Tag - Vpn

VPN (Virtual private network) Connectivity

VPN technology allows businesses to use their existing Internet connections to connect to other offices (site-to-site VPNs) or allow telecommuting or mobile users to connect into the office network from their PCs (remote-access VPN).

VPN Connectivity

VPNs provide a variety of benefits over private-line connections:

  • Cost savings over private-line connections
  • Remote-access connections for telecommuting or mobile users
  • Scalability

At the same time, VPNs have some major drawbacks:

  • Higher overhead
  • Varying service levels
  • Additional security considerations

VPN connections come in two major genres: site-to-site and remote-access VPNs.

Site-to-site VPNs are the direct replacement for private-line WAN connections. They allow offices to maintain permanent or semipermanent connections between each other through the Internet.

Remote-access VPNs typically are used to allow telecommuting or mobile workers to connectto the corporate network from home or hotel-like locations. These remote-access VPNs comein a couple of styles: client-based (requires the installation of a VPN client) and clientless (also known as SSL or WebVPN; users connect through a secure web page).

The key protocol that drives VPN connections is IPsec. This is actually a suite of protocols that provide standards for encryption, authentication, and data integrity.

Three primary encryption standards are used with IPsec:

  • Data Encryption Standard (DES) algorithm was originally developed by IBM to support a 56-bit key.
  • Triple DES (3DES) algorithm uses three different DES keys to encrypt data, thus tripling the strength of DES.
  • Advanced Encryption Standard (AES) currently offers 128-, 192-, and 256-bit encryption.

Currently, two data-integrity standards are used with IPsec:

  • Message Digest 5 (MD5) uses a 128-bit hashing algorithm.
  • Secure Hash Algorithm 1 (SHA-1)uses a 160-bit hashing algorithm.

IPSEC related questions and their answers

* Question

Which IPSec rule is used for the Olympia branch and what does it define? (Choose two)

A – 102
B – 116
C – 127
D – IP traffic sourced from destined to will use the VPN.
E – IP traffic sourced from destined to will use the VPN.
F – IP traffic sourced from destined to will use the VPN.


Answer: B E


From the output above, we learn that the IPSec Rule is 116. Next click on “IPSec Rules” and select the Name/Number of 116 to view the rule applied to it. You will see a “permit” rule for traffic from to (notice that the picture shown the wildcard masks, which are inverse subnet masks)



Which defined peer IP address an local subnet belong to Crvce? (Choose two)

A – peer address
B – peer address
C – peer address
D – subnet
E – subnet
F – subnet


Answer: A D

* Question 

Which algorithm as defined by the transform set is used for providing data confidentiality when connected to Tyre?


*Answer: D


In the site-to-site VPN branch we see something like this  but in the Tranform Set sub-branch, we see

so the answer should be ESP-3DES-SHA2 or ESP-3DES?

To answer this question, we should review the concept:

“Data confidentiality is the use of encryption to scramble data as it travels across an insecure media”. Data confidentiality therefore means encryption.

“The transform set is a group of attributes that are exchanged together, which eliminates the need to coordinate and negotiate individual paramvcers”. In the picture above, we can see 3 parts of the transform-set ESP-3DES-SHA2:

IPsec protocol: ESP
IPsec encryption type: 3DES
IPsec authentication: SHA2

The question wants to ask which algorithm is used for providing data confidentiality (encryption), therefore the answer should be D – ESP-3DES.


Which peer authentication method and which IPSEC mode is used to connect to the branch locations? (Choose two)

A – Digital Certificate
B – Pre-Shared Key
C – Transport Mode
D – Tunnel Mode
E – GRE/IPSEC Transport Mode
F – GRE/IPSEC Tunnel Mode


Answer: B D

Copyright ©2010 - 2022 Ciscoforall.com | Privacy Policy | Terms & Conditions