IPSEC INTERVIEW QUESTIONS

Which UDP ports should be open on a firewall to allow traffic from a L2TP/IPSEC based VPN clients to a PPTP VPN server on the inside

UDP port 500 for IKE traffic, UDP port 1701 for L2TP communication between client and server and UDP port 4500 for NAT-T communication.

In which IPSEC Phase is the keys used for data encryption derived.

The keys are derived in IPSEC phase 2. The derived keys are used by IPSEC protocol ESP for encrypting the data.

How the IPSEC do protocols, ESP and AH provides replay protection.

ESP and AH include the sequence number fields in the respective headers. The values are used by the IPSEC peers to track duplicate packets. If a packet with an already received sequence number arrives, it would be rejected, thus providing replay protection.

A user connects to the internet using DSL broadband from his laptop. After browsing certain pages, the user connects to the corporate network using the ipsec vpn client installed on the laptop. After connection is successful, the user is unable to browse internet. But on disconnecting the vpn client, the internet resumes. What could be the cause?

a) ipsec does not support http ( browsing )
b) proxy is not enabled for the browser after ipsec client is connected
c) default route is modified on the local PC
d) This is the expected behavior, and cannot be resolved

Click here to buy the 250+ Network Engineer Interview questions and answers Ebook from Amazon for the answer

Two remote sites S1 and S2 are connected using IPSEC tunnel mode configured on routers R1 and R2 respectively. S1 is located in India and S2 is located in Thailand. What type of route entry should be used by R1 to route the tunneled packets over the internet to R2.

a) Tunneling technology is point to point and does not require a routing protocol
b) R1 should use a default static route to route all packets directly to R2 ip route 0.0.0.0 0.0.0.0 R2
c) Any type of route entry as per the network design would work perfect
d) BGP should be used on both the routers

Click here to buy the 250+ Network Engineer Interview questions and answers Ebook from Amazon for the answer

What is the use of configuring ACL in IPSEC configuration on a Cisco router.

Click here to buy the 250+ Network Engineer Interview questions and answers Ebook from Amazon for the answer

Which type of VPN would you use if data has to be encrypted at the network layer

IPSEC VPN encrypts data at the network layer whereas SSL encrypts data at the application layer.

Click here to check out our 250 Network and Security administrator interview questions and answers Ebook on Amazon
—————————————————————————————————————–