CCNP

Layer 2 Tunneling Protocol over IPSec Complete the tasks outlined in this Practical Exercise. Also review the Practical Exercise solution to see how you did and to see what concepts you might need to review. In this Practical Exercise, you are the ... [full story]

PIX to Cisco VPN 3000 Client Complete the tasks outlined in this Practical Exercise. Also review the Practical Exercise solution to see how you did and to see what concepts you might need to review. In this Practical Exercise, you are the ... [full story]

PIX to Cisco Secure VPN Client with a Preshared Key Complete the tasks outlined in this Practical Exercise. Also review the Practical Exercise solution to see how you did and to see what concepts you might need to review. In this Practical ... [full story]

Router to VPN Client with a Preshared Key and NAT Complete the tasks outlined in this Practical Exercise. Also review the Practical Exercise solution to see how you did and to see what concepts you might need to review. In this Practical ... [full story]

IPSec/GRE with NAT Complete the tasks outlined in this Practical Exercise. Also review the Practical Exercise solution to see how you did and to see what concepts you might need to review. In this Practical Exercise, you are the administrator of a ... [full story]

IPSec Between Three Routers Using Private Addresses Complete the tasks outlined in this Practical Exercise. Also review the Practical Exercise solution to see how you did and to see what concepts you might need to review. In this Practical Exercise, you are ... [full story]

IPSec Router-to-Router Hub and Spoke Complete the tasks outlined in this Practical Exercise. Also review the Practical Exercise solution to see how you did and to see what concepts you might need to review. In this Practical Exercise, you are the administrator ... [full story]

Three Full-Mesh IPSec Routers Complete the tasks outlined in this Practical Exercise. Also review the Practical Exercise solution to see how you did and to see what concepts you might need to review. In this Practical Exercise, you are the administrator of ... [full story]

IPSec Router-to-Router Complete the tasks outlined in this Practical Exercise. Also review the Practical Exercise solution to see how you did and to see what concepts you might need to review. In this Practical Exercise, you will configure your R1 router to ... [full story]

Defining IPSec Transform Sets In this scenario, you define two transform sets. The first, named set1, uses the authentication SHA HMAC variant using transport mode. The second, named set2, uses the 3DES encryption algorithm with the SHA authentication algorithm using tunnel ... [full story]

Defining IKE Parameters In this scenario, you define two IKE proposals. The first uses DES, MD5, preshared keys, D-H group 1, and a lifetime of 600 seconds. The second proposal uses 3DES, SHA, RSA signatures, D-H group 2, and a lifetime ... [full story]

Monitoring and Maintaining QoS for VPNs You can use the following commands to monitor and maintain the QoS for VPNs feature. To display information on the tunnel or the virtual template, including the queuing strategy, use this command: R1#show interfaces [tunnel-name | ... [full story]

Configuring QoS for VPN Support You can configure the QoS for VPNs feature only on tunnel and virtual template interfaces and in crypto map configuration submodes. When used with GRE and IP-in-IP (IPIP) tunnel protocols, you configure QoS on the tunnel interface, ... [full story]

Frame Relay Traffic Shaping Frame Relay Traffic Shaping (FRTS) builds on existing support of congestion control by adding capabilities that improve a Frame Relay network's scalability and performance, increasing the density of VCs and improving response time. FRTS can be used to ... [full story]

Priority Queuing Priority queuing (PQ) is used to define how traffic is prioritized in your network. You can configure up to four traffic priorities with a series of filters based on packet characteristics to place traffic in these four queues. The ... [full story]

Custom Queuing Custom queuing (CQ) is designed to handle traffic by specifying the number of packets or bytes to be serviced for each class of traffic. It services the queues in a round-robin fashion, sending only the allocated portion of bandwidth ... [full story]

IETF Differentiated Services Differentiated Services, or DiffServ (DS), can redefine the IP ToS byte into a DiffServ byte (the DS byte). The DS byte relays a packet's required QoS level. It is also used to classify packets. DS uses per-hop behaviors ... [full story]

QoS for VPN Tunnels One issue you might face when implementing QoS in a VPN tunnel is the requirement that the QoS parameter you normally find in the header of the IP packet needs to be reflected in the tunnel packet ... [full story]

Congestion Avoidance Congestion avoidance is the ability to recognize and act on congestion in the output direction of an interface in an attempt to reduce or minimize the effects of that congestion. Congestion produces unwanted effects on a VPN and should be ... [full story]

Selecting a Traffic Policer Versus a Traffic Shaper Policing is used to drop excess traffic, and shaping is used to allow excess traffic to be queued. Shaping can be a better choice where applications are concerned, because shaped traffic does not ... [full story]

Traffic Shaping Traffic shaping lets you shape Layer 3 traffic into a desired set of rate parameters to enforce a maximum traffic rate. Its end result is a smooth traffic stream at the IP layer through the use of traffic-shaping queues ... [full story]

Bandwidth Management After your selected traffic has been classified, the next step is to ensure that it receives the special treatment it requires from the devices. You do this through the use of queuing and scheduling. You have the choice of two ... [full story]

Packet Classification The end result of packet classification efforts is to group packets based on your predefined criteria so that the resulting groups of packets can then be subjected to specific packet treatments. This can include faster forwarding by intermediate devices ... [full story]

QoS for Virtual Private Networks By implementing QoS, you can grant the appropriate service levels to your mission-critical applications. Because remote-access users do not usually care about the network topology or the high level of security/encryption or firewalls that handle their ... [full story]

Troubleshooting IKE You can use the following commands to troubleshoot IKE. This command displays the parameters for each configured IKE policy: R1#show crypto isakmp policy This command displays all current IKE SAs: R1#show crypto isakmp sa This command displays the crypto map ... [full story]

Clearing IKE Connections You can use the following commands to clear IKE connections. To display existing IKE connections, taking note of the connection identifiers for connections you want to clear, use this command: R1#show crypto isakmp sa Use this command to clear ... [full story]

Monitoring and Maintaining IPSec Certain configuration changes you make take effect only when you negotiate subsequent SAs. If you want your new settings to take effect immediately, you must clear the existing SAs so that they will be renegotiated with the ... [full story]

Memory and CPU Considerations Running IPSec can affect your device's memory usage and CPU utilization. There are several reasons that IPSec packets might be processed slower than packets that are processed through classic crypto: IPSec introduces packet expansion, which is more likely ... [full story]

Virtual Private Networks A VPN can be thought of as a private network you deploy on top of a shared infrastructure that employs the same security, management, and throughput policies you apply to your private network. You currently have three main ... [full story]

Cisco VPN 3000 Client The Cisco VPN 3000 client is a software package you use to provide secure connectivity for remote-access VPNs, including support for e-commerce, mobile user, and telecommuting applications. Some of its features include the following: Compatibility with most of ... [full story]

Cisco VPN 3000 Series Concentrators The Cisco VPN 3000 series concentrators are remote-access VPN platforms that combine high availability, high performance, and scalability with the most advanced encryption and authentication techniques available. Cisco VPN 3000 series concentrator features include the following: High-performance, ... [full story]

Cisco Security Routers and Switches Cisco has directly integrated security functionality into your network infrastructure through enhanced security features and functionality in Cisco routers and switches, enabling sophisticated security policy enforcement throughout the network. Cisco IOS software's enhanced VPN software features ... [full story]