| Author |
Tue 70-216 Question of the Day
|
|
| wbafrank 2002-08-06, 9:32 am |
|  And today's poser is ....
Q27. You want to set up an IPSec connection on two computers located on two different sides of the city via the corporate Intranet. Each computer is connected to a local Cisco 2501 router which in turn is connected to the ISP's router. Traffic travels across 3 routers on the ISP's network then to the corresponding router on the other side and finally to the other PC. These routers are all part of the corporate Intranet, though one of them routes traffic out to the Internet as well.
Most of your WAN infrastructure has been outsourced so you are only responsible for the LAN up to the 2501 routers. Which of the following do you need to do to set up an IPSec connection between these two locations?
A. Set up IPSec on each end node computer. Contact your ISP and have them configure the routers to allow TCP traffic to pass through on port 108.
B. Configure the end node computers with IPSec. The routers will not need configuration to pass this encrypted traffic across your WAN.
C. Set up IPSec on each end node computer. Contact your ISP and have them to configure the routers allow traffic to pass through on port 31337.
D. Set up IPSec on each end node computer. Contact your ISP and have them configure the routers to allow traffic to pass through on port 1138.
Good Luck .... see you tomorrow for the answer!! | |
| Pavlov 2002-08-06, 9:50 am |
| Going with B | |
| Deja-vue 2002-08-06, 10:13 am |
| B | |
|
| I'd go with "B" as well.  | |
| unreal 2002-08-06, 6:49 pm |
| It should be 'B'- don't think implementing IPSEC requires ports settings | |
| River19 2002-08-06, 8:15 pm |
| B for me as well
One of the great "features" of IPsec is that it is "invisible" to routers, making the only two computers who really need to know that IPsec is in use are the two end nodes. | |
| Tech Ranger 2002-08-06, 8:38 pm |
| "B". If you had to reconfigure routers, tunneling would be a dead concept. | |
| wbafrank 2002-08-07, 10:35 am |
| quote:
Originally posted by wbafrank
And today's poser is ....
Q27. You want to set up an IPSec connection on two computers located on two different sides of the city via the corporate Intranet. Each computer is connected to a local Cisco 2501 router which in turn is connected to the ISP's router. Traffic travels across 3 routers on the ISP's network then to the corresponding router on the other side and finally to the other PC. These routers are all part of the corporate Intranet, though one of them routes traffic out to the Internet as well. Most of your WAN infrastructure has been outsourced so you are only responsible for the LAN up to the 2501 routers. Which of the following do you need to do to set up an IPSec connection between these two locations?
A. Set up IPSec on each end node computer. Contact your ISP and have them configure the routers to allow TCP traffic to pass through on port 108.
B. Configure the end node computers with IPSec. The routers will not need configuration to pass this encrypted traffic across your WAN.
C. Set up IPSec on each end node computer. Contact your ISP and have them to configure the routers allow traffic to pass through on port 31337.
D. Set up IPSec on each end node computer. Contact your ISP and have them configure the routers to allow traffic to pass through on port 1138.
And the answer is ....
Correct Answer: B
It is important to understand that IPSec only needs to be activated on the clients. A tunnel is activated between the two endpoints using encrypted IP communication. Similar to encrypted e-mail, the e-mail is sent normally. The difference is merely that one end encrypts it and the other end decrypts it. IPSec can be configured in other way but ultimately things like routers and switches do not need to be IPSec aware. |
|
|
|