CCSP SECUR FAQ : Configuring Remote Access Using Easy VPN

CCSP SECUR FAQ : Configuring Remote Access Using Easy VPN

Q1. What version of Cisco IOS Software supports Easy VPN Server?
A. 12.1(13)
B. 12.2(8)T
C. 12.5
D. 12.0(8)J
E. None of the above

Answer: B

Q2. What device does not support Easy VPN client?
A. Cisco 800 Series router
B. Cisco 3002 hardware VPN client
C. Cisco PIX 535 Firewall
D. Cisco PIX 501 Firewall
E. Cisco 1700 Series router

Answer: C

Q3. What is “group-based policy control”?
A. Group-based policy control enables you to apply policies on a per-user or per-group basis.

B. Group-based policy control enables you to apply policies if you are a member of the administrators group.

C. Group-based policy control enables you to apply policies to users only.

D. Group-based policy control enables you to apply policies to groups only.

E. None of the above.

Answer: A

Q4. What Diffie-Hellman groups are supported by Easy VPN Server?
A. 1, 2, 3, 4, and 5
B. 1 and 2 only
C. 2 and 4 only
D. 1 and 4 only
E. 2 and 5 only

Answer: E

Q5. What configuration mode must you be in to configure the IP address pool?
A. Pool-configuration mode
B. Global configuration mode
C. Privileged EXEC mode
D. Interface configuration mode
E. Enable mode

Answer: B

Q6. What do you not configure when creating the ISAKMP policy for the remote VPN clients?
A. Peer authentication method
B. Policy priority
C. Encryption algorithm
D. Hash algorithm
E. Diffie-Hellman group

Answer: D

Q7. What configuration mode must you be in to configure RRI?
A. Crypto-map configuration mode
B. Global configuration mode
C. Privileged EXEC mode
D. Interface configuration mode
E. Enable mode

Answer: A

Q8. What is the time range (in seconds) for DPD keepalive “retries”?
A. 10 to 3600
B. 60 to 3600
C. 2 to 3600
D. 2 to 60
E. 2 to 1800

Answer: D

Q9. How does the Easy VPN Server control VPN policies for remote clients?

Answer: The Easy VPN Server manages all IPSec policies centrally and pushes the policy out to the client.

Q10. What is dead peer detection (DPD)?

Answer: DPD incorporates a series of “keepalive” messages between the IPSec peers when there is no other traffic passing through the VPN tunnel.

Q11. How does the command aaa new model prepare the router for Easy VPN Server?

Answer: The first task is to enable AAA on the router.

Q12. What must you do before selecting your IKE parameters for remote VPN clients?

Answer: You must ensure that ISAKMP is enabled on the router.

Q13. What servers should you designate when defining the group policy for mode configuration push?

Answer: DNS servers and WINS servers (if applicable)

Q14. What must you do to make a dynamic crypto map function?

Answer: Apply the dynamic crypto map to the interface.

Q15. What is the difference between crypto isakmp keepalive seconds and retries?

Answer: Keepalive seconds is the time the router waits before sending a keepalive. Keepalive retries is the time the router waits before sending another keepalive after not getting a response from a previous keepalive.

Q16. What is xauth?

Answer: Extended authentication (xauth) is a process for using AAA authentication for VPN connections.

Q17. How many different remote phase II modes does Easy VPN Server support?

Answer: Two (client mode and network extension mode)

Q18. Which remote phase II mode does not support NAT or PAT?

Answer: Network extension mode

More Resources

About the author

Scott

Leave a Comment