Which statement is true regarding IPsec VPNs?
A.
There are five phases of IKE negotiation.
B.
There are two phases of IKE negotiation.
C.
IPsec VPN tunnels are not supported on SRX Series devices.
D.
IPsec VPNs require a tunnel PIC in SRX Series devices.
What about there are two phases of IKE negotiation:
The basic purpose of IKE phase 1 is to authenticate the IPSec peers and to set up a secure channel between the peers to enable IKE exchanges.
The purpose of IKE phase 2 is to negotiate IPSec SAs to set up the IPSec tunnel
Hi jo,
i have same answer like you.
it should be -> B. There are two phases of IKE negotiation.
ike phase 1 have main mode and aggrive mode ; six packet and three packet switch~but,ipsec tunnl in SRX is not support,Screent is support.
SRX is support st0.0 interface!
ANs: B
IKE tunnel establishment happens in two phases:
• Phase 1 establishes a secured channel between gateways for Phase 2 negotiations to occur. The
Diffie-Hellman key exchange algorithm establishes a shared key for encryption.
• Phase 2 establishes the specific VPN connections. SAs are negotiated on behalf of IPsec to determine
the encryption and authentication algorithms to use when sending user data. The SA is identified by a
unique SPI that is also negotiated during Phase 2.
JNCIS-SEC Guide Ch. 7-8
AH!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
AH!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
AH!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!AH!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!AH!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
AH!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
HOW THE HELL CAN A SECURITY DEVICE NOT SUPPORT AN ENCRYPTED TUNNEL?!?!?!
FOLKS! They wouldn’t sell a single one of these if it didn’t support VPN
The CORRECT answer is B!!!!!!!!
Looking at it in the book, Chapter 8
B is the the correct answer
IKE has two phases
I choose