What IPSec mode is used to encrypt traffic between client and server vpn endpoints?
A.
tunnel
B.
Trunk
C.
Aggregated
D.
Quick
E.
Transport
Explanation:
+ IPSec Transport mode is used for end-to-end communications, for example, for
communication between a client and a server or between a workstation and a gateway (if the
gateway is being treated as a host). A good example would be an encrypted Telnet or
Remote Desktop session from a workstation to a server.
+ IPsec supports two encryption modes: Transport mode and Tunnel mode. Transport mode
encrypts only the data portion (payload) of each packet and leaves the packet header
untouched. Transport mode is applicable to either gateway or host implementations, and
provides protection for upper layer protocols as well as selected IP header fields.
http://www.firewall.cx/networking-topics/protocols/870-ipsec-modes.html
http://www.cisco.com/c/en/us/td/docs/net_mgmt/vpn_solutions_center/2-
0/ip_security/provisioning/guide/ IPsecPG1.html
Generic Routing Encapsulation (GRE) is often deployed with IPsec for several reasons,
including the following:
+ IPsec Direct Encapsulation supports unicast IP only. If network layer protocols other than IP
are to be supported, an IP encapsulation method must be chosen so that those protocols can
be transported in IP packets.
+ IPmc is not supported with IPsec Direct Encapsulation. IPsec was created to be a security
protocol between two and only two devices, so a service such as multicast is problematic. An
IPsec peer encrypts a packet so that only one other IPsec peer can successfully perform the
de-encryption. IPmc is not compatible with this mode of operation.
https://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008
074f26a.pdf