Table of Contents

Introduction.


1. All About the Cisco Certified Security Professional.
How This Book Can Help You Pass the CCSP Cisco Secure VPN Exam. Overview of CCSP Certification and Required Exams. The Cisco Secure VPN Exam. Topics on the Cisco Secure VPN Exam. Recommended Training Path for the CCSP Certification. Using This Book to Pass the Exam. Final Exam Preparation Tips.

2. Overview of VPN and IPSec Technologies.
How to Best Use This Chapter. “Do I Know This Already?” Quiz. Cisco VPN Product Line. Enabling VPN Applications Through Cisco Products. An Overview of IPSec Protocols. Establishing VPNs with IPSec. Table of Protocols Used with IPSec. IPSec Preconfiguration Processes. Creating VPNs with IPSec.

3. Cisco VPN 3000 Concentrator Series Hardware Overview.
How to Best Use This Chapter. “Do I Know This Already?” Quiz. Major Advantages of Cisco VPN 3000 Series Concentrators. Cisco Secure VPN Concentrators: Comparison and Features. Cisco Secure VPN Client Features. Table of Cisco VPN 3000 Concentrators. Table of Cisco VPN 3000 Concentrator Capabilities.

4. Configuring Cisco VPN 3000 for Remote Access Using Preshared Keys.
How to Best Use This Chapter. “Do I Know This Already?” Quiz. Using VPNs for Remote Access with Preshared Keys. VPN Concentrator Configuration. Installing and Configuring the VPN Client. Types of Preshared Keys. VPN 3000 Concentrator CLI Quick Configuration Steps. VPN 3000 Concentrator Browser-Based Manager Quick Configuration Steps. VPN Client Installation Steps. VPN Client Configuration Steps. VPN Client Program Options. Limits for Number of Groups and Users. Complete Configuration Table of Contents. Complete Administration Table of Contents. Complete Monitoring Table of Contents. Scenario 4-1. Scenario 4-2. Scenario 4-1 Answers. Scenario 4-2 Answers.

5. Configuring Cisco VPN 3000 for Remote Access Using Digital Certificates.
How to Best Use This Chapter. “Do I Know This Already?” Quiz. Digital Certificates and Certificate Authorities. Digital Certificate Support Through the VPN 3000 Concentrator Series Manager. Configuring the VPN Client for CA Support. PKCS #10 Certificate Request Fields. X.509 Identity Certificate Fields. Types of Digital Certificates. Types of CA Organization. Certificate Validation and Authentication Process. Internet-Based Certificate Authorities. Certificate Management Applications. Scenario 5-1. Scenario 5-2. Scenario 5-1 Answers. Scenario 5-2 Answers.

6. Configuring the Cisco VPN Client Firewall Feature.
How to Best Use This Chapter. “Do I Know This Already?” Quiz. Cisco VPN Client Firewall Feature Overview. Firewall Configuration Overview. Configuring Firewall Filter Rules. Configuring the Stateful Firewall. Configuring the VPN Concentrator for Firewall Usage. Monitoring VPN Client Firewall Statistics. Enabling Automatic Client Update Through the Cisco VPN 3000 Concentrator Series Manager. Cisco VPN Client Firewall Feature Overview. Stateful Firewall (Always On) Feature. Cisco Integrated Client. Centralized Protection Policy. Are You There Feature. Configuring Firewall Filter Rules. Action. Configuring the Stateful Firewall. Configuring the VPN Concentrator for Firewall Usage. Firewall. Firewall Policy. Monitoring VPN Client Firewall Statistics. Scenario 6-1. Scenario 6-1 Answers.

7. Monitoring and Administering the VPN 3000 Series Concentrator.
How Best to Use This Chapter. “Do I Know This Already?” Quiz. Administering the Cisco VPN 3000 Series Concentrator. Monitoring the Cisco VPN 3000 Series Concentrator. Administering the Cisco VPN 3000 Series Concentrator. Administer Sessions. Software Update. System Reboot. Ping. Monitoring Refresh. Access Rights. Administrators. Access Control List. Access Settings. AAA Servers. Authentication. File Management. Certificate Manager. Monitoring the Cisco VPN 3000 Series Concentrator. System Status. Sessions. Top Ten Lists. Statistics. MIB II Statistics.

8. Configuring Cisco 3002 Hardware Client for Remote Access.
How to Best Use This Chapter. “Do I Know This Already?” Quiz. Configure Preshared Keys. Unit and User Authentication for the VPN 3002 Hardware Client. Configure Preshared Keys. Troubleshooting IPSec. Client and LAN Extension Modes. Split Tunnel. Configuring Individual User Authentication on the VPN 3000 Concentrator. Scenario 8-1. Scenario 8-2. Scenario 8-1 Answers. Scenario 8-2 Answers.

9. Configuring Scalability Features of the VPN 3002 Hardware Client.
How to Best Use This Chapter. “Do I Know This Already?” Quiz. VPN 3002 Hardware Client Reverse Route Injection. VPN 3002 Hardware Client Backup Servers. VPN 3002 Hardware Client Load Balancing. Overview of Port Address Translation. IPSec on the VPN 3002 Hardware Client. Configuring Auto-Update for the VPN 3002 Hardware Client. Monitoring Auto-Update Events. Table of RRI Configurations. Backup Servers. Load Balancing. Comparing NAT and PAT. IPSec Over TCP/IP. IPSec Over UDP. Troubleshooting IPSec. Auto-Update. Scenario 9-1. Scenario 9-1 Answers.

10. Cisco VPN 3000 LAN-to-LAN with Preshared Keys.
How to Best Use This Chapter. “Do I Know This Already?” Quiz. Overview of LAN-to-LAN VPN. LAN-to-LAN Configuration. SCEP Overview. Maximum Certificates. Enrollment Variables.

11. Scenarios.
Example Corporation. Site Descriptions. Scenario 11-1The Basics. Scenario 11-2Portland. Scenario 11-3Seattle. Scenario 11-4Memphis. Scenario 11-5Richmond. Scenario 11-6Terry and Carol. Scenario 11-1 Answers. Scenario 11-2 Answers. Scenario 11-3 Answers. Scenario 11-4 Answers. Scenario 11-5 Answers. Scenario 11-6 Answers.

Appendix A. Answers to the “Do I Know This Already?” Quizzes and Q&A Sections.


Index.

Promotional Information

As security demands continue to increase for enterprise and service provider networks, the number of employees working from remote locations requiring an efficient and rapid virtual private network connection grows as well. The Cisco Secure line of products and services are focused on providing the seamless operation of these remote networks with the maximum level of security available. Organizations using this suite of products and services need networking professionals with proven skills at getting the highest levels of both security and network operability. This need has created a booming demand for the Cisco Systems security certifications that verify those skills and abilities. The CSVPN exam is one of the components of the Cisco Systems security designation. CSS-1 Cisco Secure VPN Exam Certification Guide provides CSVPN exam candidates with a comprehensive preparation tool for testing success. With pre- and post-chapter tests, a CD-ROM-based testing engine with more than 200 questions, and comprehensive training on all exam topics, this title brings the proven exam preparation tools from the popular Cisco Press Exam Certification Guide series to the CSVPN candidate.

About the Author

John F. Roland, CCNP(r), CCDP(r), CSS-1, MCSE, is a security specialist working for Ajilon Consulting. John has worked in the IT field for more than 22 years, from COBOL programming on IBM mainframes, LAN/WAN design and implementation on U.S. military networks, and, more recently, to the development of Cisco and Microsoft certification training materials.

Mark J. Newcomb, CCNP, CCDP, is the owner and lead security engineer for Secure Networks in Spokane, Washington. Mark has more than 20 years of experience in the networking industry. The last six years have been devoted to designing security solutions for a wide variety of clients throughout the Pacific Northwest. He is the co-author of Cisco Secure Internet Security Solutions by Cisco Press, as well as two other networking books.