Chapter 20
1: | Name two issues arising from conventional IPSec configuration. |
A1: | Answer: IPSec does not allow routing protocol updates to be routed through the IPSec tunnel, because IPSec doesn't encrypt IP multicast/broadcast packets.
Each time a new network needs to be added to the list of IPSec participants, a new access list must be defined for user traffic encryption. The hub router's configuration can become enormous. Changing public IP hosts' addresses because of DHCP utilization by a service provider Occasional requirement for a full-mesh configuration |
2: | What mechanism is used to accomplish DMVPN? |
A2: | Answer: mGRE/NHRP |
3: | How can you implement dynamic routing protocols over IPSec protected links? |
A3: | Answer: By using GRE tunnel interfaces ... |
Get CCIE Practical Studies: Security (CCIE Self-Study) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.