Which two statements about SSL-based VPNs are true? (Choose two.)
A.
Asymmetric algorithms are used for authentication and key exchange.
B.
SSL VPNs and IPsec VPNs cannot be configured concurrently on the same router.
C.
The application programming interface can be used to modify extensively the SSL client software
for use in special applications.
D.
The authentication process uses hashing technologies.
E.
Both client and clientless SSL VPNs require special-purpose client software to be installed on the
client machine.
Explanation:
http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/25/
software/user/guide/IKE.html
Add or Edit IKE Policy
Priority
An integer value that specifies the priority of this policy relative to the other configured IKE policies.
Assign the lowest numbers to the IKE policies that you prefer that the router use. The router will
offer those policies first during negotiations.
Encryption
The type of encryption that should be used to communicate this IKE policy. Cisco SDM supports a
variety of encryption types, listed in order of security. The more secure an encryption type, the more
processing time it requires.
Note If your router does not support an encryption type, the type will not appear in the list.
Cisco SDM supports the following types of encryption:
•Data Encryption Standard (DES)—This form of encryption supports 56-bit encryption.
•Triple Data Encryption Standard (3DES)—This is a stronger form of encryption than DES, supporting
168-bit encryption.
•AES-128—Advanced Encryption Standard (AES) encryption with a 128-bit key. AES provides greater
security than DES and is computationally more efficient than triple DES.
•AES-192—Advanced Encryption Standard (AES) encryption with a 192-bit key.
•AES-256—Advanced Encryption Standard (AES) encryption with a 256-bit key.
Hash
The authentication algorithm to be used for the negotiation. There are two options:
•Secure Hash Algorithm (SHA)
•Message Digest 5 (MD5)
Authentication
The authentication method to be used.
•Pre-SHARE. Authentication will be performed using pre-shared keys.
•RSA_SIG. Authentication will be performed using digital signatures.
D-H Group
Diffie-Hellman (D-H) Group. Diffie-Hellman is a public-key cryptography protocol that allows two
routers to establish a shared secret over an unsecure communications channel. The options are as
follows:
•group1—768-bit D-H Group. D-H Group 1.
•group2—1024-bit D-H Group. D-H Group 2. This group provides more security than group 1, but
requires
more processing time.
•group5—1536-bit D-H Group. D-H Group 5. This group provides more security than group 2, but
requires more processing time.
Note•If your router does not support group5, it will not appear in the list.•Easy VPN servers do not support D-H Group 1.
Lifetime This is the lifetime of the security association, in hours, minutes and seconds. The default is
one day, or 24:00:00.