| 1 | How many versions of SSL are there, and which can be implemented on Cisco equipment?
|
| Answer: | There are currently four different versions of SSL: SSLv1, SSLv2, SSLv3, and TLS 1.0 (TLS 1.1 is under development). SSLv3 and TLS can variously be configured on different types of Cisco equipment.
|
| 2 | What are some of the main advantages and disadvantages of SSL remote access VPNs?
|
| Answer: | SSL remote access VPNs are relatively simple to deploy (only a web browser is necessary on client workstations for basic functionality); clientless SSL remote access VPNs (using a web browser) provide only a subset of the functionality provided by IPsec or L2TP/IPsec; functionality can be enhanced using the Cisco SSL VPN Client; SSL VPNs can impose a relatively high CPU overhead on a VPN gateway if there are a large number of remote access users; little or no configuration is required on firewalls to provide transit for SSL remote access VPN traffic; one major concern with SSL remote access VPNs is that the universal access they offer leads to vulnerabilities being introduced into a corporate network (some of these vulnerabilities can be addressed using the Cisco Secure Desktop).
|
| 3 | What type of protocol is SSL transported over?
|
| Answer: | SSL is transported over a reliable protocol, which is almost always TCP.
|
| 4 | What protocols does SSL consist of?
|
| Answer: | The record protocol, the handshake protocol, the alert protocol, the change cipher spec protocol, and the application data protocol.
|
| 5 | What are the functions of the record protocol?
|
| Answer: | Fragmentation/reassembly, compression/decompression, application/verification of a MAC, and encryption/decryption.
|
| 6 | What software is required on client workstations for port forwarding to function?
|
| Answer: | The Sun Java Runtime Environment (JRE) must be installed on the clients for port forwarding to function.
|
| 7 | What types of applications can be used with port forwarding?
|
| Answer: | TCP-based applications.
|
| 8 | What is SSL VPN e-mail proxy?
|
| Answer: | SSL VPN e-mail proxy is the process by which an SSL VPN gateway terminates POP3S, IMAP4S, and STMPS connections from remote access VPN clients and proxies those connections to internal e-mail servers.
|
| 9 | How is the Cisco SSL VPN Client installed on remote access users' workstations?
|
| Answer: | The Cisco SSL VPN client is dynamically downloaded from the VPN gateway.
|
| 10 | How does the Cisco Secure Desktop assess the location of a remote access user's workstation?
|
| Answer: | The Cisco Secure Desktop assesses the location of a workstation based on the presence of a file or registry entry, fields in a certificate, or the assignment of an IP address in a certain range to the workstation's NIC.
|
