CCNP Security VPN FAQ: Cisco VPN 3000 LAN-to-LAN with Preshared Keys
Q1. What is a LAN-to-LAN connection?
Q2. What equipment is required for a LAN-to-LAN connection?
Q3. Where can a LAN-to-LAN connection be used?
Answer: You can use a LAN-to-LAN connection
- Across the Internet
- Between two networks connected through a trusted network
- Between two networks connected through a non-trusted network
Q4. When setting up network lists, how should the lists at each side of the LAN-to-LAN connection relate to each other?
Q5. You attempted to configure a LAN-to-LAN connection, but cannot see a specific network on one side of the connection. What is the most likely problem?
Q6. What routing protocol is used for Autodiscovery?
Q7. What is an identity certificate?
Q8. What is the advantage of using SCEP?
Q9. What are critical items when using any certificates?
Q10. Order the steps for using a certificate:
1. Issue an enrollment request
2. Enroll with the CA
3. The enrollment request is accepted
4. Install the Certificate
5. Configure the concentrator to use the Certificate
Q11. You want to use SCEP to enroll an identity certificate. How must the associated CA certificate be obtained?
Q12. What are the default directory and filename for the DLL used with SCEP?
Q13. What are the three major steps involved in using digital certificates for a LAN-to-LAN connection?
Q14. When using an identity certificate, what is the affect of entering an incorrect name in the OU field?
Q15. What three key sizes may be used with DSA when installing certificates using SCEP?
Q16. What is a LAN-to-LAN connection?
Q17. What equipment is required for a LAN-to-LAN connection?
Q18. Where can a LAN-to-LAN connection be used?
Answer: You can use a LAN-to-LAN connection
- Across the Internet
- Between two networks connected through a trusted network
- Between two networks connected through a non-trusted network
Q19. When setting up network lists, how should the lists at each side of the LAN-to-LAN connection relate to each other?
Q20. You attempted to configure a LAN-to-LAN connection, but cannot see a specific network on one side of the connection. What is the most likely problem?
Q21. What routing protocol is used for Autodiscovery?
Q22. What is an identity certificate?
Q23. What is the advantage of using SCEP?
Q24. What are critical items when using any certificates?
Q25. Order the steps for using a certificate:
1. Issue an enrollment request
2. Enroll with the CA
3. The enrollment request is accepted
4. Install the Certificate
5. Configure the concentrator to use the Certificate
Q26. You want to use SCEP to enroll an identity certificate. How must the associated CA certificate be obtained?
Q27. What are the default directory and filename for the DLL used with SCEP?
Q28. What are the three major steps involved in using digital certificates for a LAN-to-LAN connection?
Q29. When using an identity certificate, what is the affect of entering an incorrect name in the OU field?
Q30. What three key sizes may be used with DSA when installing certificates using SCEP?
Q31. What screen is used to configure Network Autodiscovery?
Q32. You have two VPN Concentrators—one in Seattle, the other in London—used for connecting the two offices through VPNs. The Seattle office cannot reach one subnet attached to the London office. You have checked your network lists on the Seattle concentrator. You are sure that the “missing” network is properly configured. What is the most likely problem?
Q33. You are using Network Autodiscovery. You do not see a single remote network that is connected through a series of routers to your remote concentrator. Where should your troubleshooting efforts be directed?
Q34. You are using SCEP. Your junior assistant has configured the system. You have established a VPN connection to the remote site, but your remote group does not have access to your network. What is a probable cause?
Q35. You are using SCEP. You are trying to enroll a certificate. Your concentrator shows that it is polling. It has been in this state for over an hour. What is the most likely cause?
Q36. What screen is used to determine the IKE proposal used for a LAN-to-LAN connection?
Q37. What is the purpose of the challenge password on the Administration | Certificate Management | Enroll | Identity Certificate | SCEP screen?
Q38. You wish to use Network Autodiscovery because it sounds easier. How are the networks learned and how do you ensure that only specific networks are included?
Q39. What are the differences between a root certificate, a subordinate certificate, and an identity certificate?
Q40. What are the maximum numbers of certificates that may be used on concentrators?