Which two statements are true about IPsec traffic?

Which two statements are true about IPsec traffic? (Choose two.)

Which two statements are true about IPsec traffic? (Choose two.)

A.
IPsec traffic can be forwarded when no IKE SA is present.

B.
IPsec traffic can be forwarded when no IPsec SA is present.

C.
For traffic that has to be encrypted, the security policy must be crafted based on the IP addresses in the inner IP header of the final ESP packet.

D.
For traffic that has to be encrypted, the security policy must be crafted based on the IP addresses in the outer IP header of the final ESP packet.



Leave a Reply 6

Your email address will not be published. Required fields are marked *


Mostafa

Mostafa

Anybody Knows why “B” is not correct?

w3pgrrrrr

w3pgrrrrr

Mostafa
the only purpose an IKE security association serves is to bring up the IPSEC security association. In other words, it is the IPSEC SA that is sending and receiving encrypted packets

Mostafa

Mostafa

tnx a milion “w3pgrrrrr”

Stradale

Stradale

The IPSec SA stays connected even if the underlying IKE SA is not available anymore.

networkmanagers

networkmanagers

I have the same idea. AC