CCSP SECUR Exam Cram 2 (642-501)

Easy VPN is being rolled out in stages, and at this time, it supports some specific protocols and functions but not others. The following section details the protocols and functions that are supported.

Authentication Algorithms

Authentication ensures that you know whom you are communicating with.

Authentication Methods

When not using Easy VPN, you have the ability to authenticate IPSec peers in one of three ways: preshared keys; Rivest, Shamir, and Adleman (RSA) signatures; and RSA encrypted nonces .

Diffie-Hellman Groups

The Diffie-Hellman (D-H) algorithm provides the ability to establish a shared secret key over an insecure communication channel. There are a number of D-H groups that are identified by number.

IKE Encryption Algorithms

Encryption provides the ability to turn cleartext data into ciphertext , thus rendering the data unreadable until decrypted by authorized devices or users.

IPSec Encryption Algorithms

IPSec supports an additional encryption algorithm, NULL. However, even though Cisco refers to NULL as an encryption algorithm, it provides no confidentiality whatsoever.

IPSec Protocols

IPSec has two main protocols, Authentication Header (AH) and Encapsulating Security Payload (ESP). In addition, IPSec also supports the Stacker compression based on the Lempel-Ziv algorithm.

IPSec Modes

The two tunnel types with IPSec are transport mode and tunnel mode.