Professional Documents
Culture Documents
Student Guide
Table of Contents
Volume 1 Course Introduction
Overview Learner Skills and Knowledge Course Goal and Objectives Course Flow Additional References Cisco Glossary of Terms Your Training Curriculum
1
1 1 3 4 5 5 6
1-1
1-1 1-1
1-3
1-3 1-3 1-4 1-4 1-6 1-7 1-9 1-9 1-11 1-12 1-14 1-16 1-17 1-17 1-18
Teleworker Connectivity
2-1
2-1 2-1
2-3
2-3 2-3 2-4 2-5 2-7 2-8 2-9 2-11 2-12 2-13 2-13
2-15
2-15 2-15 2-16 2-17 2-18 2-20 2-20 2-21 2-22 2-22
Digital Signals over Radio Waves Data over Cable Fiber Benefits HFC Architecture Data over Cable Cable Technology: Putting It All Together Data Cable Technology Issues Provisioning a Cable Modem Summary References
2-24 2-26 2-26 2-27 2-28 2-29 2-30 2-31 2-33 2-34
2-35
2-35 2-35 2-36 2-38 2-39 2-41 2-43 2-44 2-46 2-48 2-48 2-49 2-50 2-50 2-51 2-53 2-54 2-56 2-58
ii
2-59
2-59 2-59 2-60 2-61 2-63 2-64 2-66 2-67 2-68 2-70 2-71 2-72 2-73 2-74 2-75 2-76 2-77 2-78 2-80 2-81 2-82 2-83 2-84 2-85 2-86 2-88 2-89 2-91
Summary
2-92
2-93
2-93 2-93 2-94 2-96 2-97 2-98 2-99 2-100 2-101 2-102 2-103 2-104 2-106 2-108
3-1
3-1 3-2
3-3
3-3 3-3 3-4 3-5 3-6 3-7 3-7 3-8 3-9 3-10 3-11 3-12 3-13 3-14 3-15 3-16 3-17 3-18 3-19 3-20 3-20
3-21
3-21 3-21 3-22 3-24 3-25 3-26 3-27 3-28 3-29 3-30 3-31 3-32 3-33 3-34 3-35
iii
Overview Objectives Label Allocation in a Frame Mode MPLS Environment Example: Label Allocation Allocating Labels LIB and LFIB Setup Label Distribution and Advertisement Receiving Label Advertisement Interim Packet Propagation Through an MPLS Network Further Label Allocation Receiving Label Advertisement Populating the LFIB Table Packet Propagation Across an MPLS Network Penultimate Hop Popping Example: Before the Introduction of the PHP
3-39
3-39 3-39 3-40 3-41 3-43 3-44 3-47 3-49 3-51 3-52
3-53
3-53 3-53 3-54 3-54 3-55 3-56 3-57 3-58 3-59 3-60 3-61 3-62 3-63 3-64 3-65 3-66 3-69 3-70 3-71 3-72 3-73 3-74 3-74 3-75 3-76 3-77 3-78 3-79 3-80 3-81 3-82 3-83 3-84 3-84 3-85 3-88
IPsec VPNs
iv
4-1
4-1 4-1
4-3
4-3 4-3 4-4 4-6 4-7 4-8 4-9 4-10 4-12 4-13 4-14 4-15 4-16 4-18 4-19 4-20 4-21 4-23 4-24 4-25 4-26 4-27 4-28 4-29 4-30 4-31 4-32 4-33 4-34 4-35 4-36 4-39 4-41 4-43 4-45 4-46 4-47
4-49
4-49 4-49 4-50 4-51 4-52 4-53 4-54 4-55 4-56 4-57 4-58 4-59 4-60 4-61 4-62 4-63 4-64 4-65 4-66 4-68
v
4-69
4-69 4-69 4-70 4-71 4-72 4-73 4-74 4-76 4-78 4-80 4-81 4-82 4-83 4-84 4-84 4-85 4-88 4-90 4-91 4-92 4-93 4-94
vi
4-95
4-95 4-95 4-96 4-97 4-99 4-100 4-101 4-102 4-103 4-104 4-105 4-108 4-109 4-110 4-111 4-112 4-113 4-114 4-115 4-116 4-117 4-119 4-121 4-122 4-123 4-124 4-124 4-125 4-125 4-126 4-127 4-128 4-129 4-130
4-125
Using DPD and Cisco IOS Keepalive Features with Multiple Peers in the Crypto Map Configuration Example Hot Standby Routing Protocol HSRP Operation HSRP for Default Gateway at Remote Site HSRP for Headend IPsec Routers IPsec Stateful Failover Restrictions for Stateful Failover for IPsec IPsec Stateful Failover Example Backing Up a WAN Connection with an IPsec VPN Backing Up a WAN Connection with an IPsec VPN: Example Using GRE over IPsec Summary References
4-130 4-131 4-133 4-133 4-134 4-135 4-136 4-136 4-139 4-140 4-141 4-142 4-142
Configuring Cisco Easy VPN and Easy VPN Server Using SDM
Overview Objectives Introducing Cisco Easy VPN Cisco Easy VPN Components Remote Access Using Cisco Easy VPN Describe Easy VPN Server and Easy VPN Remote Step 1: The VPN Client Initiates the IKE Phase 1 Process Step 2: The VPN Client Establishes an ISAKMP SA Step 3: The Cisco Easy VPN Server Accepts the SA Proposal Step 4: The Cisco Easy VPN Server Initiates a Username and Password Challenge Step 5: The Mode Configuration Process Is Initiated Step 6: The RRI Process Is Initiated Step 7: IPsec Quick Mode Completes the Connection Cisco Easy VPN Server Configuration Tasks Cisco Easy VPN Server Configuration Tasks for the Easy VPN Server Wizard Configuring Easy VPN Server VPN Wizards Enabling AAA Local User Management Creating Users Enabling AAA Starting the Easy VPN Server Wizard Select Interface for Terminating IPsec IKE Proposals Transform Set Group Policy Configuration Location Option 1: Local Router Configuration Option 2: External Location via RADIUS User Authentication Option 1: Local User Database Adding Users Option 2: External User Database via RADIUS Local Group Policies General Parameters Domain Name System Split Tunneling Advanced Options Xauth Options Completing the Configuration Verify the Easy VPN Server Configuration Monitoring Easy VPN Server Advanced Monitoring Troubleshooting Summary References
4-143
4-143 4-143 4-144 4-146 4-147 4-149 4-150 4-151 4-152 4-153 4-154 4-155 4-156 4-157 4-158 4-159 4-160 4-161 4-162 4-163 4-164 4-165 4-166 4-167 4-168 4-169 4-169 4-170 4-172 4-172 4-173 4-174 4-175 4-176 4-177 4-178 4-179 4-180 4-181 4-183 4-185 4-186 4-187 4-188 4-189
vii
4-191
4-191 4-191 4-192 4-193 4-194 4-195 4-197 4-198 4-199 4-201 4-202 4-203 4-204 4-205 4-206 4-208 4-210
viii
ISCW
Course Introduction
Overview
Implementing Secure Converged Wide Area Networks (ISCW) is an advanced course that introduces techniques and features enabling or enhancing WAN and remote access solutions. The course focuses on using one or more of the available WAN connection technologies for remote access between enterprise sites. This course includes cable modems and DSL with Network Address Translation (NAT), Multiprotocol Label Switching (MPLS), virtual private networks (VPNs), and network security using VPNs with IPSec encryption and Internet Key Exchange (IKE) keys. After taking this course, learners will be able to secure the network environment using existing Cisco IOS security features, and configure the three primary components of the Cisco IOS Firewall Feature set: firewall, intrusion prevention system (IPS), and authentication, authorization, and accounting (AAA). This task-oriented course teaches the knowledge and skills needed to secure Cisco IOS router networks using features and commands in Cisco IOS software, and using a router configuration application. ISCW is part of the recommended learning path for students seeking the Cisco Certified Network Professional (CCNP).
This subtopic lists the skills and knowledge that learners must possess to benefit fully from the course. The subtopic also includes recommended Cisco learning offerings that learners should first complete to benefit fully from this course.
IP addressing, including the format of IPv4 addresses, the concept of subnetting, VLSM, and CIDR, as well as static and default routing Standard and extended ACLs
Client utilities, including Telnet, ipconfig, traceroute, ping, FTP, TFTP, and HyperTerminal Basic IOS familiarity, including accessing the CLI on a Cisco device and implementing the debug and show commands
ISCW v1.04
Course Goal
The goal of the ISCW course is to expand the reach of the enterprise network to teleworkers and remote sites. The theme of implementing a highly available network with connectivity options, such as VPN and wireless, is highlighted.
Upon completing this course, you will be able to meet these objectives: