A1:
| Answer: The Easy VPN comprises Easy VPN Server and Easy VPN Remote feature. |
A2:
| Answer: You can use PIX Firewalls, Cisco VPN 3000 Series Concentrators, and Cisco IOS® routers as Easy VPN Servers. |
A3:
| Answer: DPD enables two IPSec peers to determine if the other is still "alive" during the lifetime of the VPN connection. |
A4:
| Answer: Initial Contact enables the VPN Client to send an initial message that informs the gateway to ignore and delete any existing connections from that client, thus preventing connection problems caused by SA synchronization issues. |
A5:
| Answer: The Easy VPN Remote feature is supported on the Cisco VPN Software Client, Cisco VPN 3002 Hardware Client, Cisco PIX 501 and 506/506E VPN Clients, and Cisco Easy VPN Remote router clients. |
A6:
| Answer: The 800 Series routers, 900 Series routers, and 1700 Series routers can serve as Cisco Easy VPN Remote clients. |
A7:
| Answer: When the Easy VPN Remote client initiates a connection with the Easy VPN Server, it goes through the following six steps: (1) VPN Client initiates the IKE phase 1 process; (2) VPN Client negotiates an IKE SA; (3) Easy VPN Server accepts the SA proposal; (4) the Easy VPN Server initiates a username/password challenge; (5) mode configuration process is initiated; and (6) IKE quick mode completes the connection. |
A8:
| Answer: When initiating the VPN connection, the client can use preshared keys and digital certificates for IKE authentication. |
A9:
| Answer: Extended authentication (XAUTH) enables the Easy VPN Server to require username/password authentication (performed by a AAA server) in order to establish the VPN connection. |
A10:
| Answer: The Easy VPN Remote supports client mode and network extension mode. |
A11:
| Answer: When operating in network extension mode, the remote system addresses are visible on the Easy VPN Server network. In client mode, PAT is used on the Easy VPN Remote client so the remote system addresses are not visible. |
A12:
| Answer: The ability to push VPN access policies automatically from the Easy VPN Server to the Cisco VPN Software Client simplifies deployment and management. |
A13:
| Answer: The Cisco VPN Software Client supports DES, 3DES, and AES (128- and 256-bit) encryption algorithms. |
A14:
| Answer: Secure Unit Authentication (SUA) enables the Easy VPN Remote server to require one-time passwords, two-factor authentication, and similar authentication schemes before the establishment of a VPN tunnel to the Easy VPN Server. |
A15:
| Answer: Individual User Authentication (IUA) causes the hosts on the remote protected network to be individually authenticated based on the IP address of the inside host. |
A16:
| Answer: Point-to-Point Protocol over Ethernet (PPPoE) provides an authenticated method for assigning IP addresses to client systems over broadband connections by combining PPP and Ethernet. |
A17:
| Answer: Any PIX Firewall (Version 5.2 or later) provides both DHCP server and DHCP client functionality. As a DHCP server, the PIX Firewall provides hosts protected by the firewall with the network parameters necessary for them to access the enterprise or corporate network. As a DHCP client, the PIX Firewall can obtain its own IP address and network mask and, optionally, a default route from the DHCP server. |
A18:
| Answer: To enable the PIX Firewall to pass the learned DHCP configuration parameters automatically to its DHCP clients, you use the dhcpd auto_config command. |