Site to site vpn Flashcards

1
Q

What are the two main protocols of IPSec?

A
Authentication header (ah)
Encapsulation security payload (ESP)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Layer protocol is IPSec?

A

Layer 3 protocol suite to secure re data in transit via VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the Athenticating header (AH)/ what does it provide?

A

Provides integrity, authentication and anti-replay

- Does not provide confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what does Encapsulating Security Payload (ESP)provide?

Where can it work?

A

Provides CIA+A •Which is why ESP is most often used •Can work in Transport mode - host to host
-Can work in Tunnel mode - network to network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Internet Security Association and Key Management Protocol (ISAKMP)?

A

Internet Security Association and Key Management Protocol (ISAKMP)

  • Protocol for establishing Security Associations (SAs)
  • Defines process for peer authentication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Security Associations (SAs)?

A

Set of agreed upon parameters parameters between peers to ensure communication security
-Unidirectional - one each direction between peers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the two phases of Internet key exchange?

A
Phase 1 (IKEv1), IKE_SA (IKEv2) 
Phase 2 (IKEv1), CHILD_SA (IKEv2)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The Internet Key Exhchange builds _______ between _______

A
Security Associations (SAs)
peers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the two versions of IKE?

A

IKEv1 and IKEv2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Phase 1/IKE_SA does what?

A

Establishes secure channel between peers •Manages channel - key renewal, etc. - like a control plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Phase 2/CHILD_SA does?

A

Establishes second secure channel •Encrypts, decrypts and transports data - like a data plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the IOS PSK VPN Configuration Steps?(6)

A

configure ISAKMP phase 1 policy
•Configure ISAKMP pre-shared key to target VPN IP •Configure traffic to allow through VPN
•Create access list referencing source and destination networks •Configure IPSec transform set
•Configure crypto map •Apply crypto map to outbound interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

IKE Phase 2

A
  • Child connection established right after Phase 1
  • Negotiates connection type and encryption parameters •SA is formed and parameters stored in SA database
  • SPI field in IPSec header points to SA to reference to ensure proper keys use
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

IKE Phase 1

A
  • Negotiates connection parameters
  • Hash algorithm, encryption algorithm, Diffie-Hellman group, authentication method (shared key or RSA), connection lifetime •Diffie-Hellman exchange establishes shared symmetric key
  • Peers authenticate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is transport mode

A

Host to host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is tunneling mode

A

Transmitting data between network to network

17
Q

What does isakmp do?

A

Negotiation of the tunnel (ime phase 1 and 2)

Transmits data over the tunnel

18
Q

Duffie helman algorithm is used to

A

Establish a secret key between two vpn endpoints over insecure channel

19
Q

What is a hashing algorithm? And example?

A

It provides data integrity

Eg: MD5, SGA1

20
Q

Phase 1 of ike negotiates matching transform sets to protect ___________

A

IKE exchange

21
Q

Ike/ike2 provides a framework for ______ negotiation and ____ exchange

A

Policy negotiations and key exchange

22
Q

Esp provided an ecapsulation for ________ and ______ for user purposes

A

Encryption and authentication

23
Q

phase one of isakmp helps with ________

A

Management.

Negatiote a security association

24
Q

What is part of a policy set

A
Authenticatuon
dH 
Encryption
Hash
Key
25
Q

Phase 2. Goal is to create ________ ________

A

Security associations (protects user data)

26
Q

Ipsec SA is ______ directional

A

Uni directional

Out bound and inbound

27
Q

Iskamp sa is _________ directional

A

Bi directional