Question 23
Which two functions are required for IPsec operation? (Choose two.)
A. using SHA for encryption
B. using PKI for pre-shared key authentication
C. using IKE to negotiate the SA
D. using AH protocols for encryption and authentication
E. using Diffie-Hellman to establish a shared-secret key
Answer: C,E
Explanation:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml
Configure ISAKMP IKE exists only to establish SAs for IPsec. Before it can do this, IKE must negotiate an SA(an ISAKMP SA) relationship with the peer. Since IKE negotiates its own policy, it is possible to configure multiple policy statements with different configuration statements, then let the two hosts come to an agreement. ISAKMP negotiates:
Oakley
This is a key exchange protocol that defines how to acquire authenticated keying material.The basic mechanism for Oakley is the Diffie-Hellman key exchange algorithm. You can find the standard in RFC 2412: The OAKLEY Key Determination Protocol leavingcisco.com.
No comments:
Post a Comment