CCNP Security VPN FAQ: Monitoring and Administering the VPN 3000 Series Concentrator

CCNP Security VPN FAQ: Monitoring and Administering the VPN 3000 Series Concentrator

Q1. What screen is used to set the password for the administrator?

Answer: Administration | Access Rights | Administrators

Q2. You wish to limit HTTP access to the concentrator to hosts on the same subnet as the inside interface of the concentrator. What is the format of the Access Control List?

Answer: Use the network IP address of the interface’s base network and the proper subnet mask.

Q3. What types of AAA servers can the VPN 3000 Series Concentrator use for authenticating management sessions?

Answer: TACACS+

Q4. What is the upper limit for a management session timeout?

Answer: 30 minutes

Q5. What form of encryption may be used on a configuration file?

Answer: RC4

Q6. On what screen can routes be cleared?

Answer: Monitoring | Routing Table
7-1

Q7. Where can you see the CPU utilization on a Cisco 3000 Series Concentrator?

Answer: Monitoring | System Status

Q8. Where can you troubleshoot an IPSec connection?

Answer: Monitoring | Statistics | IPSec

Q9. Where can you troubleshoot TCP/IP connections?
(Note that the keyword in this question is “connection,” which requires TCP):

Answer: Monitoring | Statistics | MIB II | TCP/UDP

Q10. Where can you see the number of collisions on an Ethernet Interface?

Answer: Monitoring | Statistics | Interface | MIB II-> | Statistics

Q11. What screen is used to set the password for the administrator?

Answer: Administration | Access Rights | Administrators

Q12. You wish to limit HTTP access to the concentrator to hosts on the same subnet as the inside interface of the concentrator. What is the format of the Access Control List?

Answer: Use the network IP address of the interface’s base network and the proper subnet mask.

Q13. What types of AAA servers can the VPN 3000 Series Concentrator use for authenticating management sessions?

Answer: TACACS+

Q14. What is the upper limit for a management session timeout?

Answer: 30 minutes

Q15. What form of encryption may be used on a configuration file?

Answer: RC4

Q16. On what screen can routes be cleared?

Answer: Monitoring | Routing Table

Q17. Where can you see the CPU utilization on a Cisco 3000 Series Concentrator?

Answer: Monitoring | System Status

Q18. Where can you troubleshoot an IPSec connection?

Answer: Monitoring | Statistics | IPSec

Q19. Where can you troubleshoot TCP/IP connections?
(Note that the keyword in this question is “connection,” which requires TCP):

Answer: Monitoring | Statistics | MIB II | TCP/UDP

Q20. Where can you see the number of collisions on an Ethernet Interface?

Answer: Monitoring | Statistics | Interface | MIB II-> | Statistics

Q21. What is the major difference between the Monitoring | Statistics and the Monitoring | Statistics | MIB II sections?

Answer: The MIB II section works on the first four layers of the OSI model, while the Statistics section works at higher levels

Q22. You wish to limit the number of concurrent management connections. Where is this done?

Answer: To limit the number of concurrent management connections, go to the Administration | Access Rights | Access Settings screen.

Q23. You wish to use a AAA server to authenticate management access to the concentrator.What must you use?

Answer: You must use a TACACS+ server. Also, you will need connectivity to the server.

Q24. What are the differences between the Filterable Event Log screen and the Live Event Log screen?

Answer: There are two major differences between the Filterable Event Log screen and the Live Event Log screen. First, the Filterable Event Log screen allows you to limit logs seen. Second, the Live Event Log updates as events occur instead of by the refresh value set in the Administration | Monitoring Refresh screen.

Q25. On what screen can you see if a certificate has been requested but has not yet been received?

Answer: The Administration | Certificate Management screen is used to see certificates that have been requested, but have not yet been received.

Q26. What section should you look in if you want to see the number of pings sent and received? From where on the concentrator do you send a ping?

Answer: The number of pings sent and received is shown under the Monitoring | Statistics | MIB II | ICMP screen. Pings are sent from the Administration | Ping screen.

Q27. Name two places that you can see the current software version on a concentrator.

Answer: The current software in use can be seen on the Monitoring | System Status and the Administration | Software Update | Concentrator screens.

Q28. What are the access control lists as defined in the Administration | Access Rights | Access Control Lists screen used for?

Answer: These access control lists are only used for access to the concentrator for management purposes.

Q29. You find out that your assistant has changed the configuration and saved that new configuration. However, something was configured incorrectly. None of remote sites or remote users can connect to the concentrator. What is the quickest way to resolve the issue?

Answer: The quickest way to resolve this is to go to the Administration | File Management | Swap Config File screen and swap the backup configuration with the current configuration. Then, go to the Administration | System Reboot screen and reboot the concentrator. Because no users are connected, the reboot may be set to happen immediately

Q30. A remote client with a VPN 3002 hardware client calls you on the phone saying that he is unable to connect to your network. He says that he may have incorrectly configured the preshared key on his end. You have access through HTTP to your concentrator. Where is the first place you look to see if this is a preshared key issue?

Answer: The first place you should look is on the Monitoring | Statistics | IPSec screen. This screen will quickly show whether the issue is with an incorrect preshared key

About the author

Scott

Leave a Comment