Term
| Describe how Easy VPN Remote's client mode operates. |
|
Definition
Client mode specifies that NAT or PAT be used so that end stations at the remote end of the VPN tunnel do not use IP addresses in the space of the deistination server. The needed security associations (SA) are created automatically for IP addresses assigned to remote hosts. |
|
|
Term
| Describe how Easy VPN Remote's Network Extension mode operates. |
|
Definition
| Network Extension mode specifies that remote-end hosts use IP addresses that are fully routable and reachable by the destination network over the tunnel connection so that they for a single logical network. In such cases, PAT is not used, to allow remote-end PCs direct access to destination network services and applications. |
|
|
Term
| Describe how Easy VPN Remote's Network Extension Plus mode operates. |
|
Definition
| Network Extension Plus is identical to Network Extension mode, with the additional capabilities of being able to request an IP address via mode configuration and automatically assign it to an available loopback interface. The IPsec SAs for this IP address are automatically created. |
|
|
Term
| What are the 3 modes of operations supported by Easy VPN Remote? |
|
Definition
- Client mode - Network Extension - Network Extension Plus |
|
|
Term
| What is the requirement for Easy VPN servers in regards to ISAKMP? |
|
Definition
| Easy VPN Servers require the use of ISAKMP policies using Diffie-Hellman group 2 (1024-bit) IKE negotiation. The Easy VPN Server cannot be configured for ISAKMP group 1 or 5 when used with Easy VPN Clients. |
|
|
Term
| How must the Cisco Easy VPN Remote feature be configured in regards to specific authentication and encryption? |
|
Definition
| To ensure secure tunnel connections, it does not support transform sets providing only encryption or authentication. Both encryption and authentication must be represented. |
|
|
Term
| What are the 2 separate manners in which authentication can be performed when initiating IKE phase 1? |
|
Definition
| IKE phase 1 can authenticate with the use of a preshared key or by using a digital certificate for authentication. |
|
|
Term
| How does Reverse Route Injection work with Easy VPN Server? |
|
Definition
| Reverse Route Injection (RRI) is the process of injecting a static route into the IGP routing table. This static route points to the client's destination network. |
|
|
