CCNP Security VPN FAQ: Configuring Cisco 3002 Hardware Client for Remote Access
Q1. What screen is used on the head-end concentrator to demand the use of preshared keys?
Q2. You need to allow the main office to use PC Anywhere to connect to three separate machines at the remote office over the VPN. What mode must you use?
Q3. You are using individual authentication in PAT mode. Your tunnel is established but the user cannot log in. What is the first item you should examine?
Q4. What are the disadvantages in a large network (over 100 users) of using individual authentication with the internal authentication server in a VPN 3005 Concentrator?
Q5. You are the second user to connect through a VPN 3002 Hardware Client for which interactive hardware client and individual user authentication have been configured. What authentication information will you be required to enter?
Q6. You can use a static configuration for authenticating the VPN 3002 Hardware Client with the head-end concentrator. Why would you want to use interactive hardware client authentication?
Q7. Where is interactive hardware client authentication configured?
Q8. What authentication method is used for interactive hardware client authentication?
Q9. What must you configure on the VPN 3002 Hardware Client in order to use interactive hardware client authentication?
Q10. The HW Client tab of the Configuration | User Management | Groups | Modify (or Add)screen is used to configure individual user authentication. What other two attributes for individual user authentication can you set on this screen?
Q11. What is the default session idle timeout when using individual user authentication?
Q12. When individual user authentication is enabled, what initial screen are you directed to when you first try to establish a browser connection to an address in the private network of the head-end concentrator?
Q13. What VPN 3002 Hardware Client Manager screen can you use to quickly try to connect to the head-end concentrator?
Q14. What VPN 3002 Hardware Client Manager screen can you use when you want to view IKE Phase 1 and IPSec Phase 2 connection statistics?
Q15. What VPN 3002 Hardware Client Manager screen can you use if you suspect that DNS problems are interfering with user communications?
Q16. What screen is used on the head-end concentrator to demand the use of preshared keys?
Q17. Name five items to check when you are unable to connect a VPN tunnel and you are receiving IKE failures on Phase 1.
Answer: The five items to check when receiving Phase 1 errors are
- Xauth is required, but the proposal does not support Xauth.
- Check the priorities of IKE Xauth proposals in the IKE proposal list.
- Check the VPN 3002 Hardware Client group.
- Check the group on the VPN Concentrator.
- Check that all SA proposals are acceptable
Q18. You need to allow the main office to use PC Anywhere to connect to three separate machines at the remote office over the VPN. What mode must you use?
Q19. You need to have a device behind the head-end concentrator to send data as soon as the VPN tunnel is established. Which mode should you use? Can you use split tunneling under these circumstances?
Q20. What are the disadvantages in a large network (over 100 users) of using individual authentication with the internal server?
Q21. You are using individual authentication in PAT mode. Your tunnel is established but the user cannot log in. What is the first item you should examine?
Q22. What screen do you use on the VPN 3002 Hardware Client to configure preshared keys?
Q23. You appear to be experiencing a DoS attack that is initiating from the IP address assigned to one of your VPN 3002 Hardware Clients. What is the problem?
Q24. You need to allow the remote office to use PC Anywhere to connect to three separate machines at the main office over the VPN. What mode must you use?
Q25. Some of your remote sites can use split tunneling and others cannot. How is this
controlled?
Q26. Your remote site has an ISDN connection to the Internet. You are charged on a per-minute basis for connecting to the Internet. Which mode should you use?
Q27. What version of software must be running on the head-end concentrator to use PAT mode? What version is required for Network Extension mode?
Q28. You are the second user to connect through a VPN 3002 Hardware Client for which interactive hardware client and individual user authentication have been configured. What authentication information will you be required to enter?
Q29. You can use a static configuration for authenticating the VPN 3002 Hardware Client with the head-end concentrator. Why would you want to use interactive hardware client authentication?
Q30. Where is interactive hardware client authentication configured?
Q31. What authentication method is used for interactive hardware client authentication?
Q32. What must you configure on the VPN 3002 Hardware Client in order to use interactive hardware client authentication?
Q33. The HW Client tab of the Configuration | User Management | Groups | Modify (or Add) screen is used to configure individual user authentication. What other two attributes for
individual user authentication can you set on this screen?
Q34. What is the default session idle timeout when using individual user authentication?
Q35. When individual user authentication is enabled, what initial screen are you directed to when you first try to establish a browser connection to an address in the private network of the head-end concentrator?
Q36. What VPN 3002 Hardware Client Manager screen can you use to quickly try to connect to the head-end concentrator?
Q37. What VPN 3002 Hardware Client Manager screen can you use when you want to view IKE Phase 1 and IPSec Phase 2 connection statistics?
Q38. What VPN 3002 Hardware Client Manager screen can you use if you suspect that DNS problems are interfering with user communications?