Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

FCSS - Enterprise Firewall Administrator > Auto-Discovery VPN > Flashcards

Auto-Discovery VPN Flashcards

1
Q

Full-Mesh in Simple Hub and Spoke

A

ADVPN provides direct connectivity between spokes and supports:

Single or multiple-hub architectures
NAT for on-demand tunnels
Both IPv4 and IPv6
The use of a dynamic routing protocol like BGP,OSPF, RIPv2 or RIPng

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

IKE comparisons

A

IKEv2 is preferred because of efficiency and flexibility, using just four messages across two streamlines exchanges to negotiate security protocols

IKEv1 aggressive mode has peer IDs are unencrypted and exposed, creating a security risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

On-Demand IPsec tunnel

A

Client behind spoke 1 generates traffic for devices behind spoke 2
Spoke 1 receives the packet, encrypts it, and sends it to the hub.
The hub recevies the packet from spoke 1 and forwards it to spoke 2
Spoke 2 receives the packet, decrypts it, and forwards it to the destination

On spoke:
config vpn IPsec phase1-interface
edit “toHub”
set auto-discovery-receiver enable
end

On hub:
config vpn IPsec phase1-interface
edit “ADVPN”
set auto-discovery-sender enable
end

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Shortcut Message Interchange

A
  1. Hub sends a shortcut offer message to Spoke 1 for a more direct tunnel between spokes
  2. Spoke 1 acknowledges the offer by sending a shortcut query to the hub
  3. Hub forwards shortcut query to Spoke 2, including wan IP address of spoke 2
  4. Spoke 2 acknowledges the shortcut query and sends the shortcut reply to the hub.
  5. The hub forwards reply to spoke 1
    6 Spoke 1 and 2 initiate the tunnel IKE negotiation with the IP address of Spoke 2 sent to ADVPN
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Multiple Internet Connections

A

If you have multiple ISP connections, assign an IP address to each IPsec Interface. A separate phase 1 interface is required for each internet connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

ADVPN 2.0

A

With SD-WAN:
Simplifies connectivity
Improves resiliency
Enhances routing
Edge discovery: spokes share link details, WAN link updates every 5 seconds
Path Management: IKE established optimal shortcuts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Overlay network Importance

A

Crucial for routing with a dynamic protocol and allows peers to advertise their local networks.

Important to identify that IPsec tunnels are created over underlay IP addresses, and the dynamic routing protocol is running using the overlay network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

FCSS - Enterprise Firewall Administrator (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions