Module 19: Implement Site-to-Site IPsec VPNs Flashcards
How many steps for IPsec to establish a VPN?
5 Steps
What is step 1 to establish the VPN?
Step 1 begins when interesting traffic is sent from host A to host B
What is step 2 to establish the VPN?
IKE Phase 1 begins negotiate the ISAKMP Security associations policy
What is step 3 to establish the VPN?
IKE Phase 2 begins,
What is step 4 to establish the VPN?
the IPsec tunnel is created - data is transferred between the IPsec peers
what is step 5 to establish the VPN?
the IPsec tunnel terminates when the SA’s are deleted.
is GRE Unicast or Multicast Traffic
Multicast Traffic
How many default ISAKMP policies are there?
7 default policies
What is the most secure ISAKMP policy?
policy 65507
What is the least secure ISAKMP policy?
policy 65514
How to configure a new ISAKMP policy
remember the nemonic HAGLE for the 5 Security Associations
What does HAGLE stand for?
Hash Authentication Group Lifetime Encryption
How do you define interesting traffic?
When the traffic matches the ACL’s on both routers
What is a transform set in a VPN
set of encryption and hashing - that will be used to transform the data through the IPsec tunnel
What is a crypto map?
Crypto maps pull together the various parts configured for IPsec - such as
Where the traffic should go
What traffic should be protected by IPsec