Last Updated on August 3, 2021 by Admin 3
You create a static pointtopoint VTI tunnel on RouterA. Afterward, you issue the show runningconfig command and receive the following output:
Which of the following is the authentication transform that will be used by the static VTI tunnel? (Select the best answer.)
- ESP with 128bit AES
- ESP with 256bit AES
- ESP with 56bit DES
- ESP with 168bit 3DES
- ESP with MD5
- ESP with SHA
- AH with MD5
- AH with SHA
The static virtual tunnel interface (VTI) tunnel will use Encapsulating Security Payload (ESP) with Secure Hash Algorithm (SHA) as the authentication transform, as indicated by the crypto ipsec transformset command. The syntax of the crypto ipsec transformset command is crypto ipsec transformset transformname transform1 [transform2] [transform3] [transform4]. Up to four transforms can be specified in an IP Security (IPSec) transform set: one ESP authentication transform, one authentication header (AH) transform, one ESP encryption transform, and one IP compression transform.
ESP can use the Message Digest 5 (MD5) and SHA algorithms for authentication. The following keywords can be used to specify the ESP authentication transform:
– espmd5hmac
– espshahmac
AH can also use the MD5 and SHA algorithms for authentication. The following keywords can be used to specify the AH transform:
– ahmd5hmac
– uses AH with MD5
– ahshahmac
– uses AH with SHA
ESP can use the following encryption methods:
-128bit, 192bit, and 256bit Advanced Encryption Standard (AES)
– 56bit Data Encryption Standard (DES)
– 168bit Triple DES (3DES)
-160bit Softwareoptimized Encryption ALgorithm (SEAL)
-Null encryption
The following keywords can be used to specify the ESP encryption transform:
– espies
– espaes 192
– espaes 256
– espdes
– esp3des
– espseal
– espnull
The LempelZivStac (LZS) algorithm is the only IP compression method that can be used in an IPSec transform set. To configure a transform set to use LZS IP compression, you should use the complzs keyword.