《思科CCNP安全认证642-647官方指南(CCNP Security VPN 642-647 Official Cert Guide)_Howard Hooper编著》pdf电子书免费下载
下载方式一:
百度网盘下载地址:https://pan.baidu.com/s/1ghmFxpJBIe2YyBLLSo-0Ow
百度网盘密码:1111
下载方式二:
http://ziliaoshare.cn/Download/af_124529_pd_SKCCNPAQRZ642-647GFZN(CCNPSecurityVPN642-647OfficialCertGuide)_HowardHooperBZ.zip
|
|
作者:empty 页数:821 出版社:empty |
《思科CCNP安全认证642-647官方指南(CCNP Security VPN 642-647 Official Cert Guide)_Howard Hooper编著》介绍
This book is designed to provide in fur mation for the Csco CCNP Secuity VPN 642-647exam.Everyeffort has been madc to make this book as cam plete and as accurate as possible, hut now art anty or fit-ness s implied.neither liahitynocrespanahlity to any per san or entity with respect to any loss ard am iges a rig fromthe informati an contained in th shook or from the use of the dic sar programs that may accompany it.The opinions expe essed in this book belang to the authur and are not necessarily those of Csco Systems IncFeedback InformationAt Cisco Press, our goal is to create in-depth technical b oaks of the highest quality and value Each bookis crafted with care and precision, under g ning rigorous development that in ml ves the unique expertise ofmembers from the professi anal technical communityReaders'fued back is a natural continuation of this process.If you have any comments regarding how wethroughemailatfeedbackeFcicopress.com.Please make sure to include the booktitle and ISBN in yourmessage.
We greatly appreciate your assistance.Corporate and Government SalesCi seo Press offers excellent discounts an this book when arde red in quantity for bulk purchases or special sales.For mure information.pleasecontact:U.5.CorporateandGovernmentSales1-800-382-3419corpsalesepearsontechgroup.comFor sales outside nf the US.pleasecontact:TntemnaionalSales1-317-581-3793internationalepearson-techgroup.comWe greatly appreciate your ass stan ee.
Trademark AcknowledgmentsAll terms mentioned in this book that are known to be trade t turks or servicemarks have been approp eately capita zed.Cisco Press ce Cisco Systems, In e.can not attest to the accuracy of this informs tion.Use ofa term in this book should not be regarded as affecting the validity of any trademark or servicemark.Corporate and Government SalesThe publisher offers excellent discounts on this book when ordered in quantity for bulk purch is es or spe-ness.training goals.marketing focus, and branding interests.For more into rmation, please contact:U IsCapa fac and Go emmet sals 80-8-3419CorpsCUpCaonteenBre up comFor sales ouside the United States, please conta et:Int et national Sales international et pearson ed.comPublisher:Paul BogerManager.Global Certification:Erik Ull andersonAssociate Publisher:Dave Dust him erBusiness Operation Manager, Cisco Press An and SundaramManaging Editor:Sandra SchroederTechnical Editors:James Risler.Cristian MateiEditor a al Assistant:Vanessa EvansCompositor:Mark Shira rExecutive Editor:Brett BartowDevelopment Editor:Kimberley DebusBook Designer:Gary AdairProofreader:Water Crest Pub i hing.Inc.Indexer:Tim W rig heSenior Project Editor:Tonya SimpsonCopy E dir or:Keith Cline
About the AuthorHoward Hooper, CCIE No.23470, CCNP.CCNA.CCDA.JN CIA, warksasanetwurkconsultant for his companies SYNCom Ltd.and Transcend Networks Lrd., specializing innetwork design, installation, and automation for enterprise and government clients.Hehas worked in the network industry for 10 years, starting his career in the serviceprovider field as a support engineer.before moving on to installations engineer and net-work architect roles, working on small, medium, enterprise, and service provider networks.About the Technical ReviewersJames Risler, CCIE No.15412.is a systems engineer education specialist for CiscoSystems.His focus is on security technology and training development.james has moreDedicationsthan 18 years of experience in IP internetworking, including the design and implement a-tion of enterprise networks.Before joining Cisco Systems James provided Cisc a securitytraining and consulting for Fortune 500 companies and government agencies.He holdstwo Bachelor degrees from University of South Florida and is currently working on hisMBA at the University of Tampa.Cristian Matei, CCIE No.23684.is a senior security consultant for Data net Systems.Cisco Gold Partner in Romania.He has designed, implemented, and maintained multiplelarge enterprise nee works covering the Cisco security, routing, switching, and wirelessportfolio of pro duets.Cristian started this journey back in 2005 with Microsoft technol-ogy and finished MCSE Security and MCSE Messaging tracks.He then joined Data netSystems, where he quickly obtained his Security CC lE among ocher certifications andspecializations such as CCNP.CCSP and CCD I Since 2007.Cristian has been a CiscoCertified Systems Instructor(CCSI) teaching CCNA, CCNP and CCSP curriculum cours-es.In 2009, he was awarded by Cisco with Cisco Trusted Technical Advisor(TTA) andgot certified as Cisco IronPort Certified Securty Professional on Email and Web(CICS P.That same year, he started his collaboration with Internetwork Expert as techni-cal editor on the CCIE Routing&Switching and Security Workbook series.In 2010,Cristian earned his ISACA Certified Information SecurityManager(ClSM) certification.He is currently preparing for Routing&Switching, Servic c Provider CC lE tracks and canbe found as a regular active member on Internetwork Expert and Cisco forums.I dedicate th shook to my famiy, without whom I would not be in the position that I amand have the opportunities l currently enjoy.In particular.I want to say special thanks to the following:My grandfather, Geoffrey, for becoming my father figure and teaching me what I considerto be one of the most important lessons I received early on in my life:that you mustwork and work hard for what you want.You are forever missed and never fur gotten.My mother, Sally, for providing me with the greatest example of personal strength anddetermination anyone could ever hope to possess.You scaled mountains to make sure wealways had everything we needed and were protected:we are only here because of you.Myson, Ridley, forgiving me the reason I need at times to carry on and the drive tobecome better at everything I do.Eventhough I can not be there all the time, Daddyloves you very much.I hope I have and will always go on to make you proud of me.I would not be the man lam today with our you, for that I thankyou.
When writing a book, a small army uf people back you up and undertake a huge amountof work behind the scenes.I want to thank everyone in valved who helped with the writ-ing, te viewing.editing, and production of this book.In particular, I want to acknowledgeBrett Bartow forgiving me this fantastic opportunity and for his help with the manydeadline extensions and obstacles that presented themselves along the way.l also want toacknowledge and thank Kimberley Debus, who transformed my words into human-read-able form and kept me on track.1knowshe worked many late nights and weekends tohelp complete this bo uk, and I shall miss our“conversations through the comments. Iwll be forever grateful to both of you.Thanks must also go out to the two technical reviewers, Cristian Matei and James Risler.Your comments and suggestions have been brilliant throughout the entire book.Yourhelp and input has definitely made this book better.Last, burby no means least, I want thank in y family and co-workers for their supportduring the writing of this book.Without that support.this would not have been possible,and as soon as I have caught upon sleep again.I wll be conscious enough to thankyoupersonally.
《思科CCNP安全认证642-647官方指南(CCNP Security VPN 642-647 Official Cert Guide)_Howard Hooper编著》目录
Acknowledgments
Contents at a Glance
Part I
Chapter 1
Chapter 2
Part II
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Part III
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Introduction xxiv
AS A Architecture and Technologies Overview
Evaluation of the AS A Architecture 3
Configuring Polic les, Inheritance, and Attributes 47
Cisco Any Connect Remote-Access VPN Solutions
Deploying an Any Connect Remote-Access VPN Solution73
Advanced Authentication and Authorization of Any Connect VPNs 119
Advanced Deployment and Management of
the Any Connect Client 165
Advanced Authorization Using AAA and DAPs 197
Any Connect Integration with CiscoSecure Desktop and
Optional Modules 221
Any Connect High Availab iy and Performance 249
Cisco Clientless Remote-Access VPN Solutions
Deploying a Clientless SSL VPN Solution 279
Advanced Clientless SSL VPN Settings 337
Customizing the Clientless Portal 373
Advanced Authorization Using Dynamic Access Policies 413
Clientless SSL VPN with CiscoSecure Desktop 439
Clientless SSL VPN High-Availablity and Performance Options 467
Cisco IPsec Remote-Access Client Solutions
Advanced Authentication and Authorization Using Easy VPN 551
Chapter 15 Deploying and Managing the Cisco VPN Client 481
Part VCisco Easy VPN Solutions
Chapter 16Deploying Easy VPN Solutions 515
Chapter 17
Chapter 18Advanced Easy VPN Authorization 579
Evaluat on Warning:The document was created with Spire.PDF for.NET.
vil CCNP Security VPN 642-647 Official Cert Guide
Chapter 19HighAvailabty and Performance for Easy VPN 599
Chapter 20EasyVPN Operation Using the ASA5505asa Hardware Client 621
Part VICisco IPsec Site-to-Site VPN Solutions
Chapter 21 Deploying IPsec Site-to-Site VPNs 639
Chapter 22High Availability and Performance Strateg les for IPsec
Part VII
Chapter 23
Part VIII
Appendix A Answers to the Dol Know This Already?Quizzes 699
Appendix B 642-647CCNPSecurtyVPNExam Updates.Version 1.0703
Appendix C Memory Tables(CD only)
Appendix D Memory Tables Answer Key(CD only)
Contents
Part lAS A Architecture and Technolog les Overview
Chapter 1
Chapter 2
Site-to-Site VPNs 667
Exam Preparation
Final Exam Preparation 693
Appendixes
Glossary 707
Index 712
Introduction xxiv
Evaluation of the AS A Architecture3
“Dol Know This Already?Qu xz 3
Foundation Topics 6
Examining AS A Control Fundamentals 6
Ix
Interfaces, Security Levels, and EtherChannels 6
Security Le rels 9
Same Securi ry Interface and Intra-In rer face Com manic arion 10
Ether Chat nels 11
AccessControl Lists 12
Modular Policy Framework 15
Routing the Environment 16
Address Translations and Your AS A 18
AAA for Network-Based Access 21
AS A VPN Technology Coin paris on 24
Managing Your AS A Device 27
Packet Processing 28
Controlling VPN Access 29
The Good, the Bad, and the Licensing 32
Time-Based Licenses 41
When Time-Based and Per man enr Licenses Combine 42
Shared SSL VPN Licenses 43
Failover Licensing 43
Exam Preparation Tasks 44
Review All Key Topics 44
Complete Tables and Lists from Memory 44
Def inc Key Terms 44
Configuring Policies, Inheritance, and Attributes 47
“DoI Know This Already?Quiz 47
Foundation Topics 49
Policies and Their Relationships 49
Understanding Connection Profiles 50
Group URL 52
Group Alias 52
xCCNPSecuntyVPN 642-647 Official Cert Guide
Certificate to Connec ion Profile Mapping 53
Per-User Connection Profile Lock 54
De faul r Connection Profiles 55
Understanding Group Policies 56
Configure User Attributes 59
Using External Servers for AAA and Policies 60
Exam Preparation Tasks 70
Review All Key Topics 70
Comple re Tables and Lists from Memory 70
Define Key Terms 70
Cisco Any Connect Remote-Access VPN Solutions
Part II
Chapter 3
Chapter 4
Chapter 5
Deploying an Any Connect Remote-Access VPN Solution 73
Dol Know This Alr cady? Quiz 73
Foundation Topics 76
Full SSL VPN Technology Overview 76
SSLTLS 76
DTLS 80
I KEv 281
Configuration Procedures, Deployment Strategies,
and Information Gathering 83
Any Connect Secure Mob lity Client Installation 84
Deploying Your First Ful-Tunnel Any Connect SSL VPN Solution 85
IP Addressing 85
Hostname.DomainName, and DNS 85
Enroll with aCA and Become a Member of a PKI 86
Add an Identity Certificate 87
Add the Signing Root CA Certificate 88
Enable the Interfaces for SSLDTLS and Any Connect Client Connections 88
Creat ca Connection Profile 89
Deploying Your First Any Connect IKEv2VPN Solution 92
Enable the Relevant Interfaces for IKE vZ and Any Connect
Create a Connection Profile 94
Clic nt IPAddress Allocation 97
Connection Profile Address Assignment 98
Group Policy Address Assignment 100
Direct User Address Assignment 104
Advanced Controls for Your Environment 104
ACLs and Downloadable ACLs 105
Split Tunneling 107
Access HoursTime Range110
Troubleshooting the Any Connect Secure Mobilty Client 111
Exam Preparation Tasks 117
Review All Key Topics 117
Complete Tables and Lists from Memory 117
Define Key Terms 117
Advanced Authentication and Authorization of Any Connect VPNs 119
“Dol Know This Already?Quiz 119
Foundation Topics 121
Authentication Options and Strategies 121
Provisioning Certificates as a Local CA 126
Configuring Certificate Mappings 134
Certificate-to-Connection Profile Maps 135
Mapping Criteria 136
Provisioning Certificates from a Third-Party CA 139
Configure an XML Prof lc for Use by the Any Connect Client 141
Configure a Dedicated Connection Profile for Enrol Iment 144
Enroll the Any Connect Client into a PKI 145
Optionally, Configure Client Cer if icate Selection 147
Import the Issuing CAs Certificate into the AS As 149
Create a Connection Profile Using Certificate-Based Authentication 150
Advanced PKI Deployment Strategies 151
CRLs 152
OCSP 152
Doubling Upon Client Authentication 155
Troubleshooting Your Advanced Configuration 161
Exam Preparation Tasks 163
Re vic wAll Key Topics 163
Complete Tables and Lists from Memory 163
Define Key Terms 163
Advanced Deployment and Management of
the Any Connect Clien