CCNA Security IINS exam (210-260) | 3.1 VPN concepts IKE, ESP, and AH

Get 30% off with PROMO CODE CCNADT

Follow me on Twitter:

Take the Quizlet:

My strategy to pass CCNA Security in 6 MONTHS:…

Hashing is a method used to verify data integrity

Message digest 5 (MD5), Secure Hash Algorithm 1 (SHA-1). Secure Hash Algorithm 2 (SHA-2).

Symmetric Encryption

Uses the same key to encrypt and decrypt: DES, 3DES, AES, IDEA, RC2, RC4, RC5, RC6 and Blowfish.

Asymmetric Encryption

Uses two different keys that mathematically work together as a pair: RSA, DH Diffie-Hellman key exchange protocol, ElGamal, DSAECC, and Elliptic Curve Cryptography.


is a framework that bring/combine protocols together to make a secured internet connection: Hashing, Authentication, Group (Key Exchange), Limited-Life Time, and Encryption.

Authentication Header (AH):

IPSec uses Authentication Header (AH) to provide Data Integrity, Authentication, and Anti-Replay functions for IPSec VPN. Authentication Header (AH) DOES NOT provide any Data Encryption (confidentiality). Authentication Header (AH) can be used to provide Data Integrity services to ensure that Data is not tampered during its journey.

Encapsulating Security Payload (ESP):

IPSec uses ESP (Encapsulating Security Payload) to provide Data Integrity, Encryption, Authentication, and Anti-Replay functions for IPSec VPN. Cisco IPSec implementations uses DES, 3DES and AES for Data Encryption. ESP authenticates the data within the VPN, ensuring Data Integrity and that it coming from the correct source.

Tunnel Mode:

IPSec Tunnel mode: In IPSec Tunnel mode, the original IP packet is encapsulated. In IPSec tunnel mode the original IP Datagram from is encapsulated with an AH (provides no confidentiality by encryption) or ESP (provides encryption) header and an additional IP header. The IP addresses of the newly added outer IP header are that of the VPN Gateway. This is done when connecting a remote connection.

IPSec Transport mode:

Only the Data Payload of the IP datagram is secured by IPSec. IP Header is the original IP Header and IPSec inserts its header between the IP header and the upper level headers. IPSec Transport mode can be used when encrypting traffic between two hosts or between a host and a VPN gateway.

The Internet Key Exchange (IKE):

is an IPsec standard protocol used to ensure security for virtual private network (VPN) negotiation and remote host or network access. IKE defines an automatic means of negotiation and authentication for IPsec security associations (SA). Security associations are security policies defined for communication between two or more entities; the relationship between the entities is represented by a key. The IKE protocol ensures security for SA communication without the preconfiguration that would otherwise be required.

Share the Post:

Related Posts

Help Us By Donating