Home   FAQs   New Arrivals   Specials   Pricing & Shipping   Location   Corporate Services   Why Choose Bookware?  
 Search:   
Call our store: 9955 5567 (from within Sydney) or 1800 734 567 (from outside Sydney)
 View Cart   Check Out   
 
Browse by Subject
 TAFE Accounting
 TAFE I.T./Computing
 TAFE - Other
I.T
 .NET
 Windows 8
 Adobe CS6
 Cisco
 CCNA 2012
 CCNP 2012
 Java
 VB
 ASP
 Web Design
 E-Commerce
 Project Management
 ITIL
 Macintosh
 Mobile Devices
 Linux
 Windows Server 2012
 SQL Server 2012
 SAP
Certification
 MCITP
 MCTS
Economics and Business
 Accounting
 Business Information Systems
 Economics
 Finance
 Management
 Marketing
 TAX
 Human Resources
Academic
 Law
 Nursing
 Medical
 Psychology
 Engineering

CCNP Security VPN 642-648 Official Cert Guide, Second Edition

by: Hooper Howard

Notify me when in stock

On-line Price: $61.95 (includes GST)

Hardcover & CD package 832

20%Off Retail Price

You save: $16.00

Usually ships within 4 - 5 business days.

Retail Price: $77.95

Publisher: CISCO PRESS,22.08.2012

Category: Cisco Level: B/I/A

ISBN: 1587204479
ISBN13: 9781587204470

Add to Shopping Cart

The official study guide helps you master all the topics on the CCNP Security VPN exam, including

Configuring policies, inheritance, and attributes


            AnyConnect Remote Access VPN solutions


            AAA and Dynamic Access Policies (DAP)


            High availability and performance


            Clientless VPN solutions


            SSL VPN with Cisco Secure Desktop


            Easy VPN solutions


            IPsec VPN clients and site-to-site VPNs

The CD-ROM contains a free, complete practice exam.

Includes Exclusive Offer for 70% Off Premium Edition eBook and Practice Test

Pearson IT Certification Practice Test minimum system requirements:

Windows XP (SP3), Windows Vista (SP2), or Windows 7; Microsoft .NET Framework 4.0 Client; Pentium class 1GHz processor (or equivalent);
512 MB RAM; 650 MB disc space plus 50 MB for each downloaded practice exam

This volume is part of the Official Cert Guide Series from Cisco Press. Books in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco Career Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as exam day nears.

CCNP Security VPN 642-648 Official Cert Guide is a best of breed Cisco exam study guide that focuses specifically on the objectives for the CCNP Security VPN exam. Cisco Certified Internetwork Expert (CCIE) Howard Hooper shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

CCNP Security VPN 642-648 Official Cert Guide presents you with an organized test-preparation routine through the use of proven series elements and techniques. "Do I Know This Already?" quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

The companion CD-ROM contains a powerful testing engine that enables you to focus on individual topic areas or take a complete, timed exam. The assessment engine also tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.

Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

CCNP Security VPN 642-648 Official Cert Guide is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

Table of Contents

Introduction

Part I ASA Architecture and Technologies Overview

Chapter 1 Examining the Role of VPNs and the Technologies Supported by the ASA

"Do I Know This Already?" Quiz

Foundation Topics

Introducing the Virtual Private Network


  VPN Termination Device (ASA) Placement

Meet the Protocols


  Symmetric and Asymmetric Key Algorithms


  IPsec


  IKEv1


  Authentication Header and Encapsulating Security Payload


  IKEv2


  SSL/TLS


  SSL Tunnel Negotiation


  Handshake


  DTLS

ASA Packet Processing

The Good, the Bad, and the Licensing


  Time-Based Licenses


          When Time-Based and Permanent Licenses Combine


  Shared SSL VPN Licenses


          Failover Licensing

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 2 Configuring Policies, Inheritance, and Attributes

"Do I Know This Already?" Quiz

Foundation Topics

Policies and Their Relationships

Understanding Connection Profiles


  Group URL


  Group Alias


  Certificate-to-Connection Profile Mapping


  Per-User Connection Profile Lock


  Default Connection Profiles

Understanding Group Policies

Configure User Attributes

Using External Servers for AAA and Policies

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Part II Cisco Clientless Remote-Access VPN Solutions

Chapter 3 Deploying a Clientless SSL VPN Solution

"Do I Know This Already?" Quiz

Foundation Topics

Clientless SSL VPN Overview

Deployment Procedures and Strategies

Deploying Your First Clientless SSL VPN Solution


  IP Addressing


  Hostname, Domain Name, and DNS


  Become a Member of a Public Key Infrastructure


  Adding a CA Root Certificate


  Certificate Revocation List


  Revocation Check


  CRL Retrieval Policy


  CRL Retrieval Method


  OCSP Rules


  Advanced


  Enable the Relevant Interfaces for SSL


  Create Local User Accounts for Authentication


  Create a Connection Profile (Optional)

Basic Access Control


  Bookmarks


  HTTP and HTTPS


  CIFS


  FTP


  Group Policies

Content Transformation


  Gateway Content Rewriting


  Application Helper Profiles


  Java Code Signing

Troubleshooting a Basic Clientless SSL VPN


  Troubleshooting Session Establishment


  Troubleshooting Certificate Errors

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 4 Advanced Clientless SSL VPN Settings

"Do I Know This Already?" Quiz

Foundation Topics

Overview of Advanced Clientless SSL VPN Settings

Application Access Through Port Forwarding


  Configuring Port Forwarding

Application Access Using Client-Server Plug-Ins


  Configuring Client-Server Plug-In Access

Application Access Through Smart Tunnels


  Configuring Smart Tunnel Access

Configuring SSL/TLS Proxies


  Email Proxy


  Internal HTTP and HTTPS Proxy

Troubleshooting Advanced Application Access


  Troubleshooting Application Access


  Client


  ASA/VPN Termination Appliance


  Application/Web Server

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 5 Customizing the Clientless Portal

"Do I Know This Already?" Quiz

Foundation Topics

Basic Portal Layout Configuration


  Logon Page Customization


  Portal Page Customization


  Logout Page Customization

Outside-the-Box Portal Configuration

Portal Language Localization

Getting Portal Help

AnyConnect Portal Integration

Clientless SSL VPN Advanced Authentication

Using an External and Internal CA for Clientless Access

Clientless SSL VPN Double Authentication

Deploying Clientless SSL VPN Single Signon

Troubleshooting PKI and SSO Integration

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 6 Clientless SSL VPN Advanced Authentication and Authorization

"Do I Know This Already?" Quiz

Foundation Topics

Configuration Procedures, Deployment Strategies, and Information Gathering


  Create a DAP


  Specify User AAA Attributes


  Specify Endpoint Attributes


  Configure Authorization Parameters


  Configure Authorization Parameters for the Default DAP

DAP Record Aggregation

Troubleshooting DAP Deployment


  ASDM Test Feature


  ASA Logging


  DAP Debugging

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 7 Clientless SSL High Availability and Performance

"Do I Know This Already?" Quiz

Foundation Topics

High-Availability Deployment Information and Common Strategies


  Failover


  Active/Active


  Active/Standby


  VPN Load Balancing (Clustering)


  External Load Balancing


  Redundant VPN Peering

Content Caching for Optimization

Clientless SSL VPN Load Sharing Using an External Load Balancer

Clustering Configuration for Clientless SSL VPN

Troubleshooting Load Balancing and Clustering

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Part III Cisco AnyConnect Remote-Access VPN Solutions

Chapter 8 Deploying an AnyConnect Remote-Access VPN Solution

"Do I Know This Already?" Quiz

Foundation Topics

AnyConnect Full-Tunnel SSL VPN Overview

Configuration Procedures, Deployment Strategies, and Information Gathering


  AnyConnect Secure Mobility Client Installation

Deploying Your First Full-Tunnel AnyConnect SSL VPN Solution


  IP Addressing


  Enable IPv6 Access


  Hostname, Domain Name, and DNS


  Enroll with a CA and Become a Member of a PKI


  Add an Identity Certificate


  Add the Signing Root CA Certificate


  Enable the Interfaces for SSL/DTLS and AnyConnect Client Connections


  Create a Connection Profile

Deploying Your First AnyConnect IKEv2 VPN Solution


  Enable the Relevant Interfaces for IKEv2 and AnyConnect Client Access


  Create Your IKEv2 Policies


  Create a Connection Profile

Client IP Address Allocation


  Connection Profile Address Assignment


  Group Policy Address Assignment


  Direct User Address Assignment

Advanced Controls for Your Environment


  ACLs and Downloadable ACLs


  Split Tunneling


  Access Hours/Time Range

Troubleshooting the AnyConnect Secure Mobility Client

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 9 Advanced Authentication and Authorization of AnyConnect VPNs

"Do I Know This Already?" Quiz

Foundation Topics

Authentication Options and Strategies

Provisioning Certificates as a Local CA

Configuring Certificate Mappings


  Certificate-to-Connection Profile Maps


  Mapping Criteria

Provisioning Certificates from a Third-Party CA


  Configure an XML Profile for Use by the AnyConnect Client


  Configure a Dedicated Connection Profile for Enrollment


  Enroll the AnyConnect Client into a PKI


  Optionally, Configure Client Certificate Selection


  Import the Issuing CA's Certificate into the ASA


  Create a Connection Profile Using Certificate-Based Authentication

Advanced PKI Deployment Strategies

Doubling Up on Client Authentication

Troubleshooting Your Advanced Configuration

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 10 Advanced Deployment and Management of the AnyConnect Client

"Do I Know This Already?" Quiz

Foundation Topics

Configuration Procedures, Deployment Strategies, and Information Gathering

AnyConnect Installation Options


  Manual Predeployment


  Automatic Web Deployment

Managing AnyConnect Client Profiles

Advanced Profile Features


  Start Before Login


  Trusted Network Detection

Advanced AnyConnect Customization and Management

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 11 AnyConnect Advanced Authorization Using AAA and DAPs

"Do I Know This Already?" Quiz

Foundation Topics

Configuration Procedures, Deployment Strategies, and Information Gathering

Configuring Local and Remote Group Policies

Full SSL VPN Accountability

Authorization Through Dynamic Access Policies

Troubleshooting Advanced Authorization Settings

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 12 AnyConnect High Availability and Performance

"Do I Know This Already?" Quiz

Foundation Topics

Overview of High Availability and Redundancy Methods


  Hardware-Based Failover


  VPN Clustering (VPN Load Balancing)


  Redundant VPN Peering


  External Load Balancing

Deploying DTLS

Performance Assurance with QOS


  Basic ASDM QoS Configuration


  Basic CLI QoS Configuration

AnyConnect Redundant Peering and Failover

Hardware-Based Failover with VPNs


  Configure LAN Failover Interfaces


  Configure Standby Addresses on Interfaces Used for Traffic Forwarding


  Define Failover Criteria


  Configure Nondefault MAC Addresses

Redundancy in the VPN Core


  VPN Clustering


  Load Balancing Using an External Load Balancer

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Part IV Cisco Secure Desktop

Chapter 13 Cisco Secure Desktop

"Do I Know This Already?" Quiz

Foundation Topics

Cisco Secure Desktop Overview and Configuration


  Prelogin Assessment


  Host Scan


  Secure Desktop (Vault)


  Cache Cleaner


  Keystroke Logger


  Integration with DAP


  Host Emulation Detection


  Windows Mobile Device Management


  Standalone Installation Packages


  CSD Manual Launch

CSD Order of Operations


  Prelogin Phase


  Post-Login Phase


  Session-Termination Phase


  CSD Supported Browsers, Operating Systems, and Credentials


  Enabling Cisco Secure Desktop on the ASA

Configure Prelogin Criteria


  Keystroke Logger and Safety Checks


  Cache Cleaner


  Secure Desktop (Vault) General


  Secure Desktop (Vault) Settings


  Secure Desktop (Vault) Browser

Host Endpoint Assessment

Authorization Using DAPs

Troubleshooting Cisco Secure Desktop

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Part V Cisco IPsec Remote-Access Client Solutions

Chapter 14 Deploying and Managing the Cisco VPN Client

"Do I Know This Already?" Quiz

Foundation Topics

Cisco IPsec VPN Client Features

Cisco ASA Basic Remote IPsec Client Configuration

IPsec Client Software Installation and Basic Configuration


  Create New VPN Connection Entry, Main Window


  Authentication Tab


  Transport Tab


  Backup Servers Tab


  Dial-Up Tab

Advanced Profile Settings

VPN Client Software GUI Customization

Troubleshooting VPN Client Connectivity

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Part VI Cisco Easy VPN Solutions

Chapter 15 Deploying Easy VPN Solutions

"Do I Know This Already?" Quiz

Foundation Topics

Configuration Procedures, Deployment Procedures, and Information Gathering

Easy VPN Basic Configuration


  ASA IP Addresses


  Configure Required Routing


  Enable IPsec Connectivity


  Configure Preferred IKEv1 and IPsec Policies


  Client IP Address Assignment


  VPN Client Authentication Using Pre-Shared Keys


  Using XAUTH for VPN Client Access


  IP Address Allocation Using the VPN Client


  DHCP Configuration

Controlling Your Environment with Advanced Features


  ACL Bypass Configuration


  Basic Interface ACL Configuration


  Per-Group ACL Configuration


  Per-User ACL Configuration


  Split-Tunneling Configuration

Troubleshooting a Basic Easy VPN

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 16 Advanced Authentication and Authorization Using Easy VPN

"Do I Know This Already?" Quiz

Foundation Topics

Authentication Options and Strategies

Configuring PKI for Use with Easy VPN

Configuring Mutual/Hybrid Authentication

Configuring Digital Certificate Mappings

Provisioning Certificates from a Third-Party CA

Advanced PKI Deployment Strategies


  CRLs


  OCSP


  AAA

Troubleshooting Advanced Authentication for Easy VPN

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 17 Advanced Easy VPN Authorization

"Do I Know This Already?" Quiz

Foundation Topics

Configuration Procedures, Deployment Strategies, and Information Gathering

Configuring Local and Remote Group Policies


  Assigning a Group Policy to a Local User Account


  Assigning a Group Policy to a Connection Profile

Accounting Methods for Operational Information


  NetFlow 9


  RADIUS VPN Accounting


  SNMP

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 18 High Availability and Performance for Easy VPN

"Do I Know This Already?" Quiz

Foundation Topics

Configuration Procedures, Deployment Strategies, and Information Gathering

VPN Client HA and Failover

Hardware-Based Failover with VPNs


  Configure Optional Active/Standby Failover Settings

Clustering Configuration for Easy VPN

Troubleshooting Device Failover and Clustering

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 19 Easy VPN Operation Using the ASA 5505 as a Hardware Client

"Do I Know This Already?" Quiz

Foundation Topics

Easy VPN Remote Hardware Client Overview


  Client Mode


  Network Extension Mode

Configuring a Basic Easy VPN Remote Client Using the ASA 5505

Configuring Advanced Easy VPN Remote Client Settings for the ASA 5505


  X-Auth and Device Authentication


  Remote Management


  Tunneled Management


  Clear Tunneled Management


  NAT Traversal


  Device Pass-Through

Troubleshooting the ASA 5505 Easy VPN Remote Hardware Client

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Part VII Cisco IPsec Site-to-Site VPN Solutions

Chapter 20 Deploying IPsec Site-to-Site VPNs

"Do I Know This Already?" Quiz

Foundation Topics

Configuration Procedures, Deployment Strategies, and Information Gathering

IKEv1


  Phase 1


  Phase 2 (Quick Mode)

IKEv2


  Phase 1


  Phase 2

Configuring a Basic IKEv1 IPsec Site-to-Site VPN


  Configure Basic Peer Authentication


          Enable IKEv1 on the Interface


          Configure IKEv1 Policies


          Configure Pre-Shared Keys


  Configure Transmission Protection


          Select Transform Set and VPN Peer


          Define Interesting Traffic

Configuring a Basic IKEv2 IPsec Site-to-Site VPN

Configure Advanced Authentication for IKEv1 IPsec Site-to-Site VPNs

Troubleshooting an IPsec Site-to-Site VPN Connection


  Tunnel Not Establishing: Phase 1


  Tunnel Not Establishing: Phase 2


  Traffic Not Passing Through Your Tunnel

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 21 High Availability and Performance Strategies for IPsec Site-to-Site VPNs

"Do I Know This Already?" Quiz

Foundation Topics

Configuration Procedures, Deployment Strategies, and Information Gathering

High Assurance with QoS


  Basic QoS Configuration

Deploying Redundant Peering for Site-to-Site VPNs

Site-to-Site VPN Redundancy Using Routing

Hardware-Based Failover with VPNs


  Configure LAN Failover Interfaces


  Configure Standby Addresses on Interfaces Used for Traffic Forwarding


  Define Failover Criteria


  Configure Nondefault Mac Addresses

Troubleshooting HA Deployment

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Part VIII Exam Preparation

Chapter 22 Final Exam Preparation

Tools for Final Preparation


  Pearson Cert Practice Test Engine and Questions on the CD


          Install the Software from the CD


          Activate and Download the Practice Exam


          Activating Other Exams


          Premium Edition


  The Cisco Learning Network

Memory Tables

Suggested Plan for Final Review/Study


  Using the Exam Engine

Summary

Part IX Appendixes

Appendix A Answers to the "Do I Know This Already?" Quizzes

Appendix B 642-648 CCNP Security VPN Exam Updates, Version 1.0

Appendix C Memory Tables (CD-only) 3

Appendix D Memory Tables Answer Key (CD-only) 19

Glossary