MTU and Fragmentation Considerations in an IPsec VPN

Table of contents:

Review Questions


Assuming that you are using IKE preshared key authentication, and that a unique preshared key is used between each pair of gateways, how many unique preshared keys are required for an IPsec VPN consisting of 10 gateways? How many (end-entity) certificates are required if IKE RSA digital signature authentication is used instead?


What are two common ways to reduce the amount of configuration on gateways in an IPsec VPN?


What protocol does DMVPN rely on to provide direct spoke site-to-spoke site connectivity?


What type of certificate is used for RSA digital signature authentication with IPsec?


What are two methods that a Cisco IOS router can use to check the revocation status of a certificate?


What are the three main ways to configure high availability in an (IOS) IPsec VPN?


Why is fragmentation of IPsec packets undesirable?


What ToS/DS value does an IPsec VPN gateway include in the outer header of an IPsec packet by default?


Why might packets associated with the same IPsec SA be dropped if they are subject to different QoS treatment in an intervening network between IPsec VPN gateways?


What are some common ways to prevent fragmentation of IPsec packets?

Part I: Understanding VPN Technology

What Is a Virtual Private Network?

Part II: Site-to-Site VPNs

Designing and Deploying L2TPv3-Based Layer 2 VPNs

Designing and Implementing AToM-Based Layer 2 VPNs

Designing MPLS Layer 3 Site-to-Site VPNs

Advanced MPLS Layer 3 VPN Deployment Considerations

Deploying Site-to-Site IPsec VPNs

Scaling and Optimizing IPsec VPNs

Part III: Remote Access VPNs

Designing and Implementing L2TPv2 and L2TPv3 Remote Access VPNs

Designing and Deploying IPsec Remote Access and Teleworker VPNs

Designing and Building SSL Remote Access VPNs (WebVPN)

Part IV: Appendixes

Designing and Building SSL Remote Access VPNs (WebVPN)

Appendix B. Answers to Review Questions

Comparing, Designing, and Deploying VPHs
Comparing, Designing, and Deploying VPNs
ISBN: 1587051796
EAN: 2147483647
Year: 2007
Pages: 124
Authors: Mark Lewis © 2008-2020.
If you may any questions please contact us: