Term
| How many additional bytes of overhead are added to a packet when using GRE? |
|
Definition
| GRE adds an additional 24-byte header of overhead. This overhead contains a new 20-byte IP header, which indicates the source and destination IP addresses of the GRE tunnel. The remaining 4 bytes are the GRE header itself. |
|
|
Term
| What command defines the local tunnel interface (source interface)? |
|
Definition
|
|
Term
| What command configured the tunnel destination when configuring a GRE tunnel? |
|
Definition
| tunnel destination ip-address |
|
|
Term
| What command sets the encapsulation mode for the tunnel interface? |
|
Definition
| tunnel mode {gre | ipip | iptalk | mpls| ipsec} |
|
|
Term
| What command associates a tunnel interface with an IPsec profile? |
|
Definition
| tunnel protection ipsec profile profile-name |
|
|
Term
| Describe how dead peer detection (DPD) is used with an IPsec VPN setup. |
|
Definition
| DPD offers a stateless failover from on VPN tunnel to another. This means that the routers are not keeping track of which VPN tunnels are currently live. Instead, traffic flows through the primary tunnel until it fails, at which time a secondary tunnel is selected. |
|
|
Term
| What are the different modes that dead peer detection can run in? |
|
Definition
| DPD can run in either periodic mode or on-demand mode. |
|
|
Term
| Describe the general characteristics of Dead Peer Detection's (DPD) periodic mode. |
|
Definition
| DPD periodic mode sends keepalive messages periodically between IPsec VPN peers. These messages are in addition to the normal IPsec rekey messages. Also, the messages are not sent if user data is transmitted through the VPN tunnel, and are only used when there is a lull in tunnel traffic. |
|
|
Term
| Describe the general characteristics of Dead Peer Detection's (DPD) on-demand mode. |
|
Definition
| DPD on-demand is the defaul mode on Cisco IOS devices. The keepalive messages are sent only if the liveliness of the remote peer is in question. Like in periodic mode, messages are never sent during otherwise idle tunnel moments. |
|
|
Term
| What command determines the mode and frequency of Dead Peer Detection (DPD)? |
|
Definition
| crypto isakmp keepalive seconds [retries] [periodic | on-demand] |
|
|
Term
| What command set the peer for a VPN IPsec tunnel? |
|
Definition
| set peer ip-address [default] |
|
|
Term
| What are the 2 protocols used to maintain IPsec stateful failover? |
|
Definition
- HSRP - Monitors both the inside and outside interfaces. If either goes down, the entire router is deemed unworthy and ownership of the IKE and IPsec SA processes is passed to the standby router. - Stateful Switchover (SSO) - Shares the IKE and IPsec SA information between the active and backup routers. At any time, either router knows enough to be the active IPsec VPN router. |
|
|
Term
| What command configures redundancy and enters inter-device configuration mode? |
|
Definition
|
|
Term
| What command initiates the communication link between active and standby routers? |
|
Definition
|
|
Term
| Describe the basic configuration of Stream Control Transmission Protocol (SCTP) for device redundancy. |
|
Definition
| Within SCTP, the local and remote SCTP ports and the IP addresses are defined. The local port defined on this router must match the remote port on the peer router. Also, the local IP and remote IP addresses should point to physical interface IP addresses and not to a virtual IP address. |
|
|
Term
| What command defines the number of SCTP retries before an attempt to create an SCTP session fails? |
|
Definition
|
|
Term
| What command defines the maximum amount of time that SCTP waits before retransmitting data? |
|
Definition
| retransmit-timeout seconds |
|
|
Term
| What command defines the HSRP group that provides redundancy for a crypto map? |
|
Definition
| crypto map map-name redundancy group-name [stateful] |
|
|
Term
| What command is use to configure a preshared authentication key? |
|
Definition
| crypto isakmp key keystring {address address | host host} |
|
|
Term
| What command names the redundancy scheme used between 2 devices? |
|
Definition
| scheme standby group-name |
|
|
Term
| What command creates the association between 2 devices when using the interdevice communication protocol (ICP)? |
|
Definition
|
|
Term
| What command configures Stream Control Transmission Protocol (SCTP)? |
|
Definition
|
|
Term
| What command defines the local SCTP port number used to communicate with the redundant peer? |
|
Definition
|
|
Term
| What command defines a local IP to communicate with a redundant peer? |
|
Definition
|
|
Term
| What command defines the remote SCTP port number used to communicate with the redundant peer? |
|
Definition
|
|
Term
| What command defines the remote IP to communicate with the peer? |
|
Definition
|
|
