What are some of the main benefits and drawbacks of IPsec remote access VPNs?

IPsec can provide strong security for VPN traffic; IPsec extensions that provide additional functionality for remote access VPNs such as Xauth and Mode Config are not industry standards and are not implemented on all operating systems; the Cisco VPN Client must be installed on each client workstation; IPsec remote access VPNs offer a level of functionality similar to that users would experience if they were at their office or central site; the Cisco VPN Client includes features such as enforcement of firewall type, antivirus software type and level, and operating system service pack level on certain client workstation operating systems.

What are the two main types of issue with regard to IKEv1 an IPsec remote access VPN environment?

Issues relating to user authentication and issues relating to negotiation of parameters including IP addresses and DNS/WINS server addresses.

What are the three main methods by which a VPN gateway can authenticate remote access VPN users when using IKEv1?

Xauth, Hybrid Authentication, and CRACK.

What sort of functionality can Mode Config provide?

Assignment of configuration attributes such as IP addresses and DNS/WINS server addresses.

What information does the debug crypto isakmp sa command display?

It shows detailed information relating to IKE negotiation.

What methods do the VPN 3000 concentrator and Cisco ASA 5500 provide to overcome issues with NAT/PAT and IPsec remote access VPNs?

NAT transparency using TCP on an administrator-defined port; NAT transparency using UDP on an administrator-defined port; NAT transparency using IETF standard NAT Traversal (NAT-T, UDP port 4500).

When a hardware client (Cisco IOS router) is configured for EZVPN, how does a remote access user authenticate him/herself?

The router prompts the user for an Xauth username and password at the command line during IKE negotiation.

What are the three basic ways to configure high availability for IPsec remote access VPNs?

Load balancing of IPsec remote access VPN connections over two or more VPN gateways at the same site; failover between VPN gateways at the same site using VRRP; the configuration of geographically dispersed backup VPN gateways.

To allow IPsec remote access VPN connections through a firewall, which ports may have to be opened on the firewall?

UDP port 500 (ISAKMP), IP protocol 50 (ESP), IP protocol 51 (AH), administrator-defined UDP or TCP ports used for NAT transparency, UDP port 4500 (NAT-T).

What file can be modified to provide auto-initiation of Cisco VPN Client connections with wireless VPNs?

The Cisco VPN Client can be configured to auto-initiate a VPN connection to a VPN gateway by modifying the vpnclient.ini file.