— Exhibit –-
user@host> show security ipsec security-associations
Total active tunnels: 1
ID Algorithm SPI Life:sec/kb Mon vsys Port Gateway
<131073 ESP:3des/sha1 ac23df79 2532/ unlim – root 4500 1.1.1.1
>131073 ESP:3des/sha1 cbc9281a 2532/ unlim – root 4500 1.1.1.1
user@host> show security ipsec security-associations detail
Virtual-system: root
Local Gateway: 1.0.0.1, Remote Gateway: 1.1.1.1
Local Identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0)
Remote Identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0)
Version: IKEv1
DF-bit: clear
Direction: inbound, SPI: ac23df79, AUX-SPI: 0
, VPN Monitoring: -Hard lifetime. Expires in 3186 seconds
Lifesize Remaining: Unlimited
Soft lifetime. Expires in 2578 seconds
Mode. Tunnel, Type. dynamic, State. installed
Protocol: ESP, Authentication: hmac-sha1-96, Encryption: 3des-cbc
Anti-replay service. counter-based enabled, Replay window size. 64
Direction: outbound, SPI: cbc9281a, AUX-SPI: 0
, VPN Monitoring: -Hard lifetime. Expires in 3186 seconds
Lifesize Remaining: Unlimited
Soft lifetime. Expires in 2578 seconds
Mode. Tunnel, Type. dynamic, State. installed
Protocol: ESP, Authentication: hmac-sha1-96, Encryption: 3des-cbc
Anti-replay service. counter-based enabled, Replay window size. 64
— Exhibit –-
Refer to the Exhibit.
The exhibit shows output from two show commands.
What are two conclusions about the VPN tunnel from the output? (Choose two.)
A.
VPN monitoring is enabled.
B.
There is a device performing NAT between the two VPN endpoints.
C.
3DES is the encryption protocol.
D.
Traffic with the DF-bit set that exceeds the MTU will be dropped.
3DES encryption protocol !!!!!!??????
I know that 3DES, DES or AEs are algorithms to encypt data but not a protocols.
0
0
http://www.ciscopress.com/articles/article.asp?p=25470&seqNum=4
Triple DES Algorithm (3DES)
Triple DES (or 3DES) is also a supported encryption protocol for use in IPSec on Cisco products. The 3DES algorithm is a variant of the 56-bit DES. 3DES operates similarly to DES in that data is broken into 64-bit blocks. 3DES then processes each block three times, each time with an independent 56-bit key. 3DES effectively doubles encryption strength over 56-bit DES.
….If this is true 3DES is encryption protocol….Σ ゜ロ゜≡( ノ)ノ
0
0
http://www.networksorcery.com/enp/rfc/rfc2420.txt
The PPP Triple-DES Encryption Protocol (3DESE)
0
0
What about VPN MONITORING option A. ?
0
0