CH 8 Flashcards
uses the Internet Key Exchange (IKE) protocol to negotiate and establish secured siteto-site or remote-access VPN tunnels
IPsec
IPsec uses two different protocols to encapsulate the data over a VPN tunnel:
ESP and AH
(Encapsulation Security Payload) & (Authentication Header)
what is the difference between transport and tunnel mode
transport mode protects the upper layer protocols like UDP/TCP, tunnel mode protects the entire IP packet.
the VPN peers dynamically discover whether an address
translation device exists between them. If they detect a NAT/PAT device, they use UDP port
4500 to encapsulate the data packets, subsequently allowing the NAT device to successfully
translate and forward the packets.
NAT-T
provides a simple mechanism to encapsulate packets of any protocol (the payload packets) over any other
protocol (the delivery protocol) between two endpoints
GRE
DMVPN is based on this mode
and uses a single interface on each hub as well as on each spoke to terminate all static and
dynamic tunnels.
mGRE
is a technology created by Cisco that aims to reduce the hub router configuration.
DMVPN
DMVPN also uses …….., which is a client and server protocol (the hub is the server and the spokes are the clients). The hub (or server) maintains a database of the public interface addresses of the each spoke. Each spoke registers its
real address when it boots and queries the database for real addresses of the destination spokes to build direct tunnels.
NHRP
combines the keying protocol Group Domain of Interpretation (GDOI)
and IPsec.
GETVPN
IKEv2-based solution that provides
several benefits beyond traditional site-to-site VPN implementations
FlexVPN
only client supported on endpoint devices for remote VPN connectivity to Cisco FTD devices
anyconnect
