What is used to dynamically create a pair or multiple pairs of sources addresses?

What is used to dynamically create a pair or multiple pairs of sources addresses?

What is used to dynamically create a pair or multiple pairs of sources addresses?

A.
IKE

B.
ESP

C.
ISAKMP

D.
AH

Explanation:
content\166040\plo_content\ORG1114\COURSE166040\enus_011425\lsn_06\tpc_g\enus_011425_06g.xml:
A crypto map is a software configuration entity that selects data flows that need security processing and defines the policy for these flows and the crypto peer that traffic needs to go to. Crypto map entries group IPsec polices into a crypto map set. These crypto map sets are applied to interfaces, and all IP traffic passing through the interface is evaluated against the applied crypto map set.
Crypto maps are used to create SAs. Manual crypto maps are used to create two SAs: one outbound and one mirroring inbound SA. ISAKMP crypto maps are used to dynamically create a pair or multiple pairs of SAs. Each crypto map set is identified by a case-sensitive name. Each crypto map set is ordered according to the configured sequence.

content\166040\plo_content\ORG1114\COURSE166040\enus_011425\lsn_06\tpc_f\enus_011425_06f.xml:
IPsec uses four main protocols to create a security framework: Internet Key Exchange (IKE), which makes IPsec more scalable by simplifying the key management; Internet Security Association and Key Management Protocols (ISAKMP), which is the general framework for exchanging keys and is sometimes used as almost a synonym for IKE; Encapsulating Security Protocol (ESP), which is used to provide authentication, integrity checking, and confidentiality to IP packets; and Authentication Header (AH), which is used to provide authentication and integrity checking for IP packets.
You need to know a little bit about each of these, since various choices are available when you configure an IPsec VPN.



Leave a Reply 1

Your email address will not be published. Required fields are marked *


CiscoLover

CiscoLover

I don’t get it. Why is the question talking about creating pairs of source addresses?

I see how ISAKMP can match interesting traffic as defined by ACL match in crypto map. I can see how VPN can dynamically allocate IP from pool for RA VPN clients. But what source addresses are dynamically created?