MTU and Fragmentation Considerations in an IPsec VPN
Review Questions
| 1 |
Assuming that you are using IKE preshared key authentication, and that a unique preshared key is used between each pair of gateways, how many unique preshared keys are required for an IPsec VPN consisting of 10 gateways? How many (end-entity) certificates are required if IKE RSA digital signature authentication is used instead? |
| 2 |
What are two common ways to reduce the amount of configuration on gateways in an IPsec VPN? |
| 3 |
What protocol does DMVPN rely on to provide direct spoke site-to-spoke site connectivity? |
| 4 |
What type of certificate is used for RSA digital signature authentication with IPsec? |
| 5 |
What are two methods that a Cisco IOS router can use to check the revocation status of a certificate? |
| 6 |
What are the three main ways to configure high availability in an (IOS) IPsec VPN? |
| 7 |
Why is fragmentation of IPsec packets undesirable? |
| 8 |
What ToS/DS value does an IPsec VPN gateway include in the outer header of an IPsec packet by default? |
| 9 |
Why might packets associated with the same IPsec SA be dropped if they are subject to different QoS treatment in an intervening network between IPsec VPN gateways? |
| 10 |
What are some common ways to prevent fragmentation of IPsec packets? |