Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CCNP Core > GET VPN > Flashcards

GET VPN Flashcards

1
Q

What is GET VPN

A

GETVPN (Group Encrypted Transport VPN) is a tunnel-less VPN technology meant for private networks like MPLS VPN where a single SA (Security Association) is used for all routers in a group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are 3 advantages of GET VPN?

A
  • Its encryption allows for HIPPA and PCI compliant any-to-any tunneless VPNs between endpoints
  • Establishes spoke-to-spoke connectivity faster than DMVPN
  • Supports multicast and QOS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

If GET VPN encrypts the entire packet how does it still uses the original IP header?

A

It uses “Tunnel Mode with Address Preservation” that copies the original source and destination from the inner IP header to the outer IP header

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the 4 main components of GET VPN?

A
  • Group Member (GM)
  • Key Server (KS)
  • Group Domain of Interpretation
  • IPSec
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What encryption method does GET VPN use?

A

ESP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does the GET VPN Key Server do?

A

Group registration and authentication of Group Members

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the 3 steps of Group Member registration?

A
  • GM attempts to register with KS
  • KS checks its group ID and IKE credentials
  • KS then sends the group VPN policy, GM Key Encryption Key (KEK), and Traffic Encryption Key (TEK)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the Key Encryption Key (KEK) used for?

A

KS uses it to encrypt re-key messages, GM uses it to decrypt rekey messages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In GET VPN what is the Traffic Encryption Key (TEK) used for?

A

The TEK becomes the IPSec SA used by GMs to encrypt and decrypt normal traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Group Domain of Interpretation (GDOI)?

A
  • Group key management protocol used between KS and GMs
  • Protected with ISAKMP phase 1
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How is Key Server redundancy accomplished?

A

Two or more Key Servers communicate with Cooperative Key Server Protocol authenticating each other and maintaining state.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When are 2 times that a KS sends rekeying messages

A
  • When the existing IPSec SA is about to expire
  • When the security policy is changed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What 2 methods can rekeying messages be sent in?

A
  • Unicast
  • Multicast
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the advantage of Unicast mode?

A
  • Upon receiving a new key the GM sends an acknowledgement back to the KS.
  • If KS doesn’t receive an ACK after 3 transmissions the GM is deleted from the group
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the advantage of Multicast mode?

A

It scales much better than unicast does.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What mode does Cisco recommend?

A

Multicast

17
Q

What are 2 advantages of Tunnel Mode with Address Preservation

A
  • Address Preservation allows the packets to take the best path
  • Allows the use of ECMP
18
Q

What is a disadvantage of Address Preservation?

A
  • It can’t be used on the Internet, only on private WANs and MPLS
  • Incompatible with NAT

CCNP Core (46 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions