Debug crypto isakmp Command Output (Continued)
The questions and scenarios in this book are designed to be challenging and to make sure that you know the answer. Rather than allowing you to derive the answers from clues hidden inside the questions themselves, the questions challenge your understanding and recall of the subject. Hopefully, mastering these questions will help you limit the number of exam questions on which you narrow your choices to two options, and then guess.A core piece of the teleworker or road warrior battle chest is certainly the ability to connect back to the corporate network to access company resources such as e-mail, file shares, documents, and other resources.CAUTION The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong for purposes of self-assessment. Giving yourself credit for an answer that you correctly guess skews your self-assessment results and might provide you with a false sense of security.
Cisco VPN Client Installation and Configuration Overview
The Cisco VPN Client Software can be downloaded from Cisco.com. A registered Cisco Connection Online (CCO) ID is required to access the software download area on Cisco.com. Cisco recommends that users maintain an up-to-date version of the software. In the absence of a CCO ID, it is possible to use the Microsoft IPsec client that is bundled with Microsoft Windows. After the software is installed, it should be launched so that connection entries can be imported back into the client or new connection entries can be created. Any created connections should be tested for functionality and reconfigured as needed to establish the needed connectivity.After the Cisco VPN Client Software has been downloaded from Cisco.com and saved to a working directory on the target hard disk, double-click the self-extracting executable file to begin the installation process. This initial step simply extracts the included files to the same working directory on the PC’s hard disk (the extraction location depends on the WinZip settings). Once all files are extracted, double-click the setup.exe file in the directory where all the files have been extracted to begin the installation process. Figure 17-1 lists the files extracted from the downloaded archive file.
The installation wizard is launched by double-clicking the setup.exe file. This process first checks to see whether an older version of the Cisco VPN Client is already installed. If a previous version is already installed, the existing software must first be uninstalled. Click the OK button on the warning screen to exit the installation. Uninstall the previous version either from the Windows Settings > Control Panel > Add or Remove Programs, or by navigating to Start > All Programs > Cisco System VPN Client > Uninstall VPN Client. Once the older version has been removed, the machine will require a reboot. If no previous version of the VPN Client is detected, the Welcome screen will be presented, as shown in Figure 17-2.Click Browse to select an alternative installation location. Otherwise, click Next to move the installation process to the Program Folders screen. This option provides the installer with the choice of how the Cisco VPN Client will be presented under the Windows Start menu. As shown in Figure 17-5, the default setting is to create a subfolder under the Programs folder called Cisco Systems VPN Client.
Cisco VPN Client Configuration
With the installation complete and the PC rebooted, the Cisco VPN Client Software can be launched. The interface is quite simple, as shown in Figure 17-7. It consists of a number of connection entries that facilitate connectivity to various VPN sites as might be offered by a large enterprise corporation. The Connection Entry field is simply a local name for the connection. It should be unique and allow the user to easily identify the site to which it connects. For added clarification, there is a Description field just below it as well.The Host field is of key importance as it will contain the IP address or the Fully Qualified Domain Name (FQDN) of the host so that a Domain Name System (DNS) lookup can be performed to resolve the IP address of the target VPN device.Transparent tunneling allows secure transfer of packets between the VPN Client and a secure gateway through a router running firewall services. Typically, such a gateway is also running either Network Address Translation (NAT) or Port Address Translation (PAT). IPsec endpoints expect the target IP addresses to be globally reachable. In the vast majority of networks today, some form of NAT or PAT is used to extend the number of IP addresses available. Transparent tunneling permits the IPsec end points to operate in such an environment.
Transparent tunneling must use common configuration parameters on both the VPN client and the VPN gateway. Transparent tunneling encapsulates Protocol 50 (Encapsulating Security Payload [ESP]) traffic inside of TCP or UDP datagrams. It can allow both Internet Security Association and Key Management Protocol (ISAKMP) and ESP to be encapsulated inside a transport protocol before being sent through a NAT/PAT device. Virtually every home network sits behind a PAT device, because the home ISP typically gives out only a single IP address. Transparent tunneling is useful when accessing VPN services via a small office/home office (SOHO) router.