IPSec VPN Flashcards
What are the suite of protocols used in IPSec?
Internet Key Exchange
Authentication Header
Encapsulating Security Payload
Does Foritnet use AH for IPSec?
No, because it doesn’t encrypt
What port and protocol number does IKE no NAT use (IPSec)
protocol number 17
UDP 500
What port and protocol number does IKE NAT-T use (IPSec)
Protocol 17 port 4500
What port and protocol number does ESP use (no-NAT)
Protocol 50 UDP port 4500
What port and protocol number does ESP use (NAT-T
IP protocol 17 UDP 4500
What are the two modes of IPSec?
Transport mode
Tunnel model - extra IP header
In IPsec transport mode, is the original IP header Encrypted?
No
In IPSec Tunnel mode is the original IP header Encrypted?
Yes
How many IKE phases are there?
Two
What happens during IKE Phase 1
A IKE Security Association is created to help negotiate the IKE IP Sec SA
What happens During IKE Phase 2?
A IPSec SA is created which creates the channel for encrypting and decrypting data.
For IPSec remote users, how is FTG configured?
As a dial up server
What does AD-VPN stand for?
Auto-Discovery VPN
How can peers authenticate each other in IKE Phase 1
PSK or Digital Signature
XAuth
How does the IKE Phase two use DH keys from phase one?
It uses the public key and a nonce to generate a common private key
How do you get FTG to act as a IKE mode config client
Enable mode config
set remote gateway to Static IP or Dynamic DNS
How do you get FTG to act as a IKE mode config server
Enable mode config
set remote gateway to Dialup user
What are the three types of options for configuring a remote gateway IPSec VPN?
Dial up user
Static IP
Dynamic User
When do you use the Dial up user remote gateway?
When the remote client or gateway IP Address is not known, Can be for VPN Client or remote gateway
When do you use Static IP or Dynamic DNS for IPSec Remote Gateway
When you know the IP address of the remote peer.