Day 7 - VPN and IPsec

Question 1

A __________ __________ __________ is an encrypted connection between private networks over a public network such as the internet

Answer 1

Virtual Private Network (VPN)

Question 2

Instead of using a dedicated __________ _____ connection such as a leased line, a __________ uses virtual connections called __________ ___________

Answer 2

Layer 2
VPN
VPN tunnels

Question 3

What are the 4 benefits of a VPN?

Answer 3

Cost savings
Security
Scalability
Compatibility with broadband technology

Question 4

What are some types of VPN access methods?

Answer 4

Site-to-Site VPN
Remote access VPN
GRE (Generic Routing Encapsulation
DMVPN (Dynamic Multipoint VPN)

Question 5

Solve for the type of VPN access method:

These types of VPNs connect entire networks to each other. For example, this type of VPN can connect a branch office network to a company HQ network

Answer 5

Site-to-Site VPN

Question 6

Solve for the type of VPN access method:

This type of VPN access method enables individual hosts such as telecommuters, mobile users and extranet consumers to access a company network securely over the internet. Typically uses a client based VPN connection

Answer 6

Remote-access VPN

Question 7

Solve for the type of VPN access method:

A standard IPsec VPN that is a non-secure site-to-site VPN tunneling protocol can support multicast and broadcast traffic needed for network layer protocols.

Answer 7

GRE (Generic routing encapsulation)

Question 8

Does GRE support encryption by default?

Answer 8

No

Question 9

Solve for GRE terms regarding the encapsulation process

__________ ___________ for the routing protocol
__________ ___________ for GRE
__________ ___________ for IPsec

Answer 9

Passenger protocol
Carrier protocol
Transport protocol

Question 10

Solve for the type of VPN access method:

Cisco proprietary solution for building many VPNs in an easy, dynamic, and scalable manner. Allows a network administrator to dynamically form hub-and-spoke tunnels and spoke-to-spoke tunnels

Answer 10

DMVPN (Dynamic Multipoint VPN)

Question 11

What two tunnels are there for DMVPN?

Answer 11

Hub-to-Spoke tunnels
Spoke-to-Spoke tunnels

Question 12

What technologies does DMVPN utilize?

Answer 12

NHRP (Next hop redundancy protocol)
IPsec encryption
mGRE
VTI
Service Provider MPLS

Question 13

VPNs secure data by __________ and __________ it

Answer 13

Encapsulating
Encrypting

Question 14

Encapsulation is also known as __________

Answer 14

Tunneling

Question 15

VPN tunneling uses 3 classes of protocols. What are they?

Answer 15

Carrier protocol
Encapsulating protocol
Passenger protocol

Question 16

What are the 4 VPN encryption algorithms?

Answer 16

DES (Data Encryption Standard)
3DES (Triple DES)
AES (Advanced Encryption Standard)
RSA (Rivest, Shamir and Adleman)

Question 17

What does HMAC stand for?

Answer 17

Hashed message authentication code

Question 18

What are the two HMAC algorithms?

Answer 18

MD5
SHA-1

Question 19

For VPN authentication with the device on the other end of the tunnel, what two peer authentication methods are used?

Answer 19

Pre-Shared key (PSK)
RSA Signature

Question 20

What are the two IPsec framework protocols?

Answer 20

AH (Authentication Header)
ESP (Encapsulating Security Payload)

Question 21

This is an open standard configuration for a site to site VPN and it does not support multicast

Answer 21

IPSec Tunnel

Question 22

This type of VPN configuration added support for multicast but doesn’t support encryption on it’s own so it has to be paired with IPSec Tunnel

Answer 22

GRE (Generic Routing Encapsulation) over IPSec Tunnel

Question 23

This type of VPN configuration is used between Cisco devices, often site to site VPNs and is Cisco proprietary and supports multicast

Answer 23

IPSec VTI (Virtual Tunnel Interface)

Question 24

This type of VPN configuration is a simple and scalable hub and spoke style that enables direct full mesh connectivity between all offices

Answer 24

DMVPN (Dynamic Multipoint VPN)

Question 25

Very similar to DMVPN. Newer technology and it’s Cisco proprietary

Answer 25

FlexVPN

Question 26

What is different about Layer 3 MPLS vs. Layer 2 MPLS?

Answer 26

The CE devices do not peer with the PE devices. The entire provider network is transparent to the customer

Question 27

What does VPLS stand for and how many sites can it support and what layer does it run at?

Answer 27

• Virtual Private LAN Service
• 2 or more sites
• Layer 2