CCSP SECUR Exam Cram 2 (642-501)

It should be evident which protocols Easy VPN does not support through your knowledge of IPSec and by reading Chapter 8, "Understanding IPSec VPNs on Cisco Routers." If you have read the previous section and do not know the other IPSec protocols, you really need to re-read IPSec Chapter 8.

Authentication Types

An additional authentication method is Digital Signature Standard (DSS).

Easy VPN server does not support DSS.

D-H Groups

The D-H group identifiers are 1, 2, 5, and 7.

Easy VPN Server does not support D-H group 1.

IPSec Protocols

The two main IPSec protocols are AH and ESP.

Easy VPN server does not support AH.

IPSec Modes

Transport mode and tunnel mode provide different levels of traffic security. Tunnel mode provides some additional benefits.

Easy VPN Server does not support transport mode.

Perfect Forward Secrecy

The shared secret key used with symmetrical security algorithm is established during IKE negotiations using the D-H protocol. Through the use of Perfect Forward Secrecy (PFS), the shared secret key can be renegotiated in the IPSec tunnel.

Easy VPN Server does not support PFS.

Manual Keys

The three methods you use to authenticate an IPSec peer are preshared keys, RSA signatures, and RSA encrypted nonces. Manual keys are established when you decide to use RSA encrypted nonces for authentication.

Easy VPN Server does not support manual keys (RSA encrypted nonces).

Related

Категории