vpnsite.net

When you?re looking at a Cisco router configuration, figuring out what the different passwords do can be a little confusing at first. But as I tell all my students, the key to understanding something that looks complex is to break it down to smaller parts.

Having said that, let?s take a look at a typical running configuration and then break it down line by line to make sure you understand what each password is doing. This is a must for success on exam day and on the job!

Username r1 password router

Username chris password Bryant

Username david password stimpson

Enable password cisco

Enable secret ccna

Service password-encryption

Line console0

Login

Password passexam

Line vty 0 4

Login

Password ccnp

There?s a lot going on in that little configuration. Working from top to bottom, let?s take a look at what each section does.

Username r1 password router

Username chris password Bryant

Username david password stimpson

The username / password combination creates a local database that the router will use to authentication users connecting on your BRI lines, and it?s also used to authenticate users connecting via telnet!

To use the local database instead of a common VTY password:

Line vty 0 4

Login local

This allows each user to have their own password instead of everyone using the single VTY line password.

Enable password cisco

Enable secret ccna

The enable password and enable secret commands are used to do the same thing ? protect privileged exec mode, more commonly referred to as enable mode.

Why use both? The enable password is still in use for backwards compatibility. Most routers are configured with both, and they?ll probably be different. (This is because the router?s going to prompt you for a different password for one if you try to set them both to the same word.)

If we only have one enable mode to protect, but two different passwords, which one should a user enter? The enable secret ? because the enable secret always has precedence over the enable password. No exceptions. (We don?t get to say that very often in Ciscoland, do we? J )

There?s one other major difference. The enable secret is encrypted by default the enable password is displayed in clear text. Actually, all the other passwords you see above will be displayed in clear text by default.

Service password-encryption

This default can be changed by activating a Cisco router service that?s off by default. Run the service password-encryption command to encrypt all passwords in your configuration.

Before a user gets to enable mode, though, there may be a password to start working at the console to begin with. This password has to be entered just to get to user exec (assuming the previous user logged out fully and correctly!).

Line console0

Login

Password passexam

Note that there are two commands. You need to enable the password function with the ?login? command, and then set a password. The order in which you enter these two commands does not matter ? just make sure you enter them both!

Line vty 0 4

Login

Password ccnp

Of course, the VTY lines are used to enable Telnet connectivity and to set a password. Cisco requires a password be set for Telnet access, and this basic configuration will prompt any user for the one single password. This password would apply to all five simultaneous Telnet connections if more than one user were telnetting in at once.

For much more on Telnet, read my tutorial on the subject, found at www.thebryantadvantage.com

To get your CCNA, you?ve got to be more than ready for password questions. Whether you?re asked to set one or troubleshoot an existing configuration on an exam or on the job, these should be second nature to you. And they will be, once you break a configuration like this into smaller parts.

To your success,

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of free CCNA and CCNP tutorials, The Ultimate CCNA Study Package, and Ultimate CCNP Study Packages. For a FREE copy of his latest e-books, ?How To Pass The CCNA? and ?How To Pass The CCNP?, visit the website and download your free copies. You can also get FREE CCNA and CCNP exam questions every day! Pass the CCNA exam with The Bryant Advantage!

To pass the CCNA exam, you’ve got to know how to work with IGRP and EIGRP unequal-cost load balancing. You may not see much IGRP in production networks anymore, but you’ll see a lot of EIGRP, and part of fine-tuning your EIGRP network is making sure that all paths are in use while allowing for varying bandwidth rates.

Using the variance command is the easy part - it’s getting the metric that’s the hard part with IGRP. With EIGRP, you just look in the topology table and that’s it. With IGRP, you’ve got to run a debug to get the right metric.

The variance command is a multiplier when the value supplied with the variance command is multiplied by the lowest-cost metric, it must exceed the higher-cost metric in order for the higher-cost route to be added.

If that sounds complicated, it’s not. It’s one of those things that sounds difficult, but isn’t. Trust me!

In this example, R1 has two paths to 172.23.0.0, but is currently using only one. By looking in the IP routing table, we’ve seen that the lowest-cost metric for network 172.23.0.0 on R1 is 8576. This path goes through the 172.12.123.0 network. There is another valid path that uses the 172.12.13.0 network, but is not currently in use.

I 172.23.0.0/16 [100/8576 via 172.12.123.2, 00:00:53, Serial0

IGRP does not have a ?show command that displays all valid routes to a destination, as does EIGRP. The command debug ip igrp transactions will show the current metric of the routes using the 512 KBPS route.

R1#debug ip igrp transactions

IGRP protocol debugging is on

19:17:51: IGRP: broadcasting request on Loopback0

19:17:51: IGRP: broadcasting request on Serial0

19:17:51: IGRP: broadcasting request on Serial1

19:17:51: IGRP: received update from 172.12.13.3 on Serial1

19:17:51: subnet 172.12.13.0, metric 23531 (neighbor 21531)

19:17:51: subnet 172.12.123.0, metric 23531 (neighbor 8476)

19:17:51: network 1.0.0.0, metric 24031 (neighbor 8976)

19:17:51: network 2.0.0.0, metric 22131 (neighbor 1600)

19:17:51: network 3.0.0.0, metric 22031 (neighbor 501)

19:17:51: network 172.23.0.0, metric 21631 (neighbor 1100)

R1(config)#router igrp 1
R1(config-router)#variance 3
R1#show ip route 172.23.0.0
Routing entry for 172.23.0.0/16
Known via igrp 1, distance 100, metric 8576
Redistributing via igrp 1
Advertised by igrp 1 (self originated)
Last update from 172.12.123.2 on Serial0, 00:00:01 ago
Routing Descriptor Blocks:
* 172.12.13.3, from 172.12.13.3, 00:00:20 ago, via Serial1
Route metric is 21631, traffic share count is 1
Total delay is 21000 microseconds, minimum bandwidth is 512 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 0
172.12.123.3, from 172.12.123.3, 00:00:20 ago, via Serial0
Route metric is 8576, traffic share count is 3
Total delay is 21000 microseconds, minimum bandwidth is 1544 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 0
172.12.123.2, from 172.12.123.2, 00:00:01 ago, via Serial0
Route metric is 8576, traffic share count is 3
Total delay is 21000 microseconds, minimum bandwidth is 1544 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 0

The metric for 172.23.0.0 through the direct connection is 21631. A variance of 3 means that any route with a metric less than the best metric multiplied by the variance (in this case, 8576 x 3 = 25728) will be entered into the routing table. R1 now has three unequal-cost paths to 172.23.0.0 in its routing table, and load balancing will take place.

IGRP unequal-cost load balancing takes some practice, but as you can see, once you get the metric it’s easy to work with. Just make sure you know how to get that metric!

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of free CCNA and CCNP tutorials, The Ultimate CCNA Study Package, and Ultimate CCNP Study Packages.

You can also join his RSS feed and visit his blog, which is updated several times daily with new Cisco certification articles, free tutorials, and daily CCNA / CCNP exam questions! Details are on the website.

For a FREE copy of his latest e-books, ?How To Pass The CCNA? and ?How To Pass The CCNP?, visit the website and download your free copies. You can also get FREE CCNA and CCNP exam questions every day! Get your CCNA study guide from The Bryant Advantage!

Price :

Features

• LAN Ports - 4 10/100 Mbps RJ-45
• WAN Ports - 1 10/100 Mbps RJ-45
• Weight - 1.27 lbs.

Product Description

The Linksys 10/100 4-Port VPN Router is an advanced Internet-sharing network solution for your small business needs. Like any router, it lets multiple computers in your office share an Internet connection. But the unique dual Internet ports on the 10/100 4-Port VPN Router let you connect a second Internet line as a backup to insure that you’re never disconnected. Or, use both Internet ports at the same time, and let the router balance your office’s requirements between them for maximum bandwidth efficiency.The 10/100 4-Port VPN Router also features a built-in 4-port full-duplex 10/100 Ethernet switch to connect four PCs directly, or you can connect more hubs and switches to create as big a network as you need.The Virtual Private Network (VPN) capability creates encrypted tunnels through the Internet, allowing up to 30 remote office or traveling users to securely connect into your office network from off-site. Users connecting through a VPN tunnel are attached to your company’s network - with secure access to files, e-mail, and your intranet - just as if they were in the building. You can also use the VPN capability to allow users on your small office network to securely connect out to a corporate network.The 10/100 4-Port VPN Router can serve as a DHCP Server, and has a powerful SPI firewall to protect your PCs against intruders and most known Internet attacks. It can be configured to filter internal users’ access to the Internet, and has IP address filtering so you can specify exactly who has access to your network. Configuration is a snap with the web browser-based configuration utility.As the heart of your small office network, the connection-redundant Linksys 10/100 4-Port VPN Router gives you the connection reliability your business needs.

Customer Reviews

Review date : 2008-10-15
Used the unit in a small office with 50 users.

First the good.
- Easy to set up
- Reliable firewall and router
- keywords used for internet blocking of web sites

The bad:
-VPN does not work properly. Wasted weeks on this. Tried the cisco/Linksys software and it was useless. Also only supports 5 users when using PPTP. Continual issues with unreliable results.
-When the battery dies you need to replace the unit.
-Cannot block messenger apps

In the end I switched to m0n0wall for the firewall. Installing it onto a retired NT4 box. Removed the hard drive and booted from the CD ISO image. Config saves onto a floppy. Felt good going "green" by resurrecting this old box.

For the VPN and content filtering i am still looking. M0n0wall allows a lot more VPN clients than the RV042 but not intuitive to set up. M0n0 also has graphs of through put an CPU usage.Have used OpenVPN for IPSEC and works more reliably than the RV042 for VPN. While these two options take longer to set up than the RV042 they are FREE.

For a product I pay for I want:
-Ease of set up.
-Trouble free VPN set up
-No restriction on VPN connects.
-Decent monitoring and logging tools.
-Ability to KILL IM and Torrent traffic, or at least capture and log IM traffic to deter staff goofing off

Review date : 2008-09-13
After much investigation, I decided on the Linksys dual WAN router. My apartment has 02 broadband connections: Cable and ADSL. I wanted a router that I could use for both load balancing my internet connection between them, automatic fail over from one link to the other, and VPN.
I installed the VPN PPTP server, and my Windows XP connection over the internet was a breeze.
The load balancing features are a little difficult to understand at the first moment, but then after some time playing around, it clicks.
Performance of the router is good. No issues here.
Upgrade to the latest firmware as soon as you get it.
It replaced my previous wireless router from linksys as well.
Recommend to anyone who wants to use 2 WAN connections (home-office of small office).

Review date : 2008-07-13
This is a inexpensive alternative to a Cisco firewall/router for a small business that needs VPN. To prep for the install, I went to Linksys.com and got the latest firmware. Even with the latest firmware, installing the RV042 took much more time than initially anticipated: ATT DSL modem needed a hard reset and then placed into Ethernet bridge mode. The DSL modem would not function correctly when connected to the WAN1 port; had to use WAN2. Keepalive setting per ATT was incorrect. Needed to adjust MTU settings or FTP transfers would not work reliably. Finally got it working and set up VPN. Happy to see that RV042 includes built in PPTP server. This means that VPN clients can use the MS PPTP VPN client that comes with Windows. No need to install the Linksys VPN software on client PCs. Note that using RV042 PPTP, limits you to 5 VPN users. In summary, product is recommended only for someone with networking experience. Even then, be prepared to spend some frustrating time.

Review date : 2008-01-09
I own two of these, and had no problems getting vpn up and rolling, but after 1.5 years, I’ve had both units fail within a month of one another (both just started blinking warning - fried - both in different locations in the us), and fell in with linksys’s absolute crap-poor technical support. I ended up finding it a better use of my time just to dump these units and replace them than deal with linksys’s absolutely insanely bad indian technical support.

Here’s the hard part. I replaced the first unit, and it fried to. So, I’m out 450 bucks, and then I call technical support, and they won’t support the older units even though I have just purchased a new one, and want to charge me $35 bucks because one of the 2 units I’m trying to get vpn working with is "out of warranty" even though the one I’m trying to configure it brand new! What the heck? Not to mention the level of technical competency of the people I was on the phone with was next to nothing (total script readers), and they wouldn’t listen to common sense - oh, and I got disconnected all the time.

As a VERY long time customer (almost from their inception), I’m never buying another product from them. They’ve made some very bad business choices, and their support and product quality has dropped to third world levels. I can’t believe this is a Cisco company - they should be ashamed of their acquisition.

Do yourself a favor. Run away from Linksys.

Review date : 2007-11-13
Before you purchase a RV042, check the RV082 and RV016 carefully - they are similar routers, but have different capabilities. Your needs may not be met by the RV042.

Also - no matter what model you buy - before you bein configuration first upgrade the firmware! failure to do so will result in disappointing performance!

Price : $40.24

Features

• Sold Individually

Product Description

The Cisco VPN Client is software that enables customers to establish secure, end-to-end encrypted tunnels to any Cisco Easy VPN server. The client can be preconfigured for mass deployments and initial logins require very little user intervention. VPN access policies and configurations are downloaded from the central gateway and pushed to the client when a connection is established, allowing simple deployment and management.

Main Features

• Manufacturer: Cisco Systems, Inc
• Manufacturer Part Number: CVPN-CLIENT-K9=
• Manufacturer Website Address: www.cisco.com
• Software Sub Type: Network Connectivity/Management
• Software Name: VPN Client v.4.6 - Media Only
• Features & Benefits:
• Support for Windows 98, ME, NT 4.0, 2000, XP, Linux (Intel), Solaris (UltraSparc 32 and 64-bit) and Mac OS X 10.2 (Jaguar)
• Automatic software updates (Windows 2000 & XP) makes deploying new client versions hassle free
• VPN Virtual Interface Adapter present on Windows 2000 and XP
• Application Programming Interface (API) allows you to control operation of the VPN client from another application
• System coexistence with Microsoft L2TP/IPsec client
• MSI (Windows Installer) package available for NT, 2000, and XP
• Intelligent peer availability detection (DPD)
• Simple Certificate Enrollment Protocol (SCEP)
• Data compression (LZS)
• Command-line options for connecting, disconnecting, and connection status
• Configuration file with option locking
• Support for Microsoft network login (all platforms)
• Domain Name System (DNS) including DDNS/DHCP computer name population, Split DNS
• Windows Internet Name Service (WINS), and IP address assignment
• Load balancing and backup server support
• Centrally controlled policies (including backup server list)
• Integrated personal firewall (stateful firewall): Zone Labs techn

   

  

Price :

Features

• Weight - 3.25 lbs
• WAN Ports - 2
• Package Content - Router, AC Power Cable, Setup CD with User Guide, Registration Card, Rackmounting Kit
• ¿ Full IPSec Virtual Private Network (VPN) Capability using DES and 3DES Encryption Algorithms

Product Description

The Linksys 10/100 8-Port VPN Router is an advanced Internet-sharing network solution for your small business needs. Like any router, it lets multiple computers in your office share an Internet connection. But the unique dual Internet ports on the 10/100 8-Port VPN Router let you connect a second Internet line as a backup to insure that you’re never disconnected. Or, use both Internet ports at the same time, and let the router balance your office’s requirements between them for maximum bandwidth efficiency.The 10/100 8-Port VPN Router also features a built-in 8-port full-duplex 10/100 Ethernet switch to connect eight PCs directly, or you can connect more hubs and switches to create as big a network as you need.The Virtual Private Network (VPN) capability creates encrypted tunnels through the Internet, allowing up to 50 remote offices or traveling users to securely connect into your office network from off-site. Users connecting through a VPN tunnel are attached to your company’s network - with secure access to files, e-mail, and your intranet - just as if they were in the building. You can also use the VPN capability to allow users on your small office network to securely connect out to a corporate network.The 10/100 8-Port VPN Router can serve as a DHCP Server, and has a powerful SPI firewall to protect your PCs against intruders and most known Internet attacks. It can be configured to filter internal users’ access to the Internet, and has IP address filtering so you can specify exactly who has access to your network. Configuration is a snap with the web browser-based configuration utility.As the heart of your small office network, the connection-redundant Linksys 10/100 8-Port VPN Router gives you the connection reliability your business needs.

Customer Reviews

Review date : 2008-11-19
Last year I was in the market for a VPN solution for my home office and after reading some mixed reviews I bought the RV082. The dual WAN, IPSec VPN, firewall and price were the features that sold me and as a relatively savvy VPN user, I figured I could tough it out. Boy was I wrong. This device delivers decent router performance but I couldn’t get the QuickVPN software to work at all with Vista clients. The documentation is incomplete and is especially not useful for those who’re new to VPN administration. Even after hours of research online and numerous tech support calls I still couldn’t get the QuickVPN working, so I gave up on it and switched to another, more configurable IPSec VPN application. This did get the VPN going, and it seems stable so far, but it’s annoying and disappointing that it wouldn’t work right out of the box.

Review date : 2008-09-04
I have been using one of these for a few years. I just threw it away. I should have thrown it away years ago.

Even with the latest firmware it doesn’t work right and is slow. It’s difficult to configure. It’s impossible to configure correctly. I’ve spent many hours on the phone with Linksys tech support, which has proved to be a total waste of time. Even through the router sucks, though, the documentation is even worse.

Save your money. Use dd-wrt. That’s what I did.

Review date : 2008-02-22
This is the third Linksys RV082 I have bought, and they are all used to connect several sites securely. Good performers even with high-grade encryption enabled, relatively simple VPN tunnel setup, good recovery from link outages, nice load balancing features for dual WAN links, and very good total system availability. Especially considering the price and the throughput this is a very good deal. The typos in the GUI and the manual luckily don’t contribute much to setup challenges if you know what you are doing.

Review date : 2007-11-08
This unit basically represents the higher end of the consumer market, but is not overly serviceable as a business grade router. We own two of these routers and they are just not reliable enough. Once configured, a vpn/firewall/router is a device that should soon be forgotten. Not so with the RV082. It is definitely quirky and requires the occasional reset. We have tried several different firmware revisions and all seem to be buggy in different ways. At various times we’ve had trouble with the VPN, port-forwarding to our database servers, problems with VOIP, and other strange states. I think I’ve decided that for the price of this unit, you just can’t get one box that is a fast and reliable VPN, firewall, and router. It’s a little disappointing.

Review date : 2007-03-08
I bought this router to replace my Netgeart FVS318 that was fried when we got hit by lightning. The VPN utility that came with that was too hard for the average user to configure, so the Linksys and QuickVPN utility looked good. Unfortunately the QuickVPN doesn’t work, and spent quit a lot of time with Linksys tech support and still no luck. So if you’re looking at this for the ease of VPN with QuickVPN, you may want to consider something else.

Price : $55.84

Product Description

Identify, mitigate, and respond to network attacks

• Understand the evolution of security technologies that make up the unified ASA device and how to install the ASA hardware
• Examine firewall solutions including network access control, IP routing, AAA, application inspection, virtual firewalls, transparent (Layer 2) firewalls, failover and redundancy, and QoS
• Evaluate Intrusion Prevention System (IPS) solutions including IPS integration and Adaptive Inspection and Prevention Security Services Module (AIP-SSM) configuration
• Deploy VPN solutions including site-to-site IPsec VPNs, remote- access VPNs, and Public Key Infrastructure (PKI)
• Learn to manage firewall, IPS, and VPN solutions with Adaptive Security Device Manager (ASDM)

Achieving maximum network security is a challenge for most organizations. Cisco ASA, a new unified security device that combines firewall, network antivirus, intrusion prevention, and virtual private network (VPN) capabilities, provides proactive threat defense that stops attacks before they spread through the network.

This new family of adaptive security appliances also controls network activity and application traffic and delivers flexible VPN connectivity. The result is a powerful multifunction network security device that provides the security breadth and depth for protecting your entire network, while reducing the high deployment and operations costs and complexities associated with managing multiple point products.

Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance is a practitioners guide to planning, deploying, and troubleshooting a comprehensive security plan with Cisco ASA. The book provides valuable insight and deployment examples and demonstrates how adaptive identification and mitigation services on Cisco ASA provide a sophisticated security solution for both large and small network environments.

The book contains many useful sample configurations, proven design scenarios, and discussions of debugs that help you understand how to get the most out of Cisco ASA in your own network.

I have found this book really highlights the practical aspects needed for building real-world security. It offers the insiders guidance needed to plan, implement, configure, and troubleshoot the Cisco ASA in customer environments and demonstrates the potential and power of Self-Defending Networks.

Jayshree Ullal, Sr. Vice President, Security Technologies Group, Cisco Systems

This security book is part of the Cisco Press Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

Customer Reviews

Review date : 2008-04-15
Dear all,
I am totally satisfied with the contents of the book.Needless to say that fulfilled my expectations for an in-depth analysis of the security aspects on Cisco ASA Systems.

Thodoris,
Athens, Hellas

Review date : 2007-07-03
Excellent reference book. I wouldn’t want to curl up with a cup of hot cocoa and read it from beginning to end, but it was an essential tool in a recent firewall migration at my workplace. It also seems to be just about the only book about the relatively new asa platform.

Review date : 2007-05-07
This book has been very helpful for me. The only issue that I ran into was that the VPN section was a little outdated.

Review date : 2006-11-03
This manual was excellent! Definitely something to keep at your desk as a reference.

Review date : 2006-01-27
This book helped me a lot. I recently deployed over 250 ASAs and was running into a lot of problems with the IPS SSM and VPN features. I got most of my answers from this book.

Price : $60.00

Product Description

Use Cisco concentrators, routers, Cisco PIX and Cisco ASA security appliances, and remote access clients to build a complete VPN solution

• A complete resource for understanding VPN components and VPN design issues
• Learn how to employ state-of-the-art VPN connection types and implement complex VPN configurations on Cisco devices, including routers, Cisco PIX and Cisco ASA security appliances, concentrators, and remote access clients
• Discover troubleshooting tips and techniques from real-world scenarios based on the authors vast field experience
• Filled with relevant configurations you can use immediately in your own network

With increased use of Internet connectivity and less reliance on private WAN networks, virtual private networks (VPNs) provide a much-needed secure method of transferring critical information. As Cisco Systems integrates security and access features into routers, firewalls, clients, and concentrators, its solutions become ever more accessible to companies with networks of all sizes. The Complete Cisco VPN Configuration Guide contains detailed explanations of all Cisco VPN products, describing how to set up IPsec and Secure Sockets Layer (SSL) connections on any type of Cisco device, including concentrators, clients, routers, or Cisco PIX and Cisco ASA security appliances. With copious configuration examples and troubleshooting scenarios, it offers clear information on VPN implementation designs.

Part I, VPNs, introduces the topic of VPNs and discusses todays main technologies, including IPsec. It also spends an entire chapter on SSL VPNs, the newest VPN technology and one that Cisco has placed particular emphasis on since 2003. Part II, Concentrators, provides detail on todays concentrator products and covers site-to-site and remote-access connection types with attention on IPsec and WebVPN. Part III covers the Cisco VPN Client versions 3.x and 4.x along with the Cisco3002 Hardware Client. Cisco IOS routers are the topic of Part IV, covering scalable VPNs with Dynamic Multipoint VPN, router certificate authorities, and router remote access solutions. Part V explains Cisco PIX and Cisco ASA security appliances and their roles in VPN connectivity, including remote access and site-to-site connections. In Part VI, a case study shows how a VPN solution is best implemented in the real world using a variety of Cisco VPN products in a sample network.

This security book is part of the Cisco Press Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

Customer Reviews

Review date : 2008-08-19
Very disappointed. I have a 950 page book that does not cover setting up an IOS router for remote access using PPTP or L2TP. WTF? Heck - that’s why I bought this expensive book. If you have deep pockets and can buy whatever cisco gear you like then this book will likely introduce you to many possible VPN solutions. But there seems to be a bias in the book toward large enterprise solutions - with little or no consideration given to SOHO and small businesses. Many of us make do with the resources that we have available and can’t just go out a buy stuff because the author thinks a remote access concentrator would be "best." I still can’t believe that he doesn’t cover configuring IOS for access by Windows PPTP or L2TP clients. I’m stunned. With this glaring omission I can’t help but wonder about the completeness of the other content. Thumbs down.

Review date : 2007-02-10
Well this book proved few things to me… Firstly VPN is not rocket science and secondly I havent seen any better book than this that Cisco press might have printed. IPSEC, GRE, SSL, L2TP, PPTP, WEBVPN were the term that used to give me nightmares. However this book was just perfect and 1 month of reading this book makes me very confident about the whole technology. I generally followed each chapter with real hands on and I wasnt bumped even once anywhere. I will seriously recommend this book to everyone, if VPN is what you want to learn, stop your search here! NOW!

Review date : 2006-11-03
I was hoping that the book would spend more time on actual router configuration rather than use GUI-related products. It was difficult to divine the actual config while wading through page after page of screen-shots.

Review date : 2006-07-03
Richard Deal’s book, The Complete Cisco VPN Configuration Guide, sets out to provide a comprehensive reference for networking professionals designing, deploying, and managing VPN solutions. This book covers the foundational information as well as step by step guides to configuring VPN solutions on Cisco VPN Concentrators, software and hardware clients, Cisco IOS routers, and Cisco PIX and ASA appliances.

The book is broken down into 6 parts: VPNs, Concentrators, Clients, IOS Routers, PIX Firewalls, and a Case Study. The VPN chapters provide the reader with an excellent foundation in VPNs. These chapters cover topics such as VPN types and topologies, technologies used to establish VPNs, as well as VPN implementations, such as IPsec, PPTP, L2TP, SSL. The next section focuses on the Cisco VPN Concentrators. Mr. Deal provides information on the Cisco 3000 series of VPN concentrators as well as the features of various software releases. The next few chapters focus on different deployment scenarios. These scenarios include remote access with IPsec, Remote access with PPTP, L2TP, and WebVPN (SSL), and site-to-site. The final chapters of the concentrator section cover management and troubleshooting. The next section covers software (Cisco and Microsoft) and hardware (Cisco) VPN clients. The fourth section focuses on Cisco IOS Routers. This section follows a similar layout to the concentrator section providing details about site-to-site and remote access VPN connections as well as a troubleshooting chapter at the end. It does highlight the differences in the configuration as well. As with the concentrators, Mr. Deal include specific product information. While helpful in dealing with existing equipment, it quickly will become obsolete as Cisco EOS/EOL equipment and software from these lists. It might have been more practical to provide URL references to Cisco’s website. The fifth section covers VPN deployments with the Cisco PIX and ASA security appliances. Again, the layout is consistent with the IOS Router and Concentrator sections. The final section is a case study which brings together most of the concepts covered in the book.

This book is an excellent reference on VPNs. It should be in every networking professional’s personal library who designs, deploys, and manages a VPN solution. The diagrams are clear and easy to follow. The troubleshooting chapters of each section provide excellent tools as well as common mistakes to help the networking professional deploy their solution successfully. The case study provides an invaluable example of a real world deployment. While the book is not advertised to be an exam preparation or certification guide, it could easily be used as a supplement towards those studies.

Review date : 2006-02-25
Richard Deal’s "The Complete Cisco VPN Configuration Guide" provides a complete step by step guide on how to configure VPN on Cisco Concentrators, software (including Windows VPN client) and hardware client, IOS routers, PIX and ASA security appliances.

The book also discusses what to look for to troubleshoot VPN connection, provides common real-life problems you will experience when setting up VPN and a case study at the end of the book to review all the concepts and configuration from previous chapters.

The book does an excellent job in informing when and why to select certain Cisco VPN products over others. It also provides up to date information on VPN configuration guide for PIX. Both PIX FOS 6.0 and 7.0 VPN configurations are discussed.

The book focuses about five chapters discussing concentrators. This is understandable as Cisco concentrators are more widely used for remote access than other Cisco VPN products. However, I would like to see the book to give equal weight to PIX and ASA appliances as more and more are adopting them as concentrators are gradually being phased out.

The book will be more complete if it mentions other VPN configuration features such as SDM for IOS routers, ASDM for PIX and ASA and VPN Router Management Center for Cisco Works. The author has omitted these due to space constraints since the book is already almost 1,000 pages.

In summary, this book will benefit any network administrators with intermediate to advance level of knowledge that need to use Cisco products for VPN implementation. This is the best "how-to" Cisco Press book for Cisco VPN and it fulfills its mission as a complete resource for understanding Cisco VPN implementation.

You might also want to check other Richard Deal’s well written security book titled "Cisco Router Firewall Security".

To pass the BCMSN exam and earn your CCNP, you’ve got to know HSRP inside and out! Part of that is knowing how the MAC address of the virtual router is derived, and another part is knowing how to change this address. We’ll look at both features in this tutorial.

We’ve got two routers on a segment running HSRP, so first we need to find out what the MAC address of the HSRP virtual router is. The show command for HSRP is show standby, and it’s the first command you should run while configuring and troubleshooting HSRP. Let’s run it on both routers and compare results.

R2#show standby

Ethernet0 - Group 5

Local state is Standby, priority 100

Hellotime 3 sec, holdtime 10 sec

Next hello sent in 0.776

Virtual IP address is 172.12.23.10 configured

Active router is 172.12.23.3, priority 100 expires in 9.568

Standby router is local

1 state changes, last state change 00:00:22

R3#show standby

Ethernet0 - Group 5

Local state is Active, priority 100

Hellotime 3 sec, holdtime 10 sec

Next hello sent in 2.592

Virtual IP address is 172.12.23.10 configured

Active router is local

Standby router is 172.12.23.2 expires in 8.020

Virtual mac address is 0000.0c07.ac05

2 state changes, last state change 00:02:08

R3 is in Active state, while R2 is in Standby. The hosts are using the 172.12.123.10 address as their gateway, but R3 is actually handling the workload. R2 will take over if R3 becomes unavailable.

An IP address was statically assigned to the virtual router, but not a MAC address. However, there is a MAC address under the show standby output on R3, the active router. How did the HSRP process arrive at a MAC of 00-00-0c-07-ac-05?

Well, most of the work is already done before the configuration is even begun. The MAC address 00-00-0c-07-ac-xx is reserved for HSRP, and xx is the group number in hexadecimal. That’s a good skill to have for the exam, so make sure you’re comfortable with hex conversions. The group number is 5, which is expressed as 05 with a two-bit hex character. If the group number had been 17, we’d see 11 at the end of the MAC address - one unit of 16, one unit of 1.

On rare occasions, you may have to change the MAC address assigned to the virtual router. This is done with the standby mac-address command. Just make sure you’re not duplicating a MAC address that’s already on your network!

R2(config-if)#standby 5 mac-address 0000.1111.2222

1d12h: %STANDBY-6-STATECHANGE: Ethernet0 Group 5 state Active -> Learn

R2#show standby

Ethernet0 - Group 5

Local state is Active, priority 150, may preempt

Hellotime 4 sec, holdtime 12 sec

Next hello sent in 3.476

Virtual IP address is 172.12.23.10 configured

Active router is local

Standby router is 172.12.23.3 expires in 10.204

Virtual mac address is 0000.1111.2222 configured

4 state changes, last state change 00:00:00

1d12h: %STANDBY-6-STATECHANGE: Ethernet0 Group 5 state Listen -> Active

The MAC address will take a few seconds to change, and the HSRP routers will go into Learn state for that time period.

A real-world HSRP troubleshooting note: If you see constant state changes with your HSRP configuration, do what you should always do when troubleshooting - check the physical layer first. Best of luck on your BCMSN exam!

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of free CCNP and CCNA tutorials, The Ultimate CCNA Study Package, and Ultimate CCNP Study Packages.

You can also join his RSS feed and visit his blog, which is updated several times daily with new Cisco certification articles, free tutorials, and daily CCNA / CCNP exam questions! Details are on the website.

For a FREE copy of his latest e-books, How To Pass The CCNA and How To Pass The CCNP, just visit the website! You can also get FREE CCNA and CCNP exam questions every day! Get your CCNP study guide with The Bryant Advantage!

Price : $39.20

Product Description

This hands-on implementation guide will show you how to implement Cisco-based virtual private networks step-by-step. It not only provides a detailed overview of the various VPN technologies available, it also compares them and discusses how each technology works.

Customer Reviews

Review date : 2001-07-05
The compilation entitled "Implementing Cisco VPNs" was a rather disappointing choice of technical literature. A significant amount of text was devoted to development of PPTP services and related Microsoft networking concepts. Although this information may have value at some fundamental level, it really serves to deliver deminishing impact when constructing environments of highly scalable architecture and elevated security requirements. The chapter on Dial-up networking presented an anomaly with respect to concept flow. Information of greater value may be found free of charge on Cisco’s website.

Review date : 2001-03-25
A detailed and complete reference on on implementing Cisco VPNs. This book covers the whole gamit of implementing Cisco VPNs. Going from concepts through complete set-up and on to implementation and beyond. Excellent coverage on how to configure native Windows support for compulsory and voluntary VPNs–everyone’s #1 priority - security. A complete and detailed table of contents and appendix make quick searches a breeze. This book is chock full of technical setup procedures and protocol. A very complete book on how to configure IPSEC, L@TP, PPTP, GRE Tunnels, CET, and more. Read it or be left behind!