IPsec consists of what elements?

Cryptographic algorithms, security protocols, security associations, IPsec databases, and SA and key management techniques.

What services does IPsec provide to IP?

IPsec provides access control, connectionless integrity, data origin authentication, replay protection, data confidentiality, and limited traffic flow confidentiality.

What are the main characteristics of symmetric encryption algorithms?

The same key is required for encryption and decryption; the ciphertext is compact; symmetric encryption algorithms are fast and can be used for bulk encryption.

What are the two types of symmetric encryption algorithms?

Block ciphers and stream ciphers.

What are the characteristics of public key algorithms?

They are much slower than symmetric algorithms and are not suitable for bulk encryption; ciphertext produced by public key algorithms is not compact; public key algorithms do not have the same key distribution and management problems as symmetric algorithms; public key algorithms can be used for encryption, for digital signatures, and for symmetric key exchange.

What security services do AH and ESP provide?

AH provides connectionless integrity, data origin authentication, and optional replay protection. ESP provides connectionless integrity, data origin authentication, optional replay protection, data confidentiality, and limited traffic flow confidentiality.

What is an IPsec SA?

An IPsec SA defines how traffic for a particular traffic flow is protected by IPsec.

What is the function of IKE?

IKE allows IPsec peers to authenticate each other, generate keying material, and negotiate IPsec SAs.

What are some common considerations when selecting parameters for IPsec transform sets?

The type of user traffic to be protected; the specific type of protection; the length of time that user traffic must stay confidential; the volume of traffic that is to be encrypted; the type of VPN gateway hardware platforms; whether hardware crypto accelerators will be used; the version of Cisco IOS Software that IPsec VPN gateways will be running.