PrepAway - Latest Free Exam Questions & Answers

how many packets would you see for normal Phase 1 exchange?

If you were NOT using IKE aggressive mode for your IPsec tunnel, how many packets would you
see for normal Phase 1 exchange?

PrepAway - Latest Free Exam Questions & Answers

A.
9

B.
6

C.
3

D.
2

Explanation:

One Comment on “how many packets would you see for normal Phase 1 exchange?

  1. imran says:

    Phase I modes
    Between Security Gateways, there are two modes for IKE phase I. These modes only apply to IKEv1:
    • Main Mode
    • Aggressive Mode
    If aggressive mode is not selected, the Security Gateway defaults to main mode, performing the IKE negotiation using six packets; aggressive mode performs the IKE negotiation with three packets.
    Main mode is preferred because:
    • Main mode is partially encrypted, from the point at which the shared DH key is known to both peers.
    • Main mode is less susceptible to Denial of Service (DoS) attacks. In main mode, the DH computation is performed after authentication. In aggressive mode, the DH computation is performed parallel to authentication. A peer that is not yet authenticated can force processor intensive Diffie-Hellman computations on the other peer.
    Note – Use aggressive mode when a Check Point Security Gateway needs to negotiate with third party VPN solutions that do not support main mode




    0



    0

Leave a Reply