Which type of VPN involves a nonsecure tunneling protocol being encapsulated by IPsec?

  • GRE over IPsec
  • dynamic multipoint VPN
  • IPsec virtual tunnel interface
  • SSL
Explanation & Hint:

The type of VPN that involves a nonsecure tunneling protocol being encapsulated by IPsec is GRE over IPsec.

GRE over IPsec:

  • GRE (Generic Routing Encapsulation) is a tunneling protocol that can encapsulate a wide variety of network layer protocols but does not provide encryption or confidentiality by itself.
  • By encapsulating GRE with IPsec, the data gets the necessary encryption and security features. IPsec secures the GRE tunnel with its encryption capabilities, thus combining the flexibility of GRE with the security of IPsec.
  • This setup is often used in site-to-site VPNs to securely pass traffic such as multicast or broadcast, which are not natively supported by IPsec.

The other options have different characteristics:

  • Dynamic Multipoint VPN (DMVPN): While DMVPN typically uses GRE combined with IPsec, the key feature of DMVPN is the dynamic establishment of VPN tunnels, rather than the specific encapsulation of a nonsecure tunneling protocol by IPsec.
  • IPsec Virtual Tunnel Interface: This is primarily focused on IPsec for creating secure VPN connections and does not inherently involve the encapsulation of a separate nonsecure tunneling protocol.
  • SSL VPN: This type of VPN uses SSL/TLS for security and does not involve encapsulating a nonsecure tunneling protocol with IPsec.

 

For more Questions and Answers:

CCNA 3 v7 – ENSA v7.02 – Modules 6 – 8: WAN Concepts Exam Answers Full 100%