AWS IPSEC

Question 1

In IPSEC what is an SA used for?

Answer 1

The SA holds the one-way relationship between sender and receiver defined by the SA parameters.

• One SA for inbound traffic
• One SA for outbound traffic

Question 2

What is IKE?

Answer 2

IKE is an internet key exchange and is used to set up the security associations. There are two IKE version IKEv1 and IKEv2. An example of IKE is strong strongswan on linux.

Question 3

What ports does IKEv2 use?

Answer 3

UDP Port Number=500 (controle path)
UDP Port Number=4500 (controle path)
IP Protocol Type=ESP (value 50 and 51) (data path)

Question 4

In IPSec what are the two IP headers used

?

Answer 4

AH and ESP

Question 5

This is the AH header in IPSec?

Answer 5

It is the auth header, in the IP layer, it is the packets sent over the wire. AH only authenticates the IP packet.

Question 6

This is the ESP header in IPSec?

Answer 6

It is the IP packets and is encrypted, authenticated and its integrity is checked.

Question 7

In IPSec is there a data plane and a control plane?

Answer 7

Yes data travels over the data plane, this when we send the ESP packets, the control plane uses

Question 8

How can you monitor the V PN tunnels?

Answer 8

CloudWatch enables you to monitor the tunnel health and activity.

Question 9

Whet the AWS VPN, must the client or AWS send data to establish the tunnel?

Answer 9

The client, AWS will never send data.