cisco.press.cisco.secure.virtual.private.networks.ver.4.7.full.nfw.d.pdf

CSVPN

Cisco Secure Virtual Private

Networks

Version 4.7

Student Guide

Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax

numbers are listed on the Cisco Web site at www.cisco.com/go/offices.

Argentina Australia Austria Belgium Brazil Bulgaria Canada Chile China PRC Colombia Costa Rica Croatia Czech

Republic Denmark Dubai, UAE Finland France Germany Greece Hong Kong SAR Hungary

India Indonesia Ireland Israel Italy Japan Korea Luxembourg Malaysia Mexico The Netherlands

New Zealand Norway Peru Philippines Poland Portugal Puerto Rico Romania Russia Saudi Arabia

Scotland Singapore Slovakia Slovenia South Africa Spain Sweden Switzerland Taiwan Thailand Turkey Ukraine

United Kingdom United States Venezuela Vietnam Zimbabwe

Cisco Systems Verified logo, Cisco Unity, Follow Me Browsing, FormShare, Internet Quotient, iQ

Breakthrough, iQ Expertise, iQ FastTrack, the iQ logo, iQ Net Readiness Scorecard, Networking Academy,

ScriptShare, SMARTnet, TransPath, and Voice LAN are trademarks of Cisco Systems, Inc.; Changing the Way We

Work, Live, Play, and Learn, Discover All Thats Possible, The Fastest Way to Increase Your Internet Quotient, and

iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE,

CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press,

Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation,

Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, IOS, IP/TV, LightStream, MGX, MICA, the

Networkers logo, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast,

StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc.

and/or its affiliates in the U.S. and certain other countries.

All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of

the word partner does not imply a partnership relationship between Cisco and any other company. (0203R)

Printed in the USA

Table of Contents

COURSE INTRODUCTION

1-1

Overview

1-1

Course Objectives

1-2

Lab Topology Overview

1-8

SECURITY FUNDAMENTALS

2-1

Overview

2-1

Objectives

2-2

Need for Network Security

2-3

Network Security Policy

2-10

The Security Wheel

2-13

Network Attack Taxonomy

2-18

Management Protocols and Functions

2-47

Summary

2-54

OVERVIEW OF VIRTUAL PRIVATE NETWORKS AND IPSEC

TECHNOLOGIES

3-1

Overview

3-1

Objectives

3-2

Cisco VPN Products

3-3

IPSec Overview

3-23

IPSec Protocol Framework

3-40

How IPSec Works

3-48

Summary

3-60

CISCO VIRTUAL PRIVATE NETWORK 3000 CONCENTRATOR SERIES

HARDWARE OVERVIEW

4-1

Table of Contents

iii

Overview

4-1

Objectives

4-2

Overview

4-3

Models

4-7

Benefits and Features

4-21

Client Support

4-28

Summary

4-44

CONFIGURE THE CISCO VPN 3000 SERIES CONCENTRATOR

FOR REMOTE ACCESS USING PRE-SHARED KEYS

5-1

Overview

5-1

Objectives

5-2

Overview of Remote Access Using Pre-Shared Keys

5-3

Initial Configuration of the Cisco VPN 3000 Series Concentrator for

Remote Access

5-7

Browser Configuration of the Cisco VPN 3000 Series Concentrator

5-11

Configuration Users and Groups

5-19

In-Depth Configuration Information

5-23

Configuration of the VPN Software Client for Windows

5-57

Summary

5-78

Lab Exercise Configure the Cisco VPN 3000 Series Concentrator for

Remote Access Using Pre-Shared Keys

Lab 5-1

CONFIGURE THE CISCO VIRTUAL PRIVATE NETWORK 3000 SERIES

CONCENTRATOR FOR REMOTE ACCESS USING DIGITAL CERTIFICATES 6-1

Overview

6-1

Objectives

6-2

CA Support Overview

6-3

Certificate Generation

6-10

Validating Certificates

6-18

Configuring the Cisco VPN 3000 Series Concentrator for CA Support

6-27

Summary

6-71

Lab ExerciseConfigure the Cisco VPN 3000 Series Concentrator for

Remote Access Using Digital Certificates

Lab 6-1

CONFIGURE THE CISCO VIRTUAL PRIVATE NETWORK FIREWALL FEATURE

FOR THE IPSEC SOFTWARE CLIENT

7-1

Overview

7-1

Objectives

7-3

Overview of the Software Clients Firewall Feature

7-4

The Software Clients AYT Feature

7-6

The Software Clients Stateful Firewall Feature

7-15

The Software Clients CPP Feature

7-17

Software Client Firewall Statistics

7-20

Customizing Firewall Policy

7-23

Summary

7-32

CSVPN 4.7

Lab ExerciseConfiguring Cisco VPN Client Firewall Features

Lab 7-1

CONFIGURE THE CISCO VIRTUAL PRIVATE NETWORK CLIENT

AUTO-INITIATION FEATURE

8-1

Overview 8-1

Objectives 8-2

Overview of the Cisco VPN Software Client Auto-Initiation Feature 8-3

Configure the Cisco VPN Software Client Auto-Initiation Feature 8-6

Summary 8-14

Lab ExerciseConfigure the Cisco VPN Client Auto-Initiation Feature Lab 8-1

MONITOR AND ADMINISTER THE CISCO VPN 3000 SERIES CONCENTRATOR

REMOTE ACCESS NETWORKS

9-1

Overview

9-1

Objectives

9-2

Monitoring

9-3

Administration

9-23

Bandwidth Management

9-50

Summary

9-71

Lab ExerciseCisco VPN 3000 Series Concentrator Monitoring and

Administration

Lab 9-1

CONFIGURE THE CISCO VPN 3002 HARDWARE CLIENT FOR REMOTE

ACCESS USING PRE-SHARED KEYS

10-1

Overview 10-1

Objectives 10-2

Cisco VPN 3002 Hardware Client Remote Access with Pre-Shared Keys 10-3

Summary

10-36

Lab ExerciseConfiguring Cisco VPN 3002 Hardware Client Remote

Access

Lab 10-1

CONFIGURE THE CISCO VIRTUAL PRIVATE NETWORK 3002 HARDWARE

CLIENT FOR UNIT AND USER AUTHENTICATION

11-1

Overview

11-1

Objectives

11-2

Overview of the Hardware Client Interactive Unit and User Authentication

Features 11-3

Configuring the Hardware Client Interactive Unit Authentication Feature 11-5

Configuring the Hardware Client User Authentication Feature

11-12

Monitoring the Hardware Client User Statistics

11-19

Summary

11-21

Lab ExerciseConfigure the Cisco VPN 3002 Hardware Client Interactive

Unit and Individual User Authentication

Lab 11-1

CONFIGURE THE CISCO VIRTUAL PRIVATE NETWORK CLIENT BACKUP

SERVER, AND LOAD BALANCING

12-1

Table of Contents

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: