You are previewing CCNP Security VPN 642-648 Official Cert Guide, Second Edition.
O'Reilly logo
CCNP Security VPN 642-648 Official Cert Guide, Second Edition

Book Description

The official study guide helps you master all the topics on the CCNP Security VPN exam, including

Configuring policies, inheritance, and attributes

·         AnyConnect Remote Access VPN solutions

·         AAA and Dynamic Access Policies (DAP)

·         High availability and performance

·         Clientless VPN solutions

·         SSL VPN with Cisco Secure Desktop

·         Easy VPN solutions

·         IPsec VPN clients and site-to-site VPNs

The CD-ROM contains a free, complete practice exam.

Includes Exclusive Offer for 70% Off Premium Edition eBook and Practice Test

Pearson IT Certification Practice Test minimum system requirements:

Windows XP (SP3), Windows Vista (SP2), or Windows 7; Microsoft .NET Framework 4.0 Client; Pentium class 1GHz processor (or equivalent);
512 MB RAM; 650 MB disc space plus 50 MB for each downloaded practice exam

This volume is part of the Official Cert Guide Series from Cisco Press. Books in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco Career Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as exam day nears.

CCNP Security VPN 642-648 Official Cert Guide is a best of breed Cisco exam study guide that focuses specifically on the objectives for the CCNP Security VPN exam. Cisco Certified Internetwork Expert (CCIE) Howard Hooper shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

CCNP Security VPN 642-648 Official Cert Guide presents you with an organized test-preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

The companion CD-ROM contains a powerful testing engine that enables you to focus on individual topic areas or take a complete, timed exam. The assessment engine also tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.

Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

CCNP Security VPN 642-648 Official Cert Guide is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

Table of Contents

  1. Title Page
  2. Copyright Page
  3. About the Author
  4. About the Technical Reviewers
  5. Dedications
  6. Acknowledgments
  7. Contents at a Glance
  8. Contents
  9. Icons Used in This Book
  10. Introduction
    1. Who Should Read This Book
    2. How to Use This Book
    3. Certification Exam and This Preparation Guide
    4. Overview of the Cisco Certification Process
    5. Taking the VPN Certification Exam
    6. Tracking CCNP Security Status
    7. How to Prepare for an Exam
    8. Assessing Exam Readiness
    9. Cisco Security Specialist in the Real World
    10. Cisco ASA Software Commands
    11. Rules of the Road
    12. Exam Registration
    13. Book Content Updates
    14. Premium Edition eBook and Practice Test
  11. Part I. ASA Architecture and Technologies Overview
    1. Chapter 1. Examining the Role of VPNs and the Technologies Supported by the ASA
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Introducing the Virtual Private Network
      4. Meet the Protocols
      5. ASA Packet Processing
      6. The Good, the Bad, and the Licensing
      7. Exam Preparation Tasks
      8. Review All Key Topics
      9. Complete Tables and Lists from Memory
      10. Define Key Terms
    2. Chapter 2. Configuring Policies, Inheritance, and Attributes
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Policies and Their Relationships
      4. Understanding Connection Profiles
      5. Understanding Group Policies
      6. Configure User Attributes
      7. Using External Servers for AAA and Policies
      8. Exam Preparation Tasks
      9. Review All Key Topics
      10. Complete Tables and Lists from Memory
      11. Define Key Terms
  12. Part II. Cisco Clientless Remote-Access VPN Solutions
    1. Chapter 3. Deploying a Clientless SSL VPN Solution
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Clientless SSL VPN Overview
      4. Deployment Procedures and Strategies
      5. Deploying Your First Clientless SSL VPN Solution
      6. Basic Access Control
      7. Content Transformation
      8. Troubleshooting a Basic Clientless SSL VPN
      9. Exam Preparation Tasks
      10. Review All Key Topics
      11. Complete Tables and Lists from Memory
      12. Define Key Terms
    2. Chapter 4. Advanced Clientless SSL VPN Settings
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Overview of Advanced Clientless SSL VPN Settings
      4. Application Access Through Port Forwarding
      5. Application Access Using Client-Server Plug-Ins
      6. Application Access Through Smart Tunnels
      7. Configuring SSL/TLS Proxies
      8. Troubleshooting Advanced Application Access
      9. Exam Preparation Tasks
      10. Review All Key Topics
      11. Complete Tables and Lists from Memory
      12. Define Key Terms
    3. Chapter 5. Customizing the Clientless Portal
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Basic Portal Layout Configuration
      4. Outside-the-Box Portal Configuration
      5. Portal Language Localization
      6. Getting Portal Help
      7. AnyConnect Portal Integration
      8. Clientless SSL VPN Advanced Authentication
      9. Using an External and Internal CA for Clientless Access
      10. Clientless SSL VPN Double Authentication
      11. Deploying Clientless SSL VPN Single Signon
      12. Troubleshooting PKI and SSO Integration
      13. Exam Preparation Tasks
      14. Review All Key Topics
      15. Complete Tables and Lists from Memory
      16. Define Key Terms
    4. Chapter 6. Clientless SSL VPN Advanced Authentication and Authorization
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Configuration Procedures, Deployment Strategies, and Information Gathering
      4. DAP Record Aggregation
      5. Troubleshooting DAP Deployment
      6. Exam Preparation Tasks
      7. Review All Key Topics
      8. Complete Tables and Lists from Memory
      9. Define Key Terms
    5. Chapter 7. Clientless SSL High Availability and Performance
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. High-Availability Deployment Information and Common Strategies
      4. Content Caching for Optimization
      5. Clientless SSL VPN Load Sharing Using an External Load Balancer
      6. Clustering Configuration for Clientless SSL VPN
      7. Troubleshooting Load Balancing and Clustering
      8. Exam Preparation Tasks
      9. Review All Key Topics
      10. Complete Tables and Lists from Memory
      11. Define Key Terms
  13. Part III. Cisco AnyConnect Remote-Access VPN Solutions
    1. Chapter 8. Deploying an AnyConnect Remote-Access VPN Solution
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. AnyConnect Full-Tunnel SSL VPN Overview
      4. Configuration Procedures, Deployment Strategies, and Information Gathering
      5. Deploying Your First Full-Tunnel AnyConnect SSL VPN Solution
      6. Deploying Your First AnyConnect IKEv2 VPN Solution
      7. Client IP Address Allocation
      8. Advanced Controls for Your Environment
      9. Troubleshooting the AnyConnect Secure Mobility Client
      10. Exam Preparation Tasks
      11. Review All Key Topics
      12. Complete Tables and Lists from Memory
      13. Define Key Terms
    2. Chapter 9. Advanced Authentication and Authorization of AnyConnect VPNs
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Authentication Options and Strategies
      4. Provisioning Certificates as a Local CA
      5. Configuring Certificate Mappings
      6. Provisioning Certificates from a Third-Party CA
      7. Advanced PKI Deployment Strategies
      8. Doubling Up on Client Authentication
      9. Troubleshooting Your Advanced Configuration
      10. Exam Preparation Tasks
      11. Review All Key Topics
      12. Complete Tables and Lists from Memory
      13. Define Key Terms
    3. Chapter 10. Advanced Deployment and Management of the AnyConnect Client
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Configuration Procedures, Deployment Strategies, and Information Gathering
      4. AnyConnect Installation Options
      5. Managing AnyConnect Client Profiles
      6. Advanced Profile Features
      7. Advanced AnyConnect Customization and Management
      8. Exam Preparation Tasks
      9. Review All Key Topics
      10. Complete Tables and Lists from Memory
      11. Define Key Terms
    4. Chapter 11. AnyConnect Advanced Authorization Using AAA and DAPs
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Configuration Procedures, Deployment Strategies, and Information Gathering
      4. Configuring Local and Remote Group Policies
      5. Full SSL VPN Accountability
      6. Authorization Through Dynamic Access Policies
      7. Troubleshooting Advanced Authorization Settings
      8. Exam Preparation Tasks
      9. Review All Key Topics
      10. Complete Tables and Lists from Memory
      11. Define Key Terms
    5. Chapter 12. AnyConnect High Availability and Performance
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Overview of High Availability and Redundancy Methods
      4. Deploying DTLS
      5. Performance Assurance with QOS
      6. AnyConnect Redundant Peering and Failover
      7. Hardware-Based Failover with VPNs
      8. Redundancy in the VPN Core
      9. Exam Preparation Tasks
      10. Review All Key Topics
      11. Complete Tables and Lists from Memory
      12. Define Key Terms
  14. Part IV. Cisco Secure Desktop
    1. Chapter 13. Cisco Secure Desktop
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Cisco Secure Desktop Overview and Configuration
      4. CSD Order of Operations
      5. Configure Prelogin Criteria
      6. Host Endpoint Assessment
      7. Authorization Using DAPs
      8. Troubleshooting Cisco Secure Desktop
      9. Exam Preparation Tasks
      10. Review All Key Topics
      11. Complete Tables and Lists from Memory
      12. Define Key Terms
  15. Part V. Cisco IPsec Remote-Access Client Solutions
    1. Chapter 14. Deploying and Managing the Cisco VPN Client
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Cisco IPsec VPN Client Features
      4. Cisco ASA Basic Remote IPsec Client Configuration
      5. IPsec Client Software Installation and Basic Configuration
      6. Advanced Profile Settings
      7. VPN Client Software GUI Customization
      8. Troubleshooting VPN Client Connectivity
      9. Exam Preparation Tasks
      10. Review All Key Topics
      11. Complete Tables and Lists from Memory
      12. Define Key Terms
  16. Part VI. Cisco Easy VPN Solutions
    1. Chapter 15. Deploying Easy VPN Solutions
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Configuration Procedures, Deployment Procedures, and Information Gathering
      4. Easy VPN Basic Configuration
      5. Controlling Your Environment with Advanced Features
      6. Troubleshooting a Basic Easy VPN
      7. Exam Preparation Tasks
      8. Review All Key Topics
      9. Complete Tables and Lists from Memory
      10. Define Key Terms
    2. Chapter 16. Advanced Authentication and Authorization Using Easy VPN
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Authentication Options and Strategies
      4. Configuring PKI for Use with Easy VPN
      5. Configuring Mutual/Hybrid Authentication
      6. Configuring Digital Certificate Mappings
      7. Provisioning Certificates from a Third-Party CA
      8. Advanced PKI Deployment Strategies
      9. Troubleshooting Advanced Authentication for Easy VPN
      10. Exam Preparation Tasks
      11. Review All Key Topics
      12. Complete Tables and Lists from Memory
      13. Define Key Terms
    3. Chapter 17. Advanced Easy VPN Authorization
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Configuration Procedures, Deployment Strategies, and Information Gathering
      4. Configuring Local and Remote Group Policies
      5. Accounting Methods for Operational Information
      6. Exam Preparation Tasks
      7. Review All Key Topics
      8. Complete Tables and Lists from Memory
      9. Define Key Terms
    4. Chapter 18. High Availability and Performance for Easy VPN
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Configuration Procedures, Deployment Strategies, and Information Gathering
      4. Easy VPN Client HA and Failover
      5. Hardware-Based Failover with VPNs
      6. Clustering Configuration for Easy VPN
      7. Troubleshooting Device Failover and Clustering
      8. Exam Preparation Tasks
      9. Review All Key Topics
      10. Complete Tables and Lists from Memory
      11. Define Key Terms
    5. Chapter 19. Easy VPN Operation Using the ASA 5505 as a Hardware Client
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Easy VPN Remote Hardware Client Overview
      4. Configuring a Basic Easy VPN Remote Client Using the ASA 5505
      5. Configuring Advanced Easy VPN Remote Client Settings for the ASA 5505
      6. Troubleshooting the ASA 5505 Easy VPN Remote Hardware Client
      7. Exam Preparation Tasks
      8. Review All Key Topics
      9. Complete Tables and Lists from Memory
      10. Define Key Terms
  17. Part VII. Cisco IPsec Site-to-Site VPN Solutions
    1. Chapter 20. Deploying IPsec Site-to-Site VPNs
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Configuration Procedures, Deployment Strategies, and Information Gathering
      4. IKEv1
      5. IKEv2
      6. Configuring a Basic IKEv1 IPsec Site-to-Site VPN
      7. Configuring a Basic IKEv2 IPsec Site-to-Site VPN
      8. Configure Advanced Authentication for IKEv1 IPsec Site-to-Site VPNs
      9. Troubleshooting an IPsec Site-to-Site VPN Connection
      10. Exam Preparation Tasks
      11. Review All Key Topics
      12. Complete Tables and Lists from Memory
      13. Define Key Terms
    2. Chapter 21. High Availability and Performance Strategies for IPsec Site-to-Site VPNs
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Configuration Procedures, Deployment Strategies, and Information Gathering
      4. High Assurance with QoS
      5. Deploying Redundant Peering for Site-to-Site VPNs
      6. Site-to-Site VPN Redundancy Using Routing
      7. Hardware-Based Failover with VPNs
      8. Troubleshooting HA Deployment
      9. Exam Preparation Tasks
      10. Review All Key Topics
      11. Complete Tables and Lists from Memory
      12. Define Key Terms
  18. Part VIII. Exam Preparation
    1. Chapter 22. Final Exam Preparation
      1. Tools for Final Preparation
      2. Memory Tables
      3. Suggested Plan for Final Review/Study
      4. Summary
  19. Part IX. Appendixes
    1. Appendix A. Answers to the “Do I Know This Already?” Quizzes
      1. Chapter 1
      2. Chapter 2
      3. Chapter 3
      4. Chapter 4
      5. Chapter 5
      6. Chapter 6
      7. Chapter 7
      8. Chapter 8
      9. Chapter 9
      10. Chapter 10
      11. Chapter 11
      12. Chapter 12
      13. Chapter 13
      14. Chapter 14
      15. Chapter 15
      16. Chapter 16
      17. Chapter 17
      18. Chapter 18
      19. Chapter 19
      20. Chapter 20
      21. Chapter 21
    2. Appendix B. 642-648 CCNP Security VPN Exam Updates, Version 1.0
      1. Always Get the Latest at the Companion Website
      2. Technical Content
  20. Glossary
  21. Index
  22. Add Pages
  23. Appendix C. Memory Tables
    1. Chapter 2
    2. Chapter 3
    3. Chapter 4
    4. Chapter 5
    5. Chapter 7
    6. Chapter 9
    7. Chapter 11
    8. Chapter 12
    9. Chapter 13
    10. Chapter 18
    11. Chapter 20
    12. Chapter 21
  24. Appendix D. Memory Tables Answer Key
    1. Chapter 2
    2. Chapter 3
    3. Chapter 4
    4. Chapter 5
    5. Chapter 7
    6. Chapter 9
    7. Chapter 11
    8. Chapter 12
    9. Chapter 13
    10. Chapter 18
    11. Chapter 20
    12. Chapter 21