PrepAway - Latest Free Exam Questions & Answers

Which two functions are required for IPsec operation?

Which two functions are required for IPsec operation? (Choose two.)

PrepAway - Latest Free Exam Questions & Answers

A.
using SHA for encryption

B.
using PKI for pre-shared key authentication

C.
using IKE to negotiate the SA

D.
using AH protocols for encryption and authentication

E.
using Diffie-Hellman to establish a shared-secret key

Explanation:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml
Configure ISAKMP
IKE exists only to establish SAs for IPsec. Before it can do this, IKE must negotiate an SA (an
ISAKMP SA) relationship with the peer. Since IKE negotiates its own policy, it is possible to
configure multiple policy statements with different configuration statements, then let the two hosts
come to an agreement. ISAKMP negotiates:
Oakley
This is a key exchange protocol that defines how to acquire authenticated keying material. The
basic mechanism for Oakley is the Diffie-Hellman key exchange algorithm. You can find the
standard in RFC 2412: The OAKLEY Key Determination Protocol leavingcisco.com.


Leave a Reply