Which two technologies are considered to be Suite B cryptography?
Which two technologies are considered to be Suite B cryptography? (Choose two.)
Which protocol does DTLS use for its transport?
Which protocol does DTLS use for its transport?
You have completed this exercise when you have configured and successfully tested…
SIMULATION
Scenario:
Youare the network security manager for your organization. Yourmanager has received a
request to allow an external user to access to your HQ and DM2 servers. Youare given thefollowing connection parameters for this task.
Using ASDM on the ASA, configure the parameters below and test your configuration by
accessing the Guest PC. Not all AS DM screens are active for this exercise. Also, for this
exercise, all changes are automatically applied to the ASA and you will not have to click APPLY
to apply the changes manually.
• Enable Clientless SSL VPN on the outside interface
• Using the Guest PC, open an Internet Explorer window and test and verify the basic
connection to the SSL VPN portal using address: https://vpn-secure-x.public
• a. Youmay notice a certificate error in the status bar, this can be ignored for this exercise
• b. Username: vpnuser
• c. Password: cisco123
• d. Logout of the portal once you have verified connectivity
• Configure two bookmarks with the following parameters:
• a. Bookmark List Name: MY-BOOKMARKS
• b. Use the: URL with GET or POST method
• c. Bookmark Title: HQ-Server
• i. http://10.10.3.20
• d. Bookmark Title: DMZ-Server-FTP
• i. ftp://172.16.1.50
• e. Assign the configured Bookmarks to:
• i. DfltGrpPolicy
• ii. DfltAccessPolicy
• iii. LOCAL User: vpnuser
• From the Guest PC, reconnect to the SSL VPN Portal
• Testboth configured Bookmarks to ensure desired connectivity
You have completed this exercise when you have configured and successfully tested Clientless
SSL VPN connectivity.
Topology:
What is being used as the authentication method on the branch ISR?
Scenario:
You are the senior network security administrator for your organization. Recently and junior
engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA
and a remote branch office.
You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly
configured according to designated parameters. Using the CLI on both the Cisco ASA and
branch ISR, verify the IPsec configuration is properly configured between the two sites.
NOTE: the show running-config command cannot be used for this exercise.
Topology:
What is being used as the authentication method on the branch ISR?
Which transform set is being used on the branch ISR?
Scenario:
Youare the senior network security administrator for your organization. Recently and junior
engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA
and a remote branch office.
Youare now tasked with verifying the IKEvl IPsec installation to ensure it was properly
configured according to designated parameters. Using the CLI on both the Cisco ASA and
branch ISR, verify the IPsec configuration is properly configured between the two sites.
NOTE: the show running-config command cannot be used for this exercise.
Topology:
Which transform set is being used on the branch ISR?
what state is the IKE security association in on the Cisco ASA?
Scenario:
You are the senior network security administrator for your organization. Recently and junior
engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA
and a remote branch office.
You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly
configured according to designated parameters. Using the CLI on both the Cisco ASA and
branch ISR, verify the IPsec configuration is properly configured between the two sites.
NOTE: the show running-config command cannot be used for this exercise.
Topology:
In what state is the IKE security association in on the Cisco ASA?
Which crypto map tag is being used on the Cisco ASA?
Scenario:
Youare the senior network security administrator for your organization. Recently and junior
engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA
and a remote branch office.
Youare now tasked with verifying the IKEvl IPsec installation to ensure it was properly
configured according to designated parameters. Using the CLI on both the Cisco ASA and
branch ISR, verify the IPsec configuration is properly configured between the two sites.
NOTE: the show running-config command cannot be used for this exercise.
Topology:
Which crypto map tag is being used on the Cisco ASA?
what address preservation with IPsec Tunnel Mode allows when GETVPN is used?
Which option describes what address preservation with IPsec Tunnel Mode allows when
GETVPN is used?
Which feature is available in IKEv1 but not IKEv2?
Which feature is available in IKEv1 but not IKEv2?
Which feature is enabled by the use of NHRP in a DMVPN network?
Which feature is enabled by the use of NHRP in a DMVPN network?