18 Chapter 2: Overview of VPN and IPSec Technologies
6
What are the two modes of operation for AH and ESP?
7
How many Security Associations (SAs) does it take to establish bidirectional IPSec
communications between two peers?
8
What is a message digest?
9
Which current RFCs define the IPSec protocols?
10
What message integrity protocols does IPSec use?
11
What is the triplet of information that uniquely identifies a security association?
CCSP.book Page 18 Friday, February 28, 2003 3:43 PM
“Do I Know This Already?” Quiz 19
12
You can select to use both authentication and encryption when using the ESP protocol.
Which is performed first when you do this?
13
What five parameters are required by IKE Phase 1?
14
What is the difference between the deny keyword in a crypto Access Control List (ACL)
and the deny keyword in an access ACL?
15
What transform set would allow SHA-1 authentication of both AH and ESP packets and
would also provide Triple Data Encryption Standard (3DES) encryption for ESP?
16
What are the five steps of the IPSec process?
CCSP.book Page 19 Friday, February 28, 2003 3:43 PM
20 Chapter 2: Overview of VPN and IPSec Technologies

the cost justification for the decision.
VPN technology was developed to provide private communication wherever and whenever
needed, securely, while behaving as much like a traditional private WAN connection as
possible. Cisco offers a variety of platforms and applications that are designed to implement
VPNs. The next section looks at these various products and Cisco’s recommended usage in the
deployment of VPNs.
Enabling VPN Applications Through Cisco Products
Through product development and acquisitions, Cisco has a variety of hardware and software
components available that enable businesses of all sizes to quickly and easily implement secure
VPNs using IPSec or other protocols. The types of hardware and software components you
choose to deploy depend on the infrastructure you already have in place and on the types of
applications that you are planning to use across the VPN.
This section covers the following topics:
•
Typical VPN applications
•
Using Cisco VPN products
Typical VPN Applications
The business applications that you choose to run on your VPNs go hand in hand with the type
of VPN that you need to deploy. Remote access and extranet users can use interactive applica-
tions such as e-mail, web browsers, or client/server programs. Intranet VPN deployments are
designed to support data streams between business locations.
1 Cisco products enable a secure VPN
CCSP.book Page 21 Friday, February 28, 2003 3:43 PM
22 Chapter 2: Overview of VPN and IPSec Technologies
The benefits most often cited for deploying VPNs include the following:
•
Cost savings—Elimination of expensive dedicated WAN circuits or banks of dedicated
modems can provide significant cost savings. Third-party Internet service providers (ISPs)
provide Internet connectivity from anywhere at any time. Coupling ISP connectivity with

Some of the advantages that might be gained by converting from privately managed networks
to remote access VPNs are as follows:
•
Modems and terminal servers, and their associated capital costs, can be eliminated.
•
Long-distance and 1-800 number expenses can be dramatically reduced as VPN users dial
in to local ISP numbers, or connect directly through their always-on broadband connections.
•
Deployments of new users are simplified, and the increased scalability of VPNs allows
new users to be added without increased infrastructure expenses.
CCSP.book Page 22 Friday, February 28, 2003 3:43 PM