PrepAway - Latest Free Exam Questions & Answers

Which protocol option should you choose?

You want to encrypt and transmit data between peer routers with high confidentiality. Which protocol option
should you choose?

PrepAway - Latest Free Exam Questions & Answers

A.
Authentication Header (AH) in tunnel mode

B.
Authentication Header (AH) in transport mode

C.
Encapsulating Security Payload (ESP) in tunnel mode

D.
Encapsulating Security Payload (ESP) in transport mode

Explanation:
You should choose Encapsulating Security Payload (ESP) in tunnel mode to encrypt and transmit data between
peer routers with high confidentiality. Two protocols can be used to build tunnels and protect data traveling
across the tunnel:
Authentication Header (AH) uses protocol 51.
ESP uses protocol 50.
AH is defined in Request for Comments (RFC) 1826 and 2402. AH does not perform data encryption and
therefore, information is passed as clear text. The purpose of AH is to provide data integrity and authentication,
and anti-reply service (optional). It ensures that a packet that crosses the tunnel is the same packet that left the
peer device and no changes have been made. It uses a keyed hash to accomplish this.
ESP is defined in RFC 2406. ESP can provide data integrity and authentication, but its primary purpose is to
encrypt data crossing the tunnel. There are two reasons why ESP is the preferred building block of IPSec
tunnels:
The authentication component of ESP does not include any Layer 3 information. Therefore, this component
can work in conjunction with a network using Network Address Translation (NAT).
On Cisco devices, ESP supports encryption using Advanced Encryption Standard (AES), Data Encryption
Standard (DES), or Triple DES (3DES).
Tunnel mode is used between Virtual Private Network (VPN) gateways such as routers, firewalls, and VPN
concentrators.
Transport mode is used between end-stations or between an end-station and a VPN gateway.
The options AH in tunnel mode and AH in transport mode are incorrect because AH does not provide
encryption.
The option ESP in transport mode is incorrect because transport mode is used between end-stations or
between an end-stations and a VPN gateway.
Objective:
WAN Technologies
Sub-Objective:
Describe WAN access connectivity options

Cisco > Articles > Network Technology > General Networking > IPSec Overview Part Two: Modes and
Transforms
Cisco > The Internet Protocol Journal > The Internet Protocol Journal – Volume 3, No. 1, March 2000 > IP
Security


Leave a Reply