Full SSL VPN Technology Overview 76 SSL/TLS 76 DTLS 80 IKEv2 81 Configuration Procedures, Deployment Strategies, and Information Gathering 83 AnyConnect Secure Mobility Client Installation 84 Deploying Your First Full-Tunnel AnyConnect SSL VPN Solution 85 IP Addressing 85 Hostname, Domain Name, and DNS 85 Enroll with a CA and Become a Member of a PKI 86 Add an Identity Certificate 87 Add the Signing Root CA Certificate 88 Enable the Interfaces for SSL/DTLS and AnyConnect Client Connections 88 Create a Connection Profile 89 Deploying Your First AnyConnect IKEv2 VPN Solution 92 Enable the Relevant Interfaces for IKEv2 and AnyConnect Client Access 93 Create a Connection Profile 94 Client IP Address Allocation 97 Connection Profile Address Assignment 98 Group Policy Address Assignment 100 Direct User Address Assignment 104 Advanced Controls for Your Environment 104 ACLs and Downloadable ACLs 105 Split Tunneling 107 Access Hours/Time Range 110 Troubleshooting the AnyConnect Secure Mobility Client 111 Exam Preparation Tasks 117 Review All Key Topics 117 Complete Tables and Lists from Memory 117 Define Key Terms 117 Chapter 4 Advanced Authentication and Authorization of AnyConnect VPNs 119 "Do I Know This Already?" Quiz 119 Foundation Topics 121 Authentication Options and Strategies 121 Provisioning Certificates as a Local CA 126 Configuring Certificate Mappings 134 Certificate-to-Connection Profile Maps 135 Mapping Criteria 136 Provisioning Certificates from a Third-Party CA 139 Configure an XML Profile for Use by the AnyConnect Client 141 Configure a Dedicated Connection Profile for Enrollment 144 Enroll the AnyConnect Client into a PKI 145 Optionally, Configure Client Certificate Selection 147 Import the Issuing CA,s Certificate into the ASA,s 149 Create a Connection Profile Using Certificate-Based Authentication 150 Advanced PKI Deployment Strategies 151 CRLs 152 OCSP 152 Doubling Up on Client Authentication 155 Troubleshooting Your Advanced Configuration 161 Exam Preparation Tasks 163 Review All Key Topics 163 Complete Tables and Lists from Memory 163 Define Key Terms 163 Chapter 5 Advanced Deployment and Management of the AnyConnect Client 165 "Do I Know This Already?" Quiz 165 Foundation Topics 167 Configuration Procedures, Deployment Strategies, and Information Gathering 167 AnyConnect Installation Options 168 Manual Predeployment 168 Automatic Web Deployment 172 Managing AnyConnect Client Profiles 177 Advanced Profile Features 181 Start Before Login 182 Trusted Network Detection 182 Advanced AnyConnect Customization and Management 188 Exam Preparation Tasks 195 Review All Key Topics 195 Complete Tables and Lists from Memory 195 Define Key Terms 195 Chapter 6 Advanced Authorization Using AAA and DAPs 197 "Do I Know This Already?" Quiz 197 Foundation Topics 199 Configuration Procedures, Deployment Strategies, and Information Gathering 199 Configuring Local and Remote Group Policies 199 Full SSL VPN Accountability 209 Authorization Through Dynamic Access Policies 213 Troubleshooting Advanced Authorization Settings 216 Exam Preparation Tasks 219 Review All Key Topics 219 Complete Tables and Lists from Memory 219 Define Key Terms 219 Chapter 7 AnyConnect Integration with Cisco Secure Desktop and Optional Modules 221 "Do I Know This Already?" Quiz 221 Foundation Topics 224 Cisco Secure Desktop Overview and Configuration 224 Host Scan 225 Prelogin Assessment 225 Secure Desktop (Vault) 226 Cache Cleaner 227 Keystroke Logger Detection 228 Integration with DAPs 228 Host Emulation Detection 228 Windows Mobile Device Management 228 Standalone Installation Packages 228 CSD Manual Launch 228 Prelogin Policies 229 Post-Login Policies 230 VPN Session Termination 231 AnyConnect Posture Assessment and Host Scan 231 AnyConnect Posture Assessment Module 231 Host Scan 232 Configure Prelogin Policies 234 AnyConnect Network Access, Web Security, and Telemetry Modules 238 NAM Module 238 Web Security Module 241 Telemetry Module 243 Exam Preparation Tasks 246 Review All Key Topics 246 Complete Tables and Lists from Memory 246 Define Key Terms 246 Chapter 8 AnyConnect High Availability and Performance 249 "Do I Know This Already?" Quiz 249 Foundation Topics 251 Overview of High Availability and Redundancy Methods 251 Hardware-Based Failover 251 VPN Clustering (VPN Load Balancing) 252 Redundant VPN Peering 253 External Load Balancing 253 Deploying DTLS 255 Performance Assurance with QOS 256 Basic ASDM QoS Configuration 258 AnyConnect Redundant Peering and Failover 265 Hardware-Based Failover with VPNs 267 Configure LAN Failover Interfaces 269 Configure Standby Addresses on Interfaces Used for Traffic Forwarding 270 Define Failover Criteria 270 Configure Nondefault MAC Addresses 270 Redundancy in the VPN Core 271 VPN Clustering 272 Load Balancing Using an External Load Balancer 274 Exam Preparation Tasks 276 Review All Key Topics 276 Complete Tables and Lists from Memory 276 Define Key Terms 276 Part III Cisco Clientless Remote-Access VPN Solutions Chapter 9 Deploying a Clientless SSL VPN Solution 279 "Do I Know This Already?" Quiz 279 Foundation Topics 282 Clientless SSL VPN Overview 282 SSL VPN Building Blocks 283 SSL/TLS Recap 283 SSL Tunnel Negotiation 285 Handshake 286 Deployment Procedures and Strategies 289 Physical Topology 289 Deploying Your First Clientless SSL VPN Solution 293 IP Addressing 293 Hostname, Domain Name, and DNS 293 Become a Member of a Public Key Infrastructure 294 Adding a CA Root Certificate 294 Certificate Revocation List 295 Revocation Check 296 CRL Retrieval Policy 297 CRL Retrieval Method 297 OCSP Rules 297 Advanced 301 Enable the Relevant Interfaces for SSL 311 Create Local User Accounts for Authentication 312 Create a Connection Profile (Optional) 315 Basic Access Control 319 Bookmarks 320 HTTP and HTTPS 320 CIFS 321 FTP 321 Group Policies 323 Content Transformation 327 Gateway Content Rewriting 327 Application Helper Profiles 329 Java Code Signing 330 Troubleshooting a Basic Clientless SSL VPN 331 Troubleshooting Session Establishment 331 Troubleshooting Certificate Errors 333 Exam Preparation Tasks 335 Review All Key Topics 335 Complete Tables and Lists from Memory 335 Define Key Terms 335 Chapter 10 Advanced Clientless SSL VPN Settings 337 "Do I Know This Already?" Quiz 337 Foundation Topics 340 Overview of Advanced Clientless SSL VPN Settings 340 Application Access Through Port Forwarding 343 Configuring Port Forwarding Using the ASDM 345 Application Access Using Client-Server Plug-Ins 349 Configuring Client-Server Plug-In Access Using the ASDM 350 Application Access Through Smart Tunnels 357 Configuring Smart Tunnel Access Using the ASDM 359 Configuring SSL/TLS Proxies 363 Email Proxy 363 Internal HTTP and HTTPS Proxy 365 Troubleshooting Advanced Application Access 366 Troubleshooting Application Access 366 Client 366 ASA/VPN Termination Appliance 367 Application/Web Server 369 Exam Preparation Tasks 370 Review All Key Topics 370 Complete Tables and Lists from Memory 370 Define Key Terms 370 Chapter 11 Customizing the Clientless Portal 373 "Do I Know This Already?" Quiz 373 Foundation Topics 375 Basic Portal Layout Configuration 375 Logon Page Customization 377 Portal Page Customization 379 Logout Page Customization 379 Outside-the-Box Portal Configuration 381 Portal Localization 381 Getting Portal Help 386 AnyConnect Portal Integration 387 Clientless SSL VPN Advanced Authentication 389 Using an External and Internal CA for Clientless Access 391 Clientless SSL VPN Double Authentication 399 Deploying Clientless SSL VPN Single Sign-On 403 Troubleshooting PKI and SSO Integration 406 Exam Preparation Tasks 410 Review All Key Topics 410 Complete Tables and Lists from Memory 410 Define Key Terms 410 Chapter 12 Advanced Authorization Using Dynamic Access Policies 413 "Do I Know This Already?" Quiz 413 Foundation Topics 416 Configuration Procedures, Deployment Strategies, and Information Gathering 416 Create a DAP 419 Specify User AAA Attributes 419 Specify Endpoint Attributes 421 Configure Authorization Parameters 424 Configure Authorization Parameters for the Default DAP 426 DAP Record Aggregation 427 Troubleshooting DAP Deployment 432 ASDM Test Feature 432 ASA Logging 434 DAP Debugging 435 Exam Preparation Tasks 437 Review All Key Topics 437 Complete Tables and Lists from Memory 437 Define Key Terms 437 Chapter 13 Clientless SSL VPN with Cisco Secure Desktop 439 "Do I Know This Already?" Quiz 439 Foundation Topics 441 Cisco Secure Desktop Overview and Configuration 441 Prelogin Assessment 442 Host Scan 443 Secure Desktop (Vault) 443 Cache Cleaner 443 Keystroke Logger Detection 444 Integration with DAP 444 Host Emulation Detection 444 Windows Mobile Device Management 444 Standalone Installation Packages 444 CSD Manual Launch 444 Secure Desktop (Vault) 446 Cache Cleaner 446 CSD Supported Browsers, Operating Systems, and Credentials 447 Enabling Cisco Secure Desktop on the ASA 450 Configure Prelogin Criteria 452 Keystroke Logger and Safety Checks 457 Cache Cleaner 457 Secure Desktop (Vault) General 458 Secure Desktop (Vault) Settings 459 Secure Desktop (Vault) Browser 460 Host Endpoint Assessment 460 Authorization Through DAPs 461 Troubleshooting Cisco Secure Desktop 463 Exam Preparation Tasks 465 Review All Key Topics 465 Complete Tables and Lists from Memory 465 Define Key Terms 465 Chapter 14 Clientless SSL VPN High-Availability and Performance Options 467 "Do I Know This Already?" Quiz 467 Foundation Topics 469 High-Availability Deployment Information and Common Strategies 469 Failover 469 Active/Active 469 Active/Standby 469 VPN Load Balancing (Clustering) 470 External Load Balancing 470 Redundant VPN Peering 470 Content Caching for Optimization 472 Clientless SSL VPN Load Sharing Using an External Load Balancer 473 Clustering Configuration for Clientless SSL VPN 474 Troubleshooting Load Balancing and Clustering 477 Exam Preparation Tasks 479 Review All Key Topics 479 Complete Tables and Lists from Memory 479 Define Key Terms 479 Part IV Cisco IPsec Remote-Access Client Solutions Chapter 15 Deploying and Managing the Cisco VPN Client 481 "Do I Know This Already?" Quiz 481 Foundation Topics 483 IPsec Review 483 IKEv1 483 AH and ESP 486 Cisco IPsec VPN Client Features 488 IPsec Client Software Installation and Basic Configuration 491 Connection Entries 495 Status 495 Certificates 495 Log 495 Options 495 Help 496 Create New VPN Connection Entry, Main Window 496 Authentication Tab 496 Transport Tab 497 Backup Servers Tab 497 Dial-Up Tab 497 Advanced Profile Settings 498 VPN Client Software GUI Customization 507 Troubleshooting VPN Client Connectivity 507 Exam Preparation Tasks 512 Review All Key Topics 512 Complete Tables and Lists from Memory 512 Define Key Terms 512 Part V Cisco Easy VPN Solutions Chapter 16 Deploying Easy VPN Solutions 515 "Do I Know This Already?" Quiz 515 Foundation Topics 517 Configuration Procedures, Deployment Procedures, and Information Gathering 517 Easy VPN Basic Configuration 519 ASA IP Addresses 519 Configure Required Routing 519 Enable IPsec Connectivity 519 Configure Preferred IKEv1 and IPsec Policies 522 Client IP Address Assignment 527 VPN Client Authentication Using Pre-Shared Keys 529 Using XAUTH for VPN Client Access 532 IP Address Allocation Using the VPN Client 533 DHCP Configuration 538 Controlling Your Environment with Advanced Features 539 ACL Bypass Configuration 540 Basic Interface ACL Configuration 540 Per-Group ACL Configuration 542 Per-User ACL Configuration 543 Split-Tunneling Configuration 545 Troubleshooting a Basic Easy VPN 546 Exam Preparation Tasks 548 Review All Key Topics 548 Complete Tables and Lists from Memory 548 Define Key Terms 548 Chapter 17 Advanced Authentication and Authorization Using Easy VPN 551 "Do I Know This Already?" Quiz 551 Foundation Topics 553 Authentication Options and Strategies 553 Configuring PKI with IPsec Easy VPNs 556 Configuring Mutual/Hybrid Authentication 561 Configuring Digital Certificate Mappings 562 Provisioning Certificates from a Third-Party CA 566 Advanced PKI Deployment Strategies 570 Troubleshooting Advanced Authentication for Easy VPN 575 Exam Preparation Tasks 577 Review All Key Topics 577 Complete Tables and Lists from Memory 577 Define Key Terms 577 Chapter 18 Advanced Easy VPN Authorization 579 "Do I Know This Already?" Quiz 579 Foundation Topics 581 Configuration Procedures, Deployment Strategies, and Information Gathering 581 Configuring Local and Remote Group Policies 582 Assigning a Group Policy to a Local User Account 586 Assigning a Group Policy to a Connection Profile 586 Accounting Methods for Operational Information 588 NetFlow 9 591 RADIUS VPN Accounting 593 SNMP 594 Exam Preparation Tasks 597 Review All Key Topics 597 Complete Tables and Lists from Memory 597 Define Key Terms 597 Chapter 19 High Availability and Performance for Easy VPN 599 "Do I Know This Already?" Quiz 599 Foundation Topics 602 Configuration Procedures, Deployment Strategies, and Information Gathering 602 Easy VPN Client HA and Failover 604 Hardware-Based Failover with VPNs 606 Configure Optional Active/Standby Failover Settings 610 Clustering Configuration for Easy VPN 612 Troubleshooting Device Failover and Clustering 615 Exam Preparation Tasks 619 Review All Key Topics 619 Complete Tables and Lists from Memory 619 Define Key Terms 619 Chapter 20 Easy VPN Operation Using the ASA 5505 as a Hardware Client 621 "Do I Know This Already?" Quiz 621 Foundation Topics 623 Easy VPN Remote Hardware Client Overview 623 Client Mode 623 Network Extension Mode 624 Configuring a Basic Easy VPN Remote Client Using the ASA 5505 625 Configuring Advanced Easy VPN Remote Client Settings for the ASA 5505 627 X-Auth and Device Authentication 627 Remote Management 629 Enable Tunneled Management 630 Clear Tunneled Management 630 NAT Traversal 631 Device Pass-Through 632 Troubleshooting the ASA 5505 Easy VPN Remote Hardware Client 633 Exam Preparation Tasks 637 Review All Key Topics 637 Complete Tables and Lists from Memory 637 Define Key Terms 637 Part VI Cisco IPsec Site-to-Site VPN Solutions Chapter 21 Deploying IPsec Site-to-Site VPNs 639 "Do I Know This Already?" Quiz 639 Foundation Topics 642 Configuration Procedures, Deployment Strategies, and Information Gathering 642 IKEv1 Phase 1 644 IKEv1 Phase 2 (Quick Mode) 645 Configuring a Basic IPsec Site-to-Site VPN 647 Configure Basic Peer Authentication 647 Enable IKEv1 on the Interface 648 Configure IKEv1 Policies 648 Configure Pre-Shared Keys 649 Configure Transmission Protection 650 Select Transform Set and VPN Peer 650 Define Interesting Traffic 652 Configure Advanced Authentication for IPsec Site-to-Site VPNs 656 Troubleshooting an IPsec Site-to-Site VPN Connection 661 Tunnel Not Establishing: Phase 1 662 Tunnel Not Establishing: Phase 2 662 Traffic Not Passing Through Your Tunnel 662 Exam Preparation Tasks 664 Review All Key Topics 664 Complete Tables and Lists from Memory 664 Define Key Terms 664 Chapter 22 High Availability and Performance Strategies for IPsec Site-to-Site VPNs 667 "Do I Know This Already?" Quiz 667 Foundation Topics 669 Configuration Procedures, Deployment Strategies, and Information Gathering 669 High Assurance with QoS 670 Basic ASDM QoS Configuration 672 Deploying Redundant Peering for Site-to-Site VPNs 678 Site-to-Site VPN Redundancy Using Routing 679 Hardware-Based Failover with VPNs 683 Configure LAN Failover Interfaces 684 Configure Standby Addresses on Interfaces Used for Traffic Forwarding 685 Define Failover Criteria 686 Configure Nondefault Mac Addresses 686 Troubleshooting HA Deployment 688 Exam Preparation Tasks 690 Review All Key Topics 690 Complete Tables and Lists from Memory 690 Define Key Terms 690 Part VII Exam Preparation Chapter 23 Final Exam Preparation 693 Tools for Final Preparation 693 Pearson Cert Practice Test Engine and Questions on the CD 693 Install the Software from the CD 694 Activate and Download the Practice Exam 694 Activating Other Exams 695 Premium Edition 695 The Cisco Learning Network 695 Memory Tables 695 Suggested Plan for Final Review/Study 696 Using the Exam Engine 696 Summary 697 Part VIII Appendixes Appendix A Answers to the "Do I Know This Already?" Quizzes 699 Appendix B 642-647 CCNP Security VPN Exam Updates, Version 1.0 703 Appendix C Memory Tables (CD only) Appendix D Memory Tables Answer Key (CD only) Glossary 707 9781587142567 TOC 6/20/2011show more

Rating details

1 ratings
5 out of 5 stars
5 100% (1)
4 0% (0)
3 0% (0)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X