What IPSec mode is used to encrypt traffic between a server and VPN endpoint?

Posted by: Pdfprep Category: 210-260 Tags: , ,

What IPSec mode is used to encrypt traffic between a server and VPN endpoint?
A . tunnel
B . Trunk
C . Aggregated
D . Quick
E . Transport

Answer: E

Explanation:

@Tullipp on securitytut.com commented: "the IPSEC Mode question did come up. It has been been very badly worded in the dumps and I knew It cant be right. The question that comes in the exam is "between client and server vpn endpoints". So the keyword here is vpn endpoints. Not the end points like its worded in the dumps.

So the answer is transport mode."

+ IPSec Transport mode is used for end-to-end communications, for example, for communication between a client and a server or between a workstation and a gateway (if the gateway is being treated as a host). A good example would be an encrypted Telnet or Remote Desktop session from a workstation to a server.

+ IPsec supports two encryption modes: Transport mode and Tunnel mode. Transport mode encrypts only the data portion (payload) of each packet and leaves the packet header untouched. Transport mode is applicable to either gateway or host implementations, and provides protection for upper layer protocols as well as selected IP header fields.

Source: http://www.firewall.cx/networking-topics/protocols/870-ipsec-modes.html http://www.cisco.com/c/en/us/td/docs/net_mgmt/vpn_solutions_center/2­0/ip_security/provisioning/guide/ IPsecPG1.html Generic Routing Encapsulation (GRE) is often deployed with IPsec for several reasons, including the following:

+ IPsec Direct Encapsulation supports unicast IP only. If network layer protocols other than IP are to be supported, an IP encapsulation method must be chosen so that those protocols can be transported in IP packets.

+ IPmc is not supported with IPsec Direct Encapsulation. IPsec was created to be a security protocol between two and only two devices, so a service such as multicast is problematic. An IPsec peer encrypts a packet so that only one other IPsec peer can successfully perform the de-encryption. IPmc is not compatible with this mode of operation.

Source: https://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ ccmigration_09186a008074f26a.pdf

Leave a Reply

Your email address will not be published.