CCNAS - IPSec and Tunnels Flashcards Preview

CSec > CCNAS - IPSec and Tunnels > Flashcards

Flashcards in CCNAS - IPSec and Tunnels Deck (15)
Loading flashcards...
1
Q

Phase 1

A
  1. negotiate IKE policy sets
  2. DH Key exchange
  3. verify peer identity
2
Q

Phase 2

A

Used to negotiate IPSec security parameters that will be used to secure the tunnel

3
Q

IKE

A

protocol that uses UDP 500, exchanges keys

4
Q

ISAKMP

A

combined protocols to build secure IPSec connections.

same as IKE

5
Q

Diffie-Hellman

A

used to initiate a key exchange, public key exchange

6
Q

transform sets

A

set of rules that must be similar across devices - Used in Phase 2

7
Q

IKE Phase 1

A
  1. IKE Policy sets exchanged
  2. DH key exchange establishes a a shared secret key
  3. Devices authenticate each other using PSK or RSA
8
Q

SA (Security Associations)

A

Negotiated parameters between two devices

9
Q

IKE Phase 2

A

Negotiates IPSec security parameters (transform sets)

10
Q

IPSec VPN Negotiation

A
  1. Determine interesting traffic using crypto acls
  2. IKE Phase 1 begins (ISAKMP creates secure tunnel)
  3. IKE Phase 2 begins (IPSec SA transforms are negotiated - this is how the tunnel will be established)
  4. IPSec tunnel created and data securely transfered
  5. IPSec tunnel terminates when SAs are deleted or expired.
11
Q

Symmetric

A

same key decrypts and encrypts

12
Q

Asymmetric

A

One Encrypts, another decrypts

13
Q

Asymmetic: Public Key & Private Key

A

The public key is given to everyone, not the private one

14
Q

Two different types of keys

A

Symmetric and Asymmetric

15
Q

Phase 1 - Aggressive Mode

A

Faster than traditional exchange, cuts between steps 2 & 3