Atjaunināt sīkdatņu piekrišanu

E-grāmata: CCNP Security Virtual Private Networks SVPN 300-730 Official Cert Guide

4.88/5 (16 ratings by Goodreads)
, ,
  • Formāts: 496 pages
  • Sērija : Official Cert Guide
  • Izdošanas datums: 07-Dec-2021
  • Izdevniecība: Cisco Press
  • Valoda: eng
  • ISBN-13: 9780136634867
Citas grāmatas par šo tēmu:
  • Formāts - EPUB+DRM
  • Cena: 45,07 €*
  • * ši ir gala cena, t.i., netiek piemērotas nekādas papildus atlaides
  • Ielikt grozā
  • Pievienot vēlmju sarakstam
  • Šī e-grāmata paredzēta tikai personīgai lietošanai. E-grāmatas nav iespējams atgriezt un nauda par iegādātajām e-grāmatām netiek atmaksāta.
CCNP Security Virtual Private Networks SVPN 300-730 Official Cert GuidePalielināt
  • Formāts: 496 pages
  • Sērija : Official Cert Guide
  • Izdošanas datums: 07-Dec-2021
  • Izdevniecība: Cisco Press
  • Valoda: eng
  • ISBN-13: 9780136634867
Citas grāmatas par šo tēmu:

DRM restrictions

  • Kopēšana (kopēt/ievietot):

    nav atļauts

  • Drukāšana:

    nav atļauts

  • Lietošana:

    Digitālo tiesību pārvaldība (Digital Rights Management (DRM))
    Izdevējs ir piegādājis šo grāmatu šifrētā veidā, kas nozīmē, ka jums ir jāinstalē bezmaksas programmatūra, lai to atbloķētu un lasītu. Lai lasītu šo e-grāmatu, jums ir jāizveido Adobe ID. Vairāk informācijas šeit. E-grāmatu var lasīt un lejupielādēt līdz 6 ierīcēm (vienam lietotājam ar vienu un to pašu Adobe ID).

    Nepieciešamā programmatūra
    Lai lasītu šo e-grāmatu mobilajā ierīcē (tālrunī vai planšetdatorā), jums būs jāinstalē šī bezmaksas lietotne: PocketBook Reader (iOS / Android)

    Lai lejupielādētu un lasītu šo e-grāmatu datorā vai Mac datorā, jums ir nepieciešamid Adobe Digital Editions (šī ir bezmaksas lietotne, kas īpaši izstrādāta e-grāmatām. Tā nav tas pats, kas Adobe Reader, kas, iespējams, jau ir jūsu datorā.)

    Jūs nevarat lasīt šo e-grāmatu, izmantojot Amazon Kindle.

Trust the best-selling Official Cert Guide series from Cisco Press to help you learn, prepare, and practice for exam success. They are built with the objective of providing assessment, review, and practice to help ensure you are fully prepared for your certification exam.

CCNP Security Virtual Private Networks SVPN 300-730 Official Cert Guide presents you with an organized test preparation routine using proven series elements and techniques. Do I Know This Already? quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.



* Master Implementing Secure Solutions with Virtual Private Networks (SVPN) 300-730 exam topics * Assess your knowledge with chapter-opening quizzes * Review key concepts with exam preparation tasks * Practice with realistic exam questions in the practice test software



CCNP Security Virtual Private Networks SVPN 300-730 Official Cert Guide from Cisco Press enables you to succeed on the exam the first time and is the only self-study resource approved by Cisco. Three leading Cisco security technology experts share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.



This complete study package includes * A test-preparation routine proven to help you pass the exams * Do I Know This Already? quizzes, which enable you to decide how much time you need to spend on each section * Chapter-ending exercises, which help you drill on key concepts you must know thoroughly * The powerful Pearson Test Prep Practice Test software, with two full exams comprised of well-reviewed, exam-realistic questions, customization options, and detailed performance reports * A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies * Study plan suggestions and templates to help you organize and optimize your study time



Well regarded for its level of detail, study plans, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that ensure your exam success.

This official study guide helps you master all the topics on the Implementing Secure Solutions with Virtual Private Networks (SVPN) 300-730 exam, deepening your knowledge of * Site-to-site virtual private networks on routers and firewalls * Remote access VPNs * Troubleshooting using ASDM and CLI * Secure communications architectures Companion Website: The companion website contains two full practice exams, an interactive Flash Cards application, a Study Planner, Glossary, and more. Includes Exclusive Offers for Up to 80% Off Video Training, Practice Tests, and more



Pearson Test Prep online system requirements:

Browsers: Chrome version 73 and above, Safari version 12 and above, Microsoft Edge 44 and above.



Devices: Desktop and laptop computers, tablets running Android v8.0 and above or iPad OS v13 and above, smartphones running Android v8.0 and above or iOS v13 and above with a minimum screen size of 4.7.

Pearson Test Prep offline system requirements:

Windows 10, Windows 8.1; Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam; access to the Internet to register and download exam databases



Also available from Cisco Press for CCNP Security study is the CCNP Security Virtual Private Networks SVPN 300-730 Official Cert Guide Premium Edition eBook and Practice Test. This digital-only certification preparation product combines an eBook with enhanced Pearson Test Prep Practice Test.



This integrated learning package * Enables you to focus on individual topic areas or take complete, timed exams * Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions * Provides unique sets of exam-realistic practice questions * Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most
Introduction xxxi
Part I Virtual Private Networks (VPN)
Chapter 1 Understanding the Implementing Secure Solutions with Virtual Private Networks SVPN 300-730 Exam
2(12)
Why Learn VPN Technology
2(4)
The Cisco Certification Program
6(2)
The SVPN 300-730 Exam
8(5)
Exam Preparation
13(1)
Summary
13(1)
Chapter 2 Introduction to Virtual Private Networks (VPN)
14(36)
"Do I Know This Already?" Quiz
15(2)
Foundation Topics
17(1)
VPN Offerings
17(6)
VPN Technologies vs. Services
17(1)
Remote Access VPNs
18(1)
Remote Access VPN Use Cases
19(1)
Site-to-Site VPNs
20(1)
Hub-and-Spoke Design
20(1)
Spoke-to-Spoke Design
20(1)
Full Mesh Design
21(1)
Hybrid Design
21(1)
Tiered Hub-and-Spoke Design
22(1)
VPN Technology Components
23(6)
Hardware VPN Support
23(1)
Routers
23(3)
Security Appliances
26(2)
VPN Clients
28(1)
Other VPN Clients
29(1)
VPN Protocols
29(4)
Point-to-Point Tunneling Protocol (PPTP)
30(1)
PPTP Pitfalls
30(1)
Secure Socket Tunneling Protocol (SSTP)
31(1)
SSL/TLS
31(1)
IPsec with IKE
31(1)
IPsec with IKEv2
32(1)
Easy VPN
32(1)
L2TP
32(1)
VPN Protocol Comparison
33(1)
Cisco VPN Portfolio
33(8)
DMVPN
33(1)
DMVPN Use Cases
33(1)
Group Encrypted Transport VPN (GETVPN)
33(1)
Flex VPN
34(1)
SSL VPN
34(1)
SSL VPN Use Cases
34(1)
Site-to-Site VPN Comparison
34(3)
Cisco ASA Licensing
37(1)
Time-Based License
37(1)
Licensing Options
38(1)
Cisco Secure Firewall Series for Site-to-Site VPNs
39(1)
Cisco Secure Firewall Limitations
39(1)
Cisco Meraki Licensing
40(1)
Cisco Meraki VPN Options
40(1)
Cisco Security Appliance Management
41(1)
Cisco Security Management Options
41(1)
VPN Logging
42(5)
Logging Collection Points
42(1)
ASA Logging
42(1)
SIEM
43(1)
VPN Client Logging
44(1)
DART
44(1)
Logging Challenges
45(2)
Summary
47(1)
References
47(1)
Exam Preparation Tasks
48(1)
Review All Key Topics
48(1)
Complete Tables and Lists from Memory
48(1)
Define Key Terms
48(2)
Part II Site-to-Site VPN
Chapter 3 Site-to-Site VPNs
50(56)
"Do I Know This Already?" Quiz
51(2)
Foundation Topics
53(1)
Site-to-Site VPN Architecture
54(1)
Site-to-Site Design Considerations
54(1)
Scoping a Project
54(1)
Site-to-Site Components
55(7)
Routers vs. Security Appliances
55(1)
Cisco Security Appliances for Site-to-Site VPNs
56(1)
IPsec
56(1)
Authentication Header
56(1)
Encapsulating Security Payload
57(1)
Comparing AH and ESP
57(1)
ISAKMP
58(1)
IKE Security Association
58(1)
IKE Version 1 and 2
58(2)
Key IKE Concepts
60(1)
IKE Authentication
61(1)
VPN Tunnel Concepts
62(4)
IPsec Tunnel Mode
63(1)
IPsec Transport Mode
63(1)
Certificate Authorities
64(1)
Crypto Map Concepts
64(1)
GETVPN/DMVPN/FlexVPN
64(1)
GETVPN
65(1)
DMVPN
65(1)
FlexVPN
65(1)
Router Configuration with IKEvl
66(12)
Planning the VPN
67(1)
Configuring the Tunnel
68(1)
Why Use GRE with IPsec?
68(1)
Configuring a GRE Tunnel
68(2)
Configuring Network Address Translation
70(1)
NAT Example
71(1)
Configuring Encryption and IPsec
72(1)
IKE Policy Example
73(1)
Authentication Options
73(1)
Pre-shared Key Example
74(1)
Digital Certificate Example
74(1)
Configuring a Crypto Map
75(1)
Crypto Map Example
76(1)
Applying Crypto Maps
77(1)
Configuring QoS
78(1)
Router Configuration with IKEv2
78(5)
Primary Router Configuration Example
78(1)
Defining the 1KEv2 Keyring
78(1)
Defining the IKEv2 Proposal
79(1)
Defin ing lKEv2 Policies
79(1)
Defining a Crypto ACL for IPsec Secured Traffic
79(1)
Defining a Transform Set
80(1)
Defining an IKEv2 Profile
80(1)
Defining Crypto Maps
80(1)
Activating Crypto Maps
81(1)
Repeating Similar Steps for the Other Router
81(2)
Appliance Configuration
83(16)
ASDM Example
83(4)
ASA Command-Line Example
87(6)
Cisco Secure Firewall Example
93(4)
Cisco Meraki Example
97(2)
High Availability
99(5)
High Availability Options
100(1)
High Availability Considerations
101(1)
High Availability Costs
102(1)
High Availability Technology Considerations
102(1)
Bidirectional Forwarding Detection
103(1)
IOS Failover Example
103(1)
Summary
104(1)
References
104(1)
Exam Preparation Tasks
105(1)
Review All Key Topics
105(1)
Complete Tables and Lists from Memory
105(1)
Define Key Terms
105(1)
Chapter 4 Group Encrypted Transport VPN (GETVPN)
106(24)
"Do I Know This Already?" Quiz
107(2)
Foundation Topics
109(1)
MPLS Security Challenges
109(2)
GETVPN Overview
111(2)
GDOI Protocol
111(2)
GETVPN Benefit Summary
113(1)
GETVPN Components
113(3)
GETVPN Key Server
113(2)
GETVPN Group Member
115(1)
GETVPN GDOI Protocol
115(1)
GETVPN Security Controls
115(1)
Rekeying
115(1)
TBAR
115(1)
IP-D3P
116(1)
GETVPN Design Considerations
116(1)
GETVPN Fault Tolerance Considerations
116(1)
Key GETVPN Considerations
117(1)
GETVPN Implementation and Configuration
117(2)
Configuring a Key Server
119(1)
IKE Phase 1 Policy
119(1)
Key Server PSK Authentication
120(1)
IKE Phase 2 Policy
120(1)
Key Server RSA Key
120(1)
Key Server GDOI
120(1)
Unicast Rekeying Parameters
120(1)
Key Server Policy Access List
121(1)
Configuring Group Members
121(1)
Group Member IKE Phase 1 Policy
121(1)
Group Member PSK Authentication
122(1)
Group Member GDOI Information
122(1)
Crypto Maps
123(1)
GETVPN Status Commands
123(5)
Group Member Show Commands
126(2)
GETVPN Status Commands Summary
128(1)
Summary
128(1)
References
129(1)
Exam Preparation Tasks
129(1)
Review All Key Topics
129(1)
Complete Tables and Lists from Memory
129(1)
Define Key Terms
129(1)
Chapter 5 Dynamic Multipoint Virtual Private Network (DMVPN)
130(34)
"Do I Know This Already?" Quiz
131(3)
Foundation Topics
134(1)
DMVPN Overview
134(3)
Legacy Crypto Map VPN Solutions
135(1)
Modern VPN Needs
135(1)
DMVPN Risks
136(1)
DMVPN Core Concepts
136(1)
DMVPN Example
136(1)
DVMPN Network Components
137(3)
mGRE
137(1)
GRE and mGRE Advantages
138(1)
NHRP
138(1)
NHRP Example
139(1)
Remaining DMVPN Components
139(1)
Solution Breakdown
139(1)
DMVPN Design Considerations
140(4)
DMVPN Planning
140(1)
DMVPN Fault Tolerance Considerations
141(1)
Key DMVPN Considerations
141(1)
DMVPN Phases
141(1)
DMVPN Phase 1
141(1)
DMVPN Phase 2
141(2)
DMVPN Phase 3
143(1)
DMVPN Phase 1 Hub-and-Spoke Implementation
144(10)
Crypto IPsec Policy Configuration
145(1)
Creating an IKE Policy
145(1)
Creating Pre-shared Key Authentication Credentials
146(1)
Creating a Profile
147(1)
Creating a Transform Set
148(1)
GRE Tunnel Configuration
148(1)
Creating a Multipoint GRE Tunnel on the Hub
148(1)
Creating a GRE Tunnel on the Spoke
149(1)
NHRP Hub-and-Spoke Configuration
150(1)
Configure NHRP on the Hub
150(1)
Configure NHRP on the Spoke
150(1)
Configure Tunnel Protection
151(1)
Configure Tunnel Optional Parameters
152(1)
Routing Protocol Configuration
152(1)
Configure Routing on the Hub
152(1)
Configure Routing on the Spoke Using IPV
153(1)
Configure Routing on the Spoke Using IPV6
153(1)
DMVPN Phase 2 Spoke-to-Spoke Implementation
154(1)
IPsec for Spoke-to-Spoke
154(1)
Spoke-to-Spoke Routing
154(1)
IPv6 Spoke-to-Spoke Routing Configuration
155(1)
DMVPN Phase 3 Spoke-to-Spoke Implementation
155(1)
Enable NHRP Redirects on the Hub
155(1)
Enable NHRP Shortcuts on the Spoke
156(1)
DMVPN Troubleshooting
156(4)
Troubleshooting the Crypto IPsec Policy Configuration
156(1)
Troubleshooting IKE Phase 2
157(1)
Troubleshooting the GRE Tunnel Configuration
157(1)
Validating the Tunnel
158(1)
Troubleshooting the NHRP Hub-and-Spoke Configuration
158(1)
NHRP Registration
158(1)
Tunnel Configuration
158(1)
Debugging
159(1)
Troubleshoot the Routing Configuration
159(1)
DMVPN Troubleshooting Summary
160(1)
Summary
160(1)
References
161(1)
Exam Preparation Tasks
161(1)
Review All Key Topics
161(1)
Complete Tables and Lists from Memory
162(1)
Define Key Terms
162(2)
Chapter 6 FlexVPN Configuration and Troubleshooting
164(36)
"Do I Know This Already?" Quiz
165(3)
Foundation Topics
168(1)
Flex VPN Overview
168(4)
Flex VPN Advantages
169(1)
Modular Framework
169(1)
Configuring Service Parameters
169(1)
IKEu2 Benefits Summarized
169(1)
Flex VPN Versus Other Options
170(1)
Benefits of IKEv2
171(1)
FlexVPN Requirements
171(1)
FlexVPN Components
172(2)
FlexVPN Component Roles
173(1)
FlexVPN Smart Defaults
173(1)
Router Smart Defaults
174(1)
FlexVPN Design Considerations
174(1)
FlexVPN Planning
174(1)
Key FlexVPN Consideration
175(1)
FlexVPN Implementation: Hub-and-Spoke (IPv4/IPv6)
175(11)
Hub-and-Spoke Configuration Summary
176(1)
Step 1 IKEv2 Proposal and IKEv2 Policy Configuration
177(1)
FlexVPN IKEv2 Proposal
177(1)
FlexVPN Transform Set
178(1)
Step 2 IKEv2 Authorization Policy Configuration
178(1)
AAA
178(1)
Hub Pool
179(1)
ACL Perm itting Traffic
179(1)
Attach to Authorization Policy
180(1)
Step 3 Keyring and IKEv2 Profile Configuration
180(1)
Keyring
180(1)
IKEv2 Profile
181(1)
Step 4 IPsec Profile Configuration
182(1)
Create Loopback Address
182(1)
Virtual Template
183(1)
Pre-shared IKEv2 Keyring
183(1)
FlexVPN Spoke Configuration
183(1)
Spoke AAA Configuration
183(1)
Spoke Access List
184(1)
Spoke Keyring
184(1)
Spoke Authorization Policy
184(1)
Spoke lKEv2 Profile
185(1)
Spoke IPsec Profile
185(1)
Spoke Tunnel Interface
186(1)
FlexVPN Implementation: Spoke-to-Spoke (IPv4/IPv6)
186(5)
FlexVPN NHRP
187(1)
FlexVPN Spoke-to-Spoke Spoke Router
188(1)
Spoke-to-Spoke Keyring
188(1)
Spoke-to-Spoke Route Injection
188(1)
Spoke-to-Spoke IKEv2 Profile
189(1)
Spoke-to-Spoke Add NHRP
189(1)
Spoke-to-Spoke Virtual Template
190(1)
FlexVPN Troubleshooting
191(6)
Connectivity Troubleshooting
192(1)
Step 1 IKEv2 Proposal and IKEv2 Policy Troubleshooting
192(1)
IKEv2 Debugging
193(1)
Step 2 IKEv2 Authorization Policy Troubleshooting
193(1)
Step 3 Keyring and IKEv2 Profile Troubleshooting
194(1)
Step 4 IPsec Profile Troubleshooting
194(1)
NHRP Troubleshooting
195(2)
Summary
197(1)
References
197(1)
Exam Preparation Tasks
198(1)
Review All Key Topics
198(1)
Complete Tables and Lists from Memory
198(1)
Define Key Terms
198(2)
Part III Remote Access Virtual Private Network
Chapter 7 Remote Access VPNs
200(58)
"Do I Know This Already?" Quiz
202(2)
Foundation Topics
204(1)
Remote VPN Architecture
205(2)
NAS and Client-Side Software
205(1)
Remote Access Technology Considerations
206(1)
Remote Access Components
207(16)
Remote Access Capable Routers
207(1)
Remote Access Capable Security Appliances
208(1)
AnyConnect Secure Mobility Client
209(1)
User Experience
209(1)
AnyConnect Protocol Support
209(1)
AnyConnect Security Capabilities
210(1)
AnyConnect Platform Support
210(1)
AnyConnect Profile Editor
211(1)
AnyConnect VPN Profile Example
212(2)
VPN Connection Profiles, Group Policies, and Users
214(1)
Group Policies
214(1)
Connection Profiles
214(1)
Split Tunneling
215(1)
Split Tunneling Configuration
216(3)
SSL VPN/Web VPN
219(1)
WebVPN Example
220(1)
SSL VPN Options
221(1)
SSL VPN Licensing
222(1)
Encryption Algorithms
223(5)
Encryption Trends
223(1)
Encryption Algorithm Categories
223(1)
Comparing Encryption Options
224(1)
Elliptic Curve Cryptography Algorithms
225(1)
ECC Threats
225(1)
Encryption Algorithm Math
225(1)
ECC Math
226(1)
Combining ECC with Other Algorithms
227(1)
Applying Elliptic Curve Cryptography to a VPN
227(1)
Diffie Hellman Groups
228(1)
High Availability
228(2)
Load Balancing
229(1)
Failover Design
229(1)
Load Balancing Considerations
229(1)
Cisco ASDM Remote Access Configuration
230(7)
Cisco ASA CLI Remote Access Configuration
237(4)
Default Tunnel Groups
239(2)
Cisco Secure Firewall Remote Access VPN
241(7)
Cisco Secure Firewall Features
241(7)
Cisco Meraki Remote Access VPN
248(2)
Meraki Remote Access Configuration Example
249(1)
Router Configuration
250(5)
Key Concepts for Remote Access on Routers
251(1)
Remote Access on Router Configuration Example
251(4)
Summary
255(1)
References
256(1)
Exam Preparation Tasks
257(1)
Review All Key Topics
257(1)
Complete Tables and Lists from Memory
257(1)
Define Key Terms
257(1)
Chapter 8 Clientless Remote Access SSL VPNs on the ASA
258(48)
"Do I Know This Already?" Quiz
259(1)
Foundation Topics
260(1)
Clientless SSL VPN Overview
261(2)
ASA as a Proxy
262(1)
Cisco VPN Options
262(1)
Clientless SSL VPN Prerequisites
263(4)
Software Licenses
263(1)
License Options
264(1)
AnyConnect Plus Subscription and Perpetual
264(1)
AnyConnect Apex Subscription
264(1)
AnyConnect VPN Only Perpetual License
264(1)
License Option Summary
265(1)
Software Support Requirements
266(1)
Clientless SSL VPN Prerequisites Summary
267(1)
Basic Clientless SSL VPN Configuration
267(20)
Step 1 Installing an Identity Certificate
268(1)
Generating a New RSA Key Pair Using ASDM
268(1)
Generating a New RSA Key Pair Using CLI
269(1)
Creating an Identity Certificate Request Using ASDM
269(1)
Creating an Identity Certificate Request Using CLI
270(1)
Installing a Signed Identity Certificate Using ASDM
271(1)
Installing a Signed Identity Certificate Using CLI
272(1)
Step 2 Applying an Identity Certificate to the Interface(s)
273(1)
Applying the Identity Certificate Using ASDM
273(1)
Applying the Identity Certificate Using CLI
274(1)
Step 3 Enabling Clientless SSL VPN on an Interface
274(1)
Enable Clientless SSL VPN Interface Using ASDM
274(1)
Enable Clientless SSL VPN Interface Using CLI
275(1)
Step 4 Configuring Group Policies
276(1)
Group Policy Selection
276(1)
Creating Group Policies Using ASDM
277(1)
Creating Group Policies Using CLI
277(1)
Group Policy Attributes for Clientless SSL VPNs
278(1)
WebVPN Group Policy Attributes
279(1)
WebVPN Group Policy us. Group Policy Attributes
280(1)
Step 5 Configuring Connection Profiles
280(1)
Default Connect Profiles
281(1)
Creating a Connection Profile Using ASDM
281(1)
Creating a Connection Profile Using CLI
282(1)
Connection Profile General Attributes
283(1)
Connection Profile WebVPN Attributes
283(1)
Step 6 Configuring User Authentication
284(1)
Authentication Servers
285(1)
Configuring Authentication Using ASDM
286(1)
Configuring Local Authentication Using CLI
287(1)
Extended Clientless SSL VPN Configuration Options
287(15)
Configuring Bookmarks
287(1)
Bookmark Support
288(1)
Creating a Bookmark List
289(1)
Applying the Bookmark List to a Group Policy Using ASDM
290(1)
Applying the Bookmark List to a Group Policy Using CLI
291(1)
Configuring Web ACLs
291(1)
Web ACL Support
291(1)
Creating a Web ACL Using ASDM
292(1)
Creating a Web ACL Using CLI
293(1)
Applying a Web ACL to a Group Policy Using ASDM
293(1)
Applying a Web ACL to a Group Policy Using CLI
294(1)
Configuring Application Access via Port Forwarding
294(1)
Creating a Port Forwarding List Using ASDM
295(1)
Creating a Port Forwarding List Using CLI
295(1)
Applying a Port Forwarding List to a Group Policy Using ASDM
296(1)
Applying a Port Forwarding List to a Group Policy Using ASDM
296(1)
Configuring Application Access via Smart Tunnels
297(1)
Smart Tunnel Requirements
297(1)
Smart Tunnel Benefits
298(1)
Creating a Smart Tunnel List Using ASDM2
298(1)
Creating a Smart Tunnel List Using ASDM
299(1)
Applying the Smart Tunnel List to a Group Policy Using ASDM
300(1)
Applying the Smart Tunnel List to a Group Policy Using CLI
300(1)
Configuring Client/Server Plug-ins
301(1)
Obtaining Plug-ins
301(1)
Summary
302(1)
References
302(1)
Exam Preparation Tasks
303(1)
Review All Key Topics
303(1)
Complete Tables and Lists from Memory
303(1)
Define Key Terms
303(1)
Use the Command Reference to Check Your Memory
304(2)
Chapter 9 AnyConnect VPNs on the ASA and IOS
306(1)
"Do I Know This Already?" Quiz
307(2)
Foundation Topics
309(1)
AnyConnect VPN Review
310(1)
SSL VPN Versus IKEv2
310(1)
AnyConnect SSL VPN VPN Prerequisites on ASA
310(2)
AnyConnect Licenses
311(1)
Supported Operating Systems
311(1)
Compatible Browsers
311(1)
Administrative Privileges
311(1)
Basic AnyConnect SSL VPN Configuration on ASA
312(19)
Step 1 Installing an Identity Certificate
312(1)
Step 2 Loading an AnyConnect Package
312(1)
Loading an AnyConnect Package Using ASDM
313(1)
Loading an AnyConnect Package Using CLI
314(1)
Step 3 Enabling AnyConnect VPN Client SSL Access
315(1)
Enabling AnyConnect VPN Using ASDM
315(1)
Enabling AnyConnect VPN Using CLI
315(1)
Step 4 Configuring a Group Policy
316(1)
Configure Group Policy Using ASDM
317(1)
Configure Group Policy Using CLI
318(1)
Step 5 Configuring an AnyConnect Connection Profile
319(1)
Configuring an AnyConnect Connection Profile Using ASDM
319(1)
Configuring an AnyConnect Connection Profile Using CLI
320(2)
Configuring a Group URL for an AnyConnect Connection Profile Using ASDM
322(1)
Configuring a Group URL for an AnyConnect Connection Profile Using CLI
323(1)
Step 6 Configuring User Authentication
324(1)
Creating a AAA Server Group Using ASDM
324(1)
Creating a AAA Server Group Using CLI
325(1)
Adding RADIUS Servers to a AAA Server Group Using ASDM
325(1)
Adding RADIUS Servers to a AAA Server Group Using CLI
326(1)
Configuring a Connection Profile to Use the RADIUS Server Group Using ASDM
326(1)
Configuring a Connection Profile to Use the RADIUS Server Group Using CLI
327(1)
Step 7 Defining an Address Pool
328(1)
Creating an Address Pool Using ASDM
328(1)
Creating an Address Pool Using CLI
328(1)
Applying the Address Pool to a Group Policy Using ASDM
329(1)
Applying the Address Pool to a Group Policy Using CLI
330(1)
AnyConnect Installation
330(1)
Connecting from the AnyConnect Client
331(1)
Extended AnyConnect SSL VPN Configuration on ASA
331(6)
Configuring DNS and WINS Using ASDM
332(1)
Configuring DNS and WINS Using CLI
332(1)
Configuring Split Tunneling Using ASDM
333(2)
Configuring Split Tunneling Using CLI
335(1)
Configuring a Traffic Filter Using ASDM
335(1)
Configuring a Traffic Filter Using CLI
336(1)
AnyConnect IKEv2 VPN on ASA
337(5)
Step 1 Enabling IPsec (IKEv2)
337(1)
Configuring IPsec (IKEv2) Using ASDM
337(1)
Configuring IPsec (IKEv2) Using CLI
338(2)
Step 2 Configuring an AnyConnect Client Profile for IKEv2
340(1)
Profile Storage
340(1)
Creating AnyConnect Client Profile for IKEv2 Using ASDM
341(1)
AnyConnect IKEv2 VPN on Routers
342(15)
Step 1 Configuring PKI
343(1)
Generating a Key Pair
343(1)
Creating a Trustpoint
344(1)
Trust Point Policy
344(1)
Configuring a Trustpoint
345(1)
Define Trust Policy
345(1)
Disable FQDN
345(1)
Importing the Root CA Certificate
345(1)
Generating a Certificate Signing Request (CSR)
346(1)
Importing the Signed Server Certificate
347(2)
Step 2 Disabling the HTTP and HTTPS Servers on the Router
349(1)
Step 3 Configuring AAA
349(1)
Step 4 Creating an IKEv2 Authorization Policy
349(1)
Step 5 Creating an IKEv2 Profile
350(1)
Create New IKEv2 Profile
350(1)
Identifying Match Criteria
350(1)
RSA Certificate Authentication
351(1)
Authenticating Remote Users
351(1)
Authentication List
351(1)
Virtual Template
351(1)
AnyConnect Client Profile
351(1)
Configuration Summary
351(1)
Step 6 Creating a Virtual Template
352(1)
Creating the AnyConnect Client Profile
353(1)
AnyConnect Profile Editor
354(1)
Copying to the Router
355(1)
Reboot
356(1)
Configuring Split Tunneling
357(1)
Summary
357(1)
References
358(1)
Exam Preparation Tasks
358(1)
Review All Key Topics
358(1)
Complete Tables and Lists from Memory
359(1)
Define Key Terms
359(1)
Use the Command References to Check Your Memory
359(3)
Chapter 10 Troubleshooting Remote Access VPNs
362(56)
"Do I Know This Already?" Quiz
363(2)
Foundation Topics
365(1)
Troubleshooting Clientless SSL VPNs on the ASA
366(19)
Troubleshooting Categories
366(1)
Step 0 SSL VPN Components
367(1)
Step 1 Connectivity Troubleshooting
368(1)
Troubleshooting Questions
368(1)
Exam-Focused Connectivity Troubleshooting
368(2)
ASA WebVPN Service
370(1)
Troubleshooting Certificates
370(1)
Applied Certificates
371(1)
Full Certificate Chain
371(1)
Correct Certificate
371(1)
Certificate Debug Commands
371(1)
The capture Command
372(1)
Connectivity Troubleshooting Summary
372(1)
Step 2 Login Troubleshooting
372(1)
Connection Profile Group URL
373(1)
Viewing Group URLs
373(1)
Profile Selection
373(1)
Authentication
374(1)
ASA Authentication Testing
375(1)
Debug ASA to Authentication System
375(1)
Authorization
375(1)
Authorization Debugging
376(1)
Group Policy
377(1)
Group Policy Validation Using CLI
378(1)
Login Troubleshooting Summary
378(1)
Step 3 Clientless WebVPN Service Issues
379(1)
Validating WebVPN Service Details
380(1)
WebVPN Debugging
380(1)
Validating DNS Configuration
381(1)
ASA Plug-ins
381(1)
Bookmarks
382(1)
DAP and Bookmarks
383(1)
DNS and Bookmarks
383(1)
WebVPN Services Troubleshooting Summary
383(1)
Step 4 Application Access
383(1)
ASA-to-Application Connectivity
384(1)
Application-to-ASA Connectivity with Port Forwarding
384(1)
Application Troubleshooting Summary
384(1)
Troubleshooting AnyConnect SSL VPNs on the ASA
385(15)
Step 1 Connectivity Troubleshooting
386(1)
Step 2 Login Troubleshooting
387(1)
Step 3 Network Access Troubleshooting
387(1)
AnyConnect Enabled
387(1)
Group Policy Configuration
388(1)
Address Pool
389(1)
Validating the Address Pool
389(1)
Routing Problems
390(1)
DNS Troubleshooting
391(1)
DNS Split Tunnel Range
392(1)
Browser Proxy
392(1)
NAT Problem
393(1)
Capture Command
394(1)
Capture Command Options
394(1)
Traffic Filters
395(1)
Troubleshooting Traffic Filters
395(1)
Network Access Troubleshooting Summary
396(1)
Step 4 Diagnostics and Reporting Tool (DART)
396(1)
Step 5 Diagnostic Commands
396(3)
Step 6 Application
399(1)
Troubleshooting AnyConnect IKEv2 VPNs on the ASA
400(10)
Step 0 Prepare 400 Steps 1 and 2: Connectivity and Login to the VPN Concentrator
402(1)
Step 3 VPN Status Validation
402(1)
Command 1 Show vpn-sessiondb detail anyconnect
403(2)
Command 2 Show crypto ikev2 sa
405(1)
Command 3 Show crypto ikev2 sa detail
405(1)
Command 4 Show crypto ipsec sa
406(2)
Command 5 Debug crypto ikeu 2255
408(1)
Step 4 Host Troubleshooting
408(1)
Invalid Host Entry
409(1)
Troubleshooting AnyConnect IKEv2 VPNs on Routers
410(4)
Steps 1 and 2 Connectivity and Login to the Router
411(1)
Step 3 VPN Status Validation
411(1)
CommandI1 Show crypto ipsec sa detail
411(1)
Command 2 Show crypto session detail
412(1)
Command 3 Debug aaa
413(1)
Summary
414(1)
Reference
415(1)
Exam Preparation Tasks
415(1)
Review All Key Topics
415(1)
Complete Tables and Lists from Memory
415(1)
Define Key Term
415(1)
Use the Command Reference to Check Your Memory
416(2)
Part IV SVPN Preparation
Chapter 11 Final Preparation
418(6)
Getting Ready
418(2)
Tools for Final Preparation
420(3)
Pearson Cert Practice Test Engine and Questions on the Website
420(1)
Accessing the Pearson Test Prep Software Online
420(1)
Accessing the Pearson Test Prep Software Offline
420(1)
Customizing Your Exams
421(1)
Updating Your Exams
422(1)
Premium Edition
422(1)
Chapter-Ending Review Tools
423(1)
Suggested Plan for Final Review/Study
423(1)
Summary
423(1)
Appendix A Answers to the "Do I Know This Already?" Quizzes 424(6)
Appendix B Implementing Secure Solutions with Virtual Private Networks (SVPN 300-730) Exam Updates 430(3)
Glossary of Key Terms 433(3)
Index 436
Online Elements
Appendix C Memory Tables
Appendix D Memory Tables Answer Key
Appendix E Study Planner
Glossary of Key Terms
Joseph Muniz is an architect and security researcher in the Cisco Security Sales and Engineering organization. He is driven by making the world a safer place through education and adversary research. Joseph has extensive experience in designing security solutions and architectures as a trusted advisor for top Fortune 500 corporations and the U.S. government.



Joseph is a researcher and industry thought leader. He speaks regularly at international conferences, writes for technical magazines, and is involved with developing training for various industry certifications. He invented the fictitious character Emily Williams to create awareness around social engineering. Joseph runs The Security Blogger website, a popular resource for security and product implementation. He is the author of and contributor to several publications, including titles ranging from security best practices to exploitation tactics.

When Joseph is not using technology, you can find him on the futbal (soccer) field or raising the next generation of hackers, also known as his children. Follow Joseph at https://www.thesecurityblogger.com and @SecureBlogger.

Steven Chimes, CCIE No. 35525, is a security architect in the Security Sales Engineering organization at Cisco, focused on building cybersecurity solutions for Cisco's largest global customers. He has more than 15 years of experience in the networking and cybersecurity fields, specializing in cross-domain solutions and emerging technologies. He has led the technical design for projects across the IT spectrum, including networking, security, analytics, identity, collaboration, compute, data center, and cloud.

When not building solutions, Steven is either teaching or learning. He is a distinguished speaker at Cisco Live and has spoken at Cisco Live events all over the world. He is also a serial collector of certifications, including CCIE Security, CCNP Enterprise, DevNet Associate, CISSP-ISSAP, GMON, and GCIH, among many others. What Steven finds most fulfilling, though, is mentoring the next generation of inspired cybersecurity professionals through programs such as Cisco High. Follow Steven @StevenChimes on Twitter.



James Risler, CCIE No. 15412, is a security training development manager in the Cisco Customer Experience organization. As senior manager of security content engineering at Cisco, he's constantly discovering and exploring the latest trends and issues in security, IT, and business. In his current role, he oversees teams responsible for both security and collaboration course development.

James is passionate about helping organizations understand the impact that security events can have on business and how to mitigate that risk. That's why he works to educate individuals and organizations in a variety of cybersecurity topics, including threat defense, virtual private networks, and firewall configuration, among others. Besides his work at Cisco, James works to help create the next generation of security defenders by holding training sessions and presentations for the University of Tampa Cybersecurity Club.

James is a distinguished speaker at Cisco Live; he holds Certified Information Systems Security Professional (CISSP) and Cisco Certified Internetwork Expert (CCIE) certifications; and he has earned a master's of business administration (MBA) from the University of Tampa. When he is not at work, he is either home brewing or cooking up a complex meal. Follow James @JimRisler on Twitter.
Biežāk uzdotie jautājumi par e-grāmatām Biežāk uzdotie jautājumi par e-grāmatām
Permanent link: https://www.kriso.lv/db/97801366348676e.html
Keywords: