CCNA 5.0
Planning Guide
Chapter 7: Securing Site-toSite Connectivity
Connecting Networks
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
1
Chapter 7: Objectives
After completing this chapter, students will be able to:
 Describe benefits of VPN technology.
 Describe site-to-site and remote access VPNs.
 Describe the purpose and benefits of GRE tunnels.
 Configure a site-to-site GRE tunnel.
 Describe the characteristics of IPsec.
 Explain how IPsec is implemented using the IPsec protocol
framework.
 Explain how the Anyconnect client and clientless SSL remote
access VPN implementations support business requirements.
 Compare IPsec and SSL remote access VPNs.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
2
Chapter 7: Overview
This chapter:
 Explains the concepts and processes related to VPNs
 Explains the benefits of VPN implementations and the underlying
protocols required to configure VPNs
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
3
Chapter 7: Activities
What activities are associated with this chapter?
 7.0.1.2 Class Activity – VPNs at a Glance
 7.1.1.3 Activity – Identifying the Benefits of VPNs
 7.1.2.3 Activity – Compare Types of VPNs
 7.1.2.4 Packet Tracer – Configuring VPNs (Optional)
 7.2.1.3 Activity – Identifying GRE Characteristics
 7.2.2.2 Syntax Checker – Configure and Verify GRE
 7.2.2.3 Packet Tracer – Configuring GRE
 7.2.2.4 Packet Tracer – Troubleshooting GRE
 7.2.2.5 Lab – Configuring a Point-to-Point GRE VPN Tunnel
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
4
Chapter 7: Activities (cont.)
What activities are associated with this chapter?
 7.3.2.7 Activity – Identifying IPsec Terminology and Concepts
 7.3.2.8 Packet Tracer – Configuring GRE over IPsec (Optional)
 7.4.1.4 Activity – Compare Cisco SSL VPN Solutions
 7.4.2.5 Activity – Identify Remote-Access Characteristics
 7.5.1.1 Class Activity – VPN Planning Design
 7.5.1.2 Packet Tracer – Skills Integration Challenge
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
5
Chapter 7: Packet Tracer Activity Password
The password for all the Packet Tracer activities in this chapter is:
PT_ccna5
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
6
Chapter 7: Assessment
 Students should complete Chapter 7 Exam after completing
Chapter 7.
 Worksheets, labs and quizzes can be used to informally assess
student progress.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
7
Chapter 7: New Terms and Commands
What terms and commands are introduced in this chapter?
7.1.1.1
7.1.2.1
7.1.2.2
7.2.2.1
7.2.2.2
7.3.1.1
7.3.1.2
7.3.2.1
Presentation_ID
VPNs
Tunnel
Generic Routing Encapsulation (GRE)
Cisco Adaptive Security Appliance (ASA)
Site-to-site VPNs
VPN Gateway
Remote Access VPNs
Cisco AnyConnect Secure Mobility Client
interface tunnel number command
tunnel source command
tunnel destination command
show interface tunnel command
IP Multicast Tunneling
IPsec
Anti-replay Protection
Encryption
Decryption
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
8
Chapter 7: New Terms and Commands
(cont.)
What terms are introduced in this chapter?
7.3.2.2
7.3.2.3
7.3.2.4
7.3.2.5
7.3.2.6
Presentation_ID
Symmetric Encryption
Asymmetric Encryption
Public Key Encryption
Diffie-Hellman Key Exchange
OAKLEY
IKE protocol
Hash
Hash-based Message Authentication Code (HMAC)
MD5
SHA
Pre-shared Key (PSK)
RSA Signature
Certificate Authority (CA)
Digital Signature Algorithm (DSA)
Authentication Header (AH)
Encapsulating Security Payload (ESP)
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
9
Chapter 7: New Terms and Commands
(cont.)
What terms are introduced in this chapter?
7.4.1.1
7.4.1.2
7.4.2.1
Presentation_ID
Secure Sockets Layer (SSL) VPN
IP Security (IPsec) VPN
Cisco AnyConnect Secure Mobility Client with SSL
Cisco Secure Mobility Clientless SSL VPN
Cisco Easy VPN Server
Cisco Easy VPN Remote
Cisco VPN Client
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
10
Chapter 7: Best Practices
For best practices, the instructor should:
 Use this chapter as an introduction to CCNA Security.
 Make this chapter as hands-on as possible.
 Encourage students to complete chapter activities, labs, and to use
the Syntax Checker.
 Refer to the CCNA Security curriculum for more labs and reference
materials.
 Use http://www.cisco.com for additional VPN materials.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
11
Chapter 7: Additional Help
 For additional help with teaching strategies, including lesson
plans, analogies for difficult concepts, and discussion topics, visit
the CCNA Community at
http://community.netacad.net/web/ccna/files.
 If you have lesson plans or resources that you would like to
share, upload them to the CCNA Community to help other
instructors.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
12
Chapter 7: Topics Not in ICND2 200-101
 This section lists topics covered by this chapter that are NOT listed
in the ICND2 200-101 Blueprint. Those topics are posted at
http://www.cisco.com/web/learning/exams/list/icnd1b.html.
 Instructors could skip these sections; however, they should provide
additional information and fundamental concepts to assist the
student with the topic.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
13
Chapter 7: Topics Not in 200-101 ICND2
What sections of this chapter are NOT in the 200-101 ICND2
certification blueprint?
7.0.1
7.1
7.2
7.3
7.4
7.5
Presentation_ID
Topic - Introduction
Section - VPNs
Section – Site-to-Site GRE Tunnels
Section – Introducing IPsec
Section – Remote Access
Summary
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
14
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
15
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
16