CCNAS - IPSec and Tunnels

Question 1

Phase 1

Answer 1

1. negotiate IKE policy sets
2. DH Key exchange
3. verify peer identity

Question 2

Phase 2

Answer 2

Used to negotiate IPSec security parameters that will be used to secure the tunnel

Question 3

IKE

Answer 3

protocol that uses UDP 500, exchanges keys

Question 4

ISAKMP

Answer 4

combined protocols to build secure IPSec connections.

same as IKE

Question 5

Diffie-Hellman

Answer 5

used to initiate a key exchange, public key exchange

Question 6

transform sets

Answer 6

set of rules that must be similar across devices - Used in Phase 2

Question 7

IKE Phase 1

Answer 7

1. IKE Policy sets exchanged
2. DH key exchange establishes a a shared secret key
3. Devices authenticate each other using PSK or RSA

Question 8

SA (Security Associations)

Answer 8

Negotiated parameters between two devices

Question 9

IKE Phase 2

Answer 9

Negotiates IPSec security parameters (transform sets)

Question 10

IPSec VPN Negotiation

Answer 10

1. Determine interesting traffic using crypto acls
2. IKE Phase 1 begins (ISAKMP creates secure tunnel)
3. IKE Phase 2 begins (IPSec SA transforms are negotiated - this is how the tunnel will be established)
4. IPSec tunnel created and data securely transfered
5. IPSec tunnel terminates when SAs are deleted or expired.

Question 11

Symmetric

Answer 11

same key decrypts and encrypts

Question 12

Asymmetric

Answer 12

One Encrypts, another decrypts

Question 13

Asymmetic: Public Key & Private Key

Answer 13

The public key is given to everyone, not the private one

Question 14

Two different types of keys

Answer 14

Symmetric and Asymmetric

Question 15

Phase 1 - Aggressive Mode

Answer 15

Faster than traditional exchange, cuts between steps 2 & 3