ebook img

CCNP ISCW Official Exam Certification Guide PDF

682 Pages·2007·13.748 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview CCNP ISCW Official Exam Certification Guide

150x01x.book Page i Monday, June 18, 2007 8:52 AM CCNP ISCW Official Exam Certification Guide Brian Morgan, CCIE No. 4865 Neil Lovering, CCIE No. 1772 Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA 150x01x.book Page ii Monday, June 18, 2007 8:52 AM ii CCNP ISCW Official Exam Certification Guide Brian Morgan, Neil Lovering Copyright © 2008 Cisco Systems, Inc. Cisco Press logo is a trademark of Cisco Systems, Inc. Published by: Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the pub- lisher, except for the inclusion of brief quotations in a review. Printed in the United States of America First Printing July 2007 Library of Congress Catalog Card Number 2004117845 ISBN-13: 978-1-58720-150-9 ISBN-10: 1-58720-150-x Warning and Disclaimer This book is designed to provide information about the CCNP 642-825 Implementing Secure Converged Wide Area Networks (ISCW) exam. Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc. shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it. The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc. Trademark Acknowledgments All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affect- ing the validity of any trademark or service mark. Corporate and Government Sales The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales, which may include electronic versions and/or custom covers and content particular to your business, training goals, marketing focus, and brand- ing interests. For more information, please contact: U.S. Corporate and Government Sales 1-800-382-3419 [email protected] For sales outside the United States, please contact: International Sales [email protected] 150x01x.book Page iii Monday, June 18, 2007 8:52 AM iii Feedback Information At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with care and pre- cision, undergoing rigorous development that involves the unique expertise of members from the professional technical community. Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through e-mail at [email protected]. Please make sure to include the book title and ISBN in your message. We greatly appreciate your assistance. Publisher: Paul Boger Cisco Representative: Anthony Wolfenden Associate Publisher: Dave Dusthimer Cisco Press Program Manager: Jeff Brady Executive Editor: Mary Beth Ray Technical Editors: Mark Newcomb and Sean Walberg Managing Editor: Patrick Kanouse Copy Editor: Bill McManus Senior Development Editor: Christopher Cleveland Proofreader: Water Crest Publishing Senior Project Editor: Tonya Simpson Editorial Assistant: Vanessa Evans Cover and Book Designer: Louisa Adair Composition: Mark Shirar Indexer: Ken Johnson 150x01x.book Page iv Monday, June 18, 2007 8:52 AM iv About the Authors Brian Morgan, CCIE No. 4865, is a consulting systems engineer for Cisco, specializing in Unified Communications technologies. He services a number of Fortune 500 companies in architectural, design, and support roles. With more than 15 years in the networking industry, he has served as director of engineering for a large telecommunications company, is a certified Cisco instructor teaching at all levels, from basic routing and switching to CCIE lab preparation, and spent a number of years with IBM Network Services serving many of IBM’s largest clients. He is a former member of the ATM Forum and a long-time member of the IEEE. Neil Lovering, CCIE No. 1772, works as a design consultant for Cisco. Neil has been with Cisco for more than three years and works on large-scale government networking solutions projects. Prior to Cisco, Neil was a network consultant and instructor for more than eight years and worked on various routing, switching, remote connectivity, and security projects for many customers all over North America. Contributing Author Mark Newcomb, CCNP, CCDP, is a retired network security engineer. Mark has more than 20 years of experience in the networking industry, focusing on the financial and medical industries. Mark is a frequent contributor and reviewer for Cisco Press books. Mark also served as a technical reviewer for this book. About the Technical Reviewer Sean Walberg is a network engineer from Winnipeg, Canada. He has worked in ISP, healthcare, and corporate environments, designing and supporting LANs, WANs, and Internet hosting. Sean is the author of CCSA Exam Cram 2 and many articles about UNIX, Linux, and VoIP. He holds a bachelor’s degree in computer engineering and is a registered Professional Engineer. 150x01x.book Page v Monday, June 18, 2007 8:52 AM v Dedications To Beth, Amanda, and Emma: Thank you for your love and support. You make life worth living. —Brian Morgan This book is dedicated to my wife, Jody, and my children, Kevin and Michelle, who together give me the inspiration to learn more and dream bigger. —Neil Lovering 150x01x.book Page vi Monday, June 18, 2007 8:52 AM vi Acknowledgments First and foremost, we would like to acknowledge the sacrifices made by our families in allowing us to make the time to write this book. Without their support, it would not have been possible. Thanks to our friends who were not shy about stepping in for a bit of motivational correction when timelines were slipping. As always, a huge thank you goes to the production team. Mary Beth, Chris, and Tonya suffered no end of frustration throughout this writing. They never fully gave up on it, and for that, we are in their debt. 150x01x.book Page vii Monday, June 18, 2007 8:52 AM vii This Book Is Safari Enabled The Safari® Enabled icon on the cover of your favorite technology book means the book is available through Safari Bookshelf. When you buy this book, you get free access to the online edition for 45 days. Safari Bookshelf is an electronic reference library that lets you easily search thousands of technical books, find code samples, download chapters, and access technical information whenever and wherever you need it. To gain 45-day Safari Enabled access to this book: • Go to http://www.ciscopress.com/safarienabled. • Complete the brief registration form. • Enter the coupon code 3ZR2-AU1P-8FRQ-NAPZ-ZZVJ. If you have difficulty registering on Safari Bookshelf or accessing the online edition, please e-mail [email protected]. 150x01x.book Page viii Monday, June 18, 2007 8:52 AM viii Contents at a Glance Foreword xxi Introduction xxii Part I Part I: Remote Connectivity Best Practices 3 Chapter 1 Describing Network Requirements 5 Chapter 2 Topologies for Teleworker Connectivity 33 Chapter 3 Using Cable to Connect to a Central Site 49 Chapter 4 Using DSL to Connect to a Central Site 75 Chapter 5 Configuring DSL Access with PPPoE 109 Chapter 6 Configuring DSL Access with PPPoA 127 Chapter 7 Verifying and Troubleshooting ADSL Configurations 145 Part II Implementing Frame Mode MPLS 165 Chapter 8 The MPLS Conceptual Model 167 Chapter 9 MPLS Architecture 185 Chapter 10 Configuring Frame Mode MPLS 207 Chapter 11 MPLS VPN Technologies 225 Part III IPsec VPNs 249 Chapter 12 IPsec Overview 251 Chapter 13 Site-to-Site VPN Operations 275 Chapter 14 GRE Tunneling over IPsec 327 Chapter 15 IPsec High Availability Options 353 Chapter 16 Configuring Cisco Easy VPN 375 Chapter 17 Implementing the Cisco VPN Client 411 Part IV Device Hardening 429 Chapter 18 Cisco Device Hardening 431 Chapter 19 Securing Administrative Access 459 Chapter 20 Using AAA to Scale Access Control 491 Chapter 21 Cisco IOS Threat Defense Features 519 Chapter 22 Implementing Cisco IOS Firewalls 536 Chapter 23 Implementing Cisco IDS and IPS 563 Appendix A Answers to the “Do I Know This Already?” Quizzes and Q&A Sections 589 Index 630 150x01x.book Page ix Monday, June 18, 2007 8:52 AM ix Contents Foreword xxi Introduction xxii Part I Remote Connectivity Best Practices 3 Chapter 1 Describing Network Requirements 5 “Do I Know This Already?” Quiz 5 Foundation Topics 9 Describing Network Requirements 9 Intelligent Information Network 9 SONA 11 Networked Infrastructure Layer 13 Interactive Services Layer 13 Application Layer 15 Cisco Network Models 15 Cisco Hierarchical Network Model 16 Campus Network Architecture 17 Branch Network Architecture 19 Data Center Architecture 21 Enterprise Edge Architecture 23 Teleworker Architecture 24 WAN/MAN Architecture 25 Remote Connection Requirements in a Converged Network 27 Central Site 27 Branch Office 27 SOHO Site 28 Integrated Services for Secure Remote Access 28 Foundation Summary 30 Q&A 31 Chapter 2 Topologies for Teleworker Connectivity 33 “Do I Know This Already?” Quiz 33 Foundation Topics 36 Facilitating Remote Connections 36 IIN and the Teleworker 36 Enterprise Architecture Framework 37 Remote Connection Options 38 Traditional Layer 2 Connections 38 Service Provider MPLS VPN 39 Site-to-Site VPN over Public Internet 39 Challenges of Connecting Teleworkers 40 Infrastructure Options 41 Infrastructure Services 42 150x01x.book Page x Monday, June 18, 2007 8:52 AM x Teleworker Components 43 Traditional Teleworker versus Business-Ready Teleworker 45 Foundation Summary 46 Q&A 47 Chapter 3 Using Cable to Connect to a Central Site 49 “Do I Know This Already?” Quiz 49 Foundation Topics 54 Cable Access Technologies 54 Cable Technology Terminology 54 Cable System Standards 56 Cable System Components 56 Cable Features 58 Cable System Benefits 59 Radio Frequency Signals 59 Digital Signals over RF Channels 61 Data over Cable 62 Hybrid Fiber-Coaxial Networks 63 Data Transmission 64 Cable Technology Issues 66 Provisioning Cable Modems 67 Foundation Summary 70 Q&A 72 Chapter 4 Using DSL to Connect to a Central Site 75 “Do I Know This Already?” Quiz 75 Foundation Topics 81 DSL Features 81 POTS Coexistence 83 DSL Limitations 85 DSL Variants 87 Asymmetric DSL Types 87 Symmetric DSL Types 88 ADSL Basics 89 ADSL Modulation 89 CAP 90 DMT 91 Data Transmission over ADSL 93 RFC 1483/2684 Bridging 94 PPP Background 95 PPP over Ethernet 96 Discovery Phase 97 PPP Session Phase 99 PPPoE Session Variables 99 Optimizing PPPoE MTU 100

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.