1 |
IPsec consists of what elements? |
Answer: |
Cryptographic algorithms, security protocols, security associations, IPsec databases, and SA and key management techniques. |
2 |
What services does IPsec provide to IP? |
Answer: |
IPsec provides access control, connectionless integrity, data origin authentication, replay protection, data confidentiality, and limited traffic flow confidentiality. |
3 |
What are the main characteristics of symmetric encryption algorithms? |
Answer: |
The same key is required for encryption and decryption; the ciphertext is compact; symmetric encryption algorithms are fast and can be used for bulk encryption. |
4 |
What are the two types of symmetric encryption algorithms? |
Answer: |
Block ciphers and stream ciphers. |
5 |
What are the characteristics of public key algorithms? |
Answer: |
They are much slower than symmetric algorithms and are not suitable for bulk encryption; ciphertext produced by public key algorithms is not compact; public key algorithms do not have the same key distribution and management problems as symmetric algorithms; public key algorithms can be used for encryption, for digital signatures, and for symmetric key exchange. |
6 |
What security services do AH and ESP provide? |
Answer: |
AH provides connectionless integrity, data origin authentication, and optional replay protection. ESP provides connectionless integrity, data origin authentication, optional replay protection, data confidentiality, and limited traffic flow confidentiality. |
7 |
What is an IPsec SA? |
Answer: |
An IPsec SA defines how traffic for a particular traffic flow is protected by IPsec. |
8 |
What is the function of IKE? |
Answer: |
IKE allows IPsec peers to authenticate each other, generate keying material, and negotiate IPsec SAs. |
9 |
What are some common considerations when selecting parameters for IPsec transform sets? |
Answer: |
The type of user traffic to be protected; the specific type of protection; the length of time that user traffic must stay confidential; the volume of traffic that is to be encrypted; the type of VPN gateway hardware platforms; whether hardware crypto accelerators will be used; the version of Cisco IOS Software that IPsec VPN gateways will be running. |
Part I: Understanding VPN Technology
What Is a Virtual Private Network?
Part II: Site-to-Site VPNs
Designing and Deploying L2TPv3-Based Layer 2 VPNs
Designing and Implementing AToM-Based Layer 2 VPNs
Designing MPLS Layer 3 Site-to-Site VPNs
Advanced MPLS Layer 3 VPN Deployment Considerations
Deploying Site-to-Site IPsec VPNs
Scaling and Optimizing IPsec VPNs
Part III: Remote Access VPNs
Designing and Implementing L2TPv2 and L2TPv3 Remote Access VPNs
Designing and Deploying IPsec Remote Access and Teleworker VPNs
Designing and Building SSL Remote Access VPNs (WebVPN)
Part IV: Appendixes
Designing and Building SSL Remote Access VPNs (WebVPN)
Appendix B. Answers to Review Questions