Networking scenario based interview questions and answers

The following is a scenario based networking interview question based on VPN technology.

This question is sample from the Ebook 250 Network and security admin interview questions and answers. Click here to view details on Amazon

The questions are based on the below network topology.

networking scenario

Question 1

What should be configured to avoid internet packets to be not sent through the VPN tunnel.

The routers at each site should be configured with a default route, which should send packets through the interface which is connected to the internet.


Question 2

Will the packets which are sent to the internet encrypted by the VPN routers

Encryption is applied only to packets which are sent over the VPN tunnel. Internet bound packets are not encrypted.

Question 3

What would be the destination IP address in the IP header when a packet is initiated from 192.168.1.2 to 192.168.2.3 when it reaches S1 (R2)

When 192.168.1.2 initiates a packet to 192.168.2.3, it is send to R1. This would have the source IP address in the IP header as 192.168.1.2 and destination IP address as 192.168.2.3. When the packet reaches R1, an additional header is added which would have the source IP address as S0 (R1) and destination IP address as S1 (R2). When the packet reaches R2, it would have the destination IP address as that of S1 (R2).

This question is sample from the Ebook 250 Network and security admin interview questions and answers. Click here to view details on Amazon

Question 4

What would be the destination IP address in the IP header when a packet is initiated from 192.168.1.2 to 192.168.2.3 when it reaches 192.168.2.3

When 192.168.1.2 initiates a packet to 192.168.2.3, it is send to R1. This would have the source IP address in the IP header as 192.168.1.2 and destination IP address as 192.168.2.3. When the packet reaches R1, an additional header is added which would have the source IP address as S0 (R1) and destination IP address as S1 (R2).

When the packet reaches R2, the outer header is discarded and the inner header which is the actual header would contain the source IP address as 192.168.1.2 and destination as the actual destination IP address which is 192.168.2.3. So when the packet reaches 192.168.2.3, it would have its IP address as the destination IP address.

Question 5

Should the public IP address which is configured on R1 (S0) and R2 (S1) be on the same network

This is not required. The VPN routers would be at different locations, where the public IP address provided by the respective ISP‟s would be on different networks.

Question 6

If a packet sniffer is used on the VPN tunnel can the inner IP header be viewed

The inner IP header is appended with the outer IP header which has the source IP address as R1 (S0) and R2 (S1). The inner IP header and its contents would be encrypted and cannot be viewed. (Provided IPSEC encryption protocol ESP is used. AH does not encrypt data)

Question 7

Are the pre-shared keys used between the routers used for data encryption between systems at the different sites.

No. The keys are derived dynamically as part of IPSEC phase 1 and phase 2 tunnel creation.
——————————————————————————————————————-
Check out our Interview Questions Ebook – Click Here .

The books contains indepth questions with detailed answers around Networking and Security Concepts. Some of the topics which are included in the Ebooks are network troubleshooting, Firewall, NAT, VPN, Wireless networking, TCP/IP, Routing and switching etc.

Click here to buy the Ebooks from Amazon